Submitted URL: https://t5.mid.accor-mail.com/r/?id=h1d7198f0%2C8a002299%2C89e2c3d2&p1=all-2112-lc-b-me-gb-00-1&p2=all-2112-lc-b-me-gb-00-1&p3...
Effective URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_sourc...
Submission: On December 03 via manual from AE — Scanned from DE

Summary

This website contacted 16 IPs in 6 countries across 15 domains to perform 175 HTTP transactions. The main IP is 151.101.2.132, located in United States and belongs to FASTLY, US. The main domain is all.accor.com.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on November 17th 2021. Valid for: a year.
This is the only time all.accor.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
94 all.accor.com 1 redirects all.accor.com
radar.cedexis.com
28 cdn.cookielaw.org all.accor.com
cdn.cookielaw.org
25 www.facebook.com connect.facebook.net
all.accor.com
www.facebook.com
6 radar.cedexis.com 2 redirects radar.cedexis.com
6 apis.google.com all.accor.com
apis.google.com
accounts.google.com
4 geolocation.onetrust.com cdn.cookielaw.org
4 www.googleoptimize.com all.accor.com
2 www.accorhotels.com 2 redirects
2 connect.facebook.net all.accor.com
connect.facebook.net
2 www.googletagmanager.com all.accor.com
www.googletagmanager.com
1 i2-sxevtvqdzyxqzklbhxmpveuqukjuqv.init.cedexis-radar.net all.accor.com
1 i2-tonyrcetydjmicxmeqdzlehmbovcxw.init.cedexis-radar.net all.accor.com
1 d6tizftlrpuof.cloudfront.net all.accor.com
1 w.usabilla.com all.accor.com
1 ssl.gstatic.com accounts.google.com
1 www.google.com apis.google.com
1 accounts.google.com apis.google.com
1 login.accor.com 1 redirects
1 api.accor.com 1 redirects
1 t5.mid.accor-mail.com 1 redirects
175 20
Subject Issuer Validity Valid
*.accor.com
GlobalSign RSA OV SSL CA 2018
2021-11-17 -
2022-12-19
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2021-06-01 -
2022-05-31
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2021-02-12 -
2022-02-11
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-09-11 -
2021-12-10
3 months crt.sh
*.apis.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
accounts.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
www.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
w.usabilla.com
Amazon
2021-03-12 -
2022-04-10
a year crt.sh
*.cloudfront.net
Amazon
2021-03-19 -
2022-03-17
a year crt.sh
*.init.cedexis-radar.net
Go Daddy Secure Certificate Authority - G2
2019-11-14 -
2022-01-13
2 years crt.sh
radar.cedexis.com
DigiCert TLS RSA SHA256 2020 CA1
2021-08-09 -
2022-08-09
a year crt.sh

This page contains 9 frames:

Primary Page: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Frame ID: 56247D15DE580B6D56FC6B096FD81AFF
Requests: 96 HTTP requests in this frame

Frame: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Frame ID: C252BA69125973B5DC2A492FE2E15FD4
Requests: 25 HTTP requests in this frame

Frame: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fall.accor.com&url=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 6AFEA52349CCD1B27AEFEC4B97F01F14
Requests: 2 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fall.accor.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 994CAA0F738A8D47F21EABC79A640CB3
Requests: 4 HTTP requests in this frame

Frame: https://w.usabilla.com/2a22008a1a0b.js?lv=1
Frame ID: FF14D93D1EBBEABACC613757235C40F2
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Frame ID: 73E9EB85D62ECD41D40FEE2CA67DFD73
Requests: 25 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/accorhotel-button-33db7e58f18a5aefd9fe80a87ec3b6ca.png
Frame ID: E2CC59AB31365CA6C4FBE2FE1E528D1B
Requests: 1 HTTP requests in this frame

Frame: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Frame ID: 22405EF1CFD8DCCD4A6407C0009E9927
Requests: 12 HTTP requests in this frame

Frame: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Frame ID: 75AF3F2F6DF69C93DD313C1BB8F69DE8
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Festive offers for members of ALL!Back ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://t5.mid.accor-mail.com/r/?id=h1d7198f0%2C8a002299%2C89e2c3d2&p1=all-2112-lc-b-me-gb-00-1&p2=all-211... HTTP 302
    https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml.go?sou... HTTP 302
    https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_me... Page URL

Page Statistics

175
Requests

99 %
HTTPS

53 %
IPv6

15
Domains

20
Subdomains

16
IPs

6
Countries

3857 kB
Transfer

12700 kB
Size

36
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t5.mid.accor-mail.com/r/?id=h1d7198f0%2C8a002299%2C89e2c3d2&p1=all-2112-lc-b-me-gb-00-1&p2=all-2112-lc-b-me-gb-00-1&p3=ME-EN-NA-NA&p4=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&s=fQmUjfztWNcnTFSJB5QQkL7oup14Xt2jJ-1eAzc_kCM HTTP 302
    https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml.go?sourceid=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf HTTP 302
    https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44
  • https://api.accor.com/authentication/v2.0/authorization?appId=all.accor&prompt=none&redirect_uri=https://all.accor.com/authentication/landing/index.shtml HTTP 302
  • https://login.accor.com/as/authorization.oauth2?client_id=all.accor&response_type=code&accorregister=false&request=eyJraWQiOiJIMWhSbjlrbG9kTVBkdjJrOTJCdHY1ZGxEQTUtczg3Zk85SVlUUkRqa1pwIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJzY29wZSI6Im9wZW5pZCBBUElXRUIuVVNFUi5BTEwgQVBTUi5BTEwiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vYWxsLmFjY29yLmNvbS9hdXRoZW50aWNhdGlvbi9sYW5kaW5nL2luZGV4LnNodG1sP2FwcElkPWFsbC5hY2NvciIsInN0YXRlIjoiR1FPak0wUWRUWk1JTHppTkdFaVhwcyIsImV4cCI6MTYzODUzNjA3NCwiaWF0IjoxNjM4NTM1MTc0LCJwcm9tcHQiOiJub25lIiwibm9uY2UiOiJSQUJCMGt3ZWYxUUFxc2lqVUNEdGpuIiwiY2xpZW50X2lkIjoiYWxsLmFjY29yIn0.Bli8l4oYQoB8el5DMNYfXwZM_VCsBN9Ad4D7i_RqUF0vOfF1xIIozPJAs3B0DMrzTo7mtv5P_MuxYo4OxKkyrhd4kVg0eGe4Bl4NKmQKqBrQBkSdX2jUiBBPIzDOyIVbPjuzGwFIRxk2lth0uV8nT-HtuD-yXMPpZff-kwMWO6rYtCQlpUHVO43xR6vMMJhFsjk8SB2_ePqdkvNfvBvWf2slgEpCsXDZr5twJr9KiO4Ch7ZW7-rT-B7KndWAphdwBrhtmixPeHlUzDjdaYL_-opJ9_8a4SAdw9UqiKjdF021L3PComS69VRCovD8_m3vGHY7zKZS5C8D5Jgdm5R5dQ HTTP 302
  • https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Request Chain 102
  • https://radar.cedexis.com/1/10096/radar.js HTTP 302
  • https://radar.cedexis.com/1621860284/radar.js
Request Chain 103
  • https://radar.cedexis.com/1/10096/radar.js HTTP 302
  • https://radar.cedexis.com/1621860284/radar.js
Request Chain 139
  • https://www.accorhotels.com/cdx/platform.html?p=%2Fcdx%2Fplatform.gif&z=1&c=10096 HTTP 301
  • https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Request Chain 140
  • https://www.accorhotels.com/cdx/platform.html?p=%2Fcdx%2Fplatform.gif&z=1&c=10096 HTTP 301
  • https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096

175 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request hw003098-festive-offers-for-members-of-all.shtml
all.accor.com/gb/promotions-offers/
Redirect Chain
  • https://t5.mid.accor-mail.com/r/?id=h1d7198f0%2C8a002299%2C89e2c3d2&p1=all-2112-lc-b-me-gb-00-1&p2=all-2112-lc-b-me-gb-00-1&p3=ME-EN-NA-NA&p4=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f6...
  • https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml.go?sourceid=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_medium=email&utm_source=animation-marketing&utm_campaign...
  • https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content...
59 KB
14 KB
Document
General
Full URL
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
73f38b873dd938c1653591fbd507597402498c9ec81ce957ef554a550a111541
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html; charset=utf-8
x-unique-id
04625847c1db38fb12dd94e4d51315c0
x-oneagent-js-injection
true
x-ruxit-js-agent
true
p3p
CP="NO P3P POLICY"
x-clacks-overhead
GNU Terry Pratchett
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
x-xss-protection
1; mode=block
referrer-policy
origin
x-accor-asset
wise
server-timing
dtSInfo;desc="1"
strict-transport-security
max-age=15552000
x-cache-response
DISABLED
x-fstrz
o
server
fasterize
content-encoding
gzip
via
1.1 ca8cb14c76df16342491237cea8cfed6.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-amz-cf-id
2VdSnMKILM2LahAZey4rC40MPJyt63m1yjiiQBqffGWs7Jp-HkKLKg==
accept-ranges
bytes
date
Fri, 03 Dec 2021 12:39:33 GMT
x-served-by
cache-hhn4072-HHN
x-cache
Miss from cloudfront, MISS
x-cache-hits
0
x-timer
S1638535174.739493,VS0,VE105
vary
Accept-Encoding, Origin
x-cdn-forward
Fastly
fastly-version
V63

Redirect headers

content-type
text/html; charset=utf-8
x-unique-id
cca539b7ae82896cf4832b164f5c69d8
x-oneagent-js-injection
true
correlation-id
ea426a98-6626-413b-b461-d0a414f83604
location
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
p3p
CP="NO P3P POLICY"
x-clacks-overhead
GNU Terry Pratchett
cache-control
no-store, no-cache="Set-Cookie"
pragma
no-cache
x-xss-protection
1; mode=block
referrer-policy
origin
server-timing
dtSInfo;desc="0", dtRpid;desc="363289502"
strict-transport-security
max-age=15552000
x-cache-response
DISABLED
expires
0
x-fstrz
zc,stc,Z,p
server
fasterize
via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-amz-cf-id
qdGl0bRO0ngcJ0WsJXNaceFw0Ui5XcoSKkUslKbkWlIFiWbzUZ7zuw==
accept-ranges
bytes
date
Fri, 03 Dec 2021 12:39:33 GMT
x-served-by
cache-hhn4072-HHN
x-cache
Miss from cloudfront, MISS
x-cache-hits
0
x-timer
S1638535174.572596,VS0,VE157
vary
Origin
x-cdn-forward
Fastly
fastly-version
V63
content-length
0
styles-global.css
all.accor.com/styles-v2112/
65 KB
7 KB
Stylesheet
General
Full URL
https://all.accor.com/styles-v2112/styles-global.css
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
c47629d29ecd71e534e1eb5f97cde08cb68675e32ec6687c5d16417d122c010c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178248
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
6953
x-gen-id
ea4bac0702fe3c7f83ed163821844c81
x-served-by
cache-hhn4072-HHN
x-unique-id
888c1d2198638196434c48e17b60b7ae
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.875649,VS0,VE0
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Origin
content-type
text/css
via
1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
sQ6e-1mHOKj5KxNWq6kBVryWgQo5cJ0ZNhR_rBW6XJI1gUpiT_fRlg==
x-cache-hits
11
index.css
all.accor.com/css-v2112/set/promotions-offers/
152 KB
23 KB
Stylesheet
General
Full URL
https://all.accor.com/css-v2112/set/promotions-offers/index.css
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
63914bf2e01926065ceae08a1a0f0d5065204512a3d6ff1180b6af51b47895e8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178247
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
22955
x-gen-id
d6ed9486bb51c3ad5b3212c95370f416
x-served-by
cache-hhn4072-HHN
x-unique-id
011e49d862950979729c1d6aab5648e9
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.876004,VS0,VE1
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Host,Origin
content-type
text/css
via
1.1 24c299c0a6423c6f96984a85fb014109.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
Lit_iaWO64LX198MHEuOy8dMB4tynrYq04PLTr1BPOT3FbZeORb70w==
x-cache-hits
1
footer_cr.css
all.accor.com/css-v2112/commun/
13 KB
3 KB
Stylesheet
General
Full URL
https://all.accor.com/css-v2112/commun/footer_cr.css
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
b4eddb167733c7c9a91a75c0450df01116ab95e9e5607831e3dc87a6c47d7ae8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178248
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
2884
x-gen-id
04c861997595732f63cdfc7fac27966a
x-served-by
cache-hhn4072-HHN
x-unique-id
ef5707e35965889c1c0a870b9d95bb45
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.876286,VS0,VE0
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Host,Origin
content-type
text/css
via
1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
2cWnXMwTogkf_2DGiaHIgUWOn8Q32fJfOkzXxnxPH_I-8nWrfjozbA==
x-cache-hits
13
ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
all.accor.com/
237 KB
89 KB
Script
General
Full URL
https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
92bca9e2ff98cd0edf78c573d0946d5b73ad3cfef7a79e8d325f13e45293f30a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178269
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
90473
x-gen-id
de9866000d131ff7ae3f4e490822cd14
x-served-by
cache-hhn4072-HHN
x-unique-id
a09fb7baefbfc12b3b965f908aeddfc1
expires
Thu, 01 Dec 2022 11:07:09 GMT
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.876388,VS0,VE0
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
Bhd98hITRS_pmRoDn1s2wJCwwFjO0aOrYFa7tGKsuc5W_LQg1Z7GsQ==
x-cache-hits
1078
optimize.js
www.googleoptimize.com/
264 KB
59 KB
Script
General
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-KT4B6DF
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f9c64bb9b2bdfd432bbf61455a77b47972d0f6c5bfb3701aa3ef061b4cf0c3c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:33 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60372
x-xss-protection
0
expires
Fri, 03 Dec 2021 12:39:33 GMT
main.js
all.accor.com/services/webview-consent/scripts-v2112/
4 KB
2 KB
Script
General
Full URL
https://all.accor.com/services/webview-consent/scripts-v2112/main.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178269
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
1791
x-gen-id
39400a227f1e6449e62033e0ecad2631
x-served-by
cache-hhn4072-HHN
x-unique-id
9f82341ab6769166cbf31d997da73b47
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.876453,VS0,VE0
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits
1789
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
19 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Lh0CEVPkmGuwf4KyqdKdhw==
age
7099
vary
Accept-Encoding
content-length
6403
x-ms-lease-status
unlocked
last-modified
Mon, 29 Nov 2021 20:31:03 GMT
server
cloudflare
etag
0x8D9B37729BED1A3
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
52709849-801e-006e-5672-e571cf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbc51ee6d618-MXP
jquery-min-cms.js
all.accor.com/scripts-v2112/lib/
94 KB
33 KB
Script
General
Full URL
https://all.accor.com/scripts-v2112/lib/jquery-min-cms.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
f33f3e068bd1aa24de14f27d789b7ccc224e9c9f8bcabff98e7ffc319ef20e15
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178247
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
33404
x-gen-id
eb13dd30ca44dbc16d4d8bb9005a0b37
x-served-by
cache-hhn4072-HHN
x-unique-id
54fd11eb759e819214bcf95b0fa0bfe5
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.896054,VS0,VE1
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
mLxjq88IvgrtUdM33awXzlUkDbYalRDalK3TDyE5DFAsPV-BTdE_zQ==
x-cache-hits
1
jquery-2.2.4.min-ah.js
all.accor.com/scripts-v2112/lib/
186 KB
62 KB
Script
General
Full URL
https://all.accor.com/scripts-v2112/lib/jquery-2.2.4.min-ah.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
9e82253850ac7b2700c02c1275f0f178b45f19357cfa5bbdd3928a3e6a786873
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178223
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
62687
x-gen-id
b466b0668b2a13b5078291f3cb657a60
x-served-by
cache-hhn4072-HHN
x-unique-id
b28e8f4ea8ebbff696c607bfb4abf1e2
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.896097,VS0,VE1
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 c80ae6bd97b709ed6e4747f0d5ea4efd.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
aduqozj1AQrsQMVZlC4uQqXJd7BaCloulfzSg9iEj7C79h8bxE5SzQ==
x-cache-hits
1
booking-core_gb.js
all.accor.com/scripts-v2112/set/
429 KB
118 KB
Script
General
Full URL
https://all.accor.com/scripts-v2112/set/booking-core_gb.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
400341e06329f365de280ab86c1c4caa41512f4e87c345ebadf9be3de61fcdc7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
177223
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
120047
x-gen-id
bd321193d3e4b5a620753da108a69778
x-served-by
cache-hhn4072-HHN
x-unique-id
d3f7d21d6cda3abf3fc195d999ac113e
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.896178,VS0,VE1
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
WQj3tCarGVwJjOhiu95YmIreQmZdfuIqxOg_PDmTfk0v7hG2h5ckdg==
x-cache-hits
1
autocompletion.js
all.accor.com/scripts-v2112/set/
29 KB
8 KB
Script
General
Full URL
https://all.accor.com/scripts-v2112/set/autocompletion.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
c564b78cbb1c17dfd4ac4f787ef4f693b9a59d8d549d3a7632cbc8aafea5fc21
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178248
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
7972
x-gen-id
f37e17f2900b9b9241c31a81a5ae9a43
x-served-by
cache-hhn4072-HHN
x-unique-id
7472a4a7ba0a91290f33a9bde1796eaf
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.896222,VS0,VE1
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
GDOkJmJYEa883uDsj_ENXm7A1hFhZiBaAzvAEgTq2Iwx_8nzric-4Q==
x-cache-hits
1
booking-engine.js
all.accor.com/scripts-v2112/set/
169 KB
31 KB
Script
General
Full URL
https://all.accor.com/scripts-v2112/set/booking-engine.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
edc4c8fec66198f373d04130a121f1662836d481806b6f6afe4fe0bf5a203db6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178247
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
31772
x-gen-id
eda39ce7bf30bca3f719d8110c94be21
x-served-by
cache-hhn4072-HHN
x-unique-id
3a0b182b4f4f69c105eeabc6771c15eb
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.896275,VS0,VE1
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
havy9WRdOdZ8UvkihwYyvpAbJrFf0uOZkFTSUT36yj-KduK9RlnkiQ==
x-cache-hits
1
popins.js
all.accor.com/scripts-v2112/set/
82 KB
21 KB
Script
General
Full URL
https://all.accor.com/scripts-v2112/set/popins.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
b34cd4f0a45e40d7f3a50c5cdb47dabfb46a46430ea2b7036e7d5e3b2c05a588
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178247
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
21158
x-gen-id
c6299689a22ee39ea6e19cb3fc487ac3
x-served-by
cache-hhn4072-HHN
x-unique-id
6cb5de97bdf3623415a1b19aaf2d84d4
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.896362,VS0,VE1
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
zHNhZDSTyi4Uxfrn8YiRa9pk--4d9FxRX-Q6Cabk9bRQ_VB-L_XcRA==
x-cache-hits
1
promotions-offers_gb.js
all.accor.com/scripts-v2112/set/
329 KB
90 KB
Script
General
Full URL
https://all.accor.com/scripts-v2112/set/promotions-offers_gb.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
97b257cba08bd09e4f15e78e510067ca3c3811ff7ad8caa136d5821324fe3290
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
156463
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
91383
x-gen-id
8bac520b3e464654317d9c50416a4a7a
x-served-by
cache-hhn4072-HHN
x-unique-id
9738f80966e6cf32d80a5e2fd109fb49
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.896388,VS0,VE1
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Host,Origin
content-type
text/javascript; charset=UTF-8
via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
KLkzspBRUEMkFplvdf7i93b_ZDINY13y5VAIwOtMmpvJ53G-7YYjrA==
x-cache-hits
1
main.js
all.accor.com/scripts-v2112/
709 KB
189 KB
Script
General
Full URL
https://all.accor.com/scripts-v2112/main.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
1289818768c7638870acd4186781558179218f6c0d8c3b6ac6ae22d6f9c86e59
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
131261
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
193663
x-gen-id
cca21b8a074f09b29e411f50b2cc10c7
x-served-by
cache-hhn4072-HHN
x-unique-id
240f20169bb316c63016659f7a2e4ee1
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.896444,VS0,VE1
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Accept-Encoding, Host,Origin
content-type
text/javascript; charset=UTF-8
via
1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
-IlPSkZtZVQt9fnD27KkRkV5C-pjr1w8G9wYAIIgq0s88kKkbg4M9g==
x-cache-hits
1
px.gif
all.accor.com/imagerie/
43 B
495 B
Image
General
Full URL
https://all.accor.com/imagerie/px.gif
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
7f68affba3f1c780f877960c7ee3e441309078b41043d35501e2eda8f7fde683
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 0b9e85cfe8fe19b385db56d32b4ce802.cloudfront.net (CloudFront), 1.1 varnish
age
178251
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
ENABLED
server-timing
dtSInfo;desc="1"
content-length
43
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
0aec3d5678c25076d1628af48d0541cc
x-clacks-overhead
GNU Terry Pratchett
last-modified
Tue, 30 Nov 2021 13:29:41 GMT
server
fasterize
x-timer
S1638535174.985279,VS0,VE0
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Host,Origin
content-type
image/gif
x-cdn-forward
Fastly
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version
V63
x-accor-asset
ecom
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-amz-cf-id
WnkDyEiCs3CsU_rVv68MZi_bOiZTgF4H4463_VnnV5KCjip5OR36NQ==
x-fstrz
ecc,Z,p
x-cache-hits
147
globalSign.gif
all.accor.com/imagerie/commun/footer/
3 KB
3 KB
Image
General
Full URL
https://all.accor.com/imagerie/commun/footer/globalSign.gif
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
01a7150b75bfd0acaa9bd97cc147022706b4fec3d6ed9735173b77448dbb48e5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 9568a708c8ab21597698ebe7dce6c42e.cloudfront.net (CloudFront), 1.1 varnish
age
178243
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
3014
x-gen-id
bf73ac5f7f3916de544d13195d232d4e
x-served-by
cache-hhn4072-HHN
x-unique-id
5c694d09da8db1aadd1358eae1502d32
last-modified
Tue, 30 Nov 2021 13:31:58 GMT
server
fasterize
x-timer
S1638535174.985747,VS0,VE0
date
Fri, 03 Dec 2021 12:39:33 GMT
vary
Origin
content-type
image/gif
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
CttAnuu6xYEvbmgBK4o1YobqlfSNbuh34QaeCW5k7_hD5HxMgk6Ksg==
x-fstrz
o,c
x-cache-hits
8
ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
all.accor.com/
237 KB
89 KB
Other
General
Full URL
https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
92bca9e2ff98cd0edf78c573d0946d5b73ad3cfef7a79e8d325f13e45293f30a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178269
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
90473
x-gen-id
de9866000d131ff7ae3f4e490822cd14
x-served-by
cache-hhn4072-HHN
x-unique-id
a09fb7baefbfc12b3b965f908aeddfc1
expires
Thu, 01 Dec 2022 11:07:09 GMT
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.167791,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
Bhd98hITRS_pmRoDn1s2wJCwwFjO0aOrYFa7tGKsuc5W_LQg1Z7GsQ==
x-cache-hits
1079
main.js
all.accor.com/services/webview-consent/scripts-v2112/
4 KB
2 KB
Other
General
Full URL
https://all.accor.com/services/webview-consent/scripts-v2112/main.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178269
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
1791
x-gen-id
39400a227f1e6449e62033e0ecad2631
x-served-by
cache-hhn4072-HHN
x-unique-id
9f82341ab6769166cbf31d997da73b47
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.167867,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits
1790
87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/
3 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9eeaf00c349716eb5d967968348d9d19d52aa95bc20d4494083775c543aeb9fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Q/oKYcvv88yFXq/UgjQcqQ==
age
9308
vary
Accept-Encoding
content-length
1420
x-ms-lease-status
unlocked
last-modified
Wed, 08 Sep 2021 10:52:35 GMT
server
cloudflare
etag
0x8D972B6C4870440
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3890e59a-401e-0138-2515-b6dfea000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbc599cc0eb7-FRA
expires
Fri, 03 Dec 2021 16:39:34 GMT
gtm.js
www.googletagmanager.com/
266 KB
68 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TKQN7D
Requested by
Host: all.accor.com
URL: https://all.accor.com/scripts-v2112/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4f6bee0f5c99de49d1a9ac883dc86c6b682439fcec623456efddaff410eb8dcb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69275
x-xss-protection
0
last-modified
Fri, 03 Dec 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 03 Dec 2021 12:39:34 GMT
account-24.svg
all.accor.com/components/login-nav/components/button-logo/svg/
935 B
859 B
Image
General
Full URL
https://all.accor.com/components/login-nav/components/button-logo/svg/account-24.svg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
63a8bb0607d9c563bf656316ff741977e9ae4752b0775a5ec22507c61555003a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178203
via
1.1 f06c87fa57d0c9fd7439d7fdbd148c63.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, HIT
x-cdn-forward
Fastly
content-length
528
x-gen-id
fde2fedfb93aed36064a8c64421ab00e
x-served-by
cache-hhn4072-HHN
x-unique-id
7341a798e746876486a48dfdea11b940
last-modified
Fri, 26 Nov 2021 09:21:39 GMT
server
fasterize
x-timer
S1638535174.167613,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding
content-type
image/svg+xml; charset=UTF-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
x-amz-cf-id
ngX7ZuuGfElES9Z5ja63_RJQl-Tsgld1dKFAB6yJPY5hAnogsozM4A==
x-fstrz
o,c
x-cache-hits
9
loginnav.en.json
all.accor.com/components/login-nav/locales/
612 B
918 B
XHR
General
Full URL
https://all.accor.com/components/login-nav/locales/loginnav.en.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
0e9a0335bdb00a8f209751c84c51195fadd96979281fc4abb3f32cf4c8999129
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h3vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security
max-age=15552000
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront), 1.1 varnish
age
178179
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
server-timing
dtSInfo;desc="0", dtRpid;desc="911752641"
content-encoding
gzip
content-length
434
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
a1aaed6fc29b1a8c2ce352bd1120ea9c
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535174.167503,VS0,VE1
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
en
x-cdn-forward
Fastly
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version
V63
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-type
application/json
x-amz-cf-id
VAG1DgvkfvLznhcZAMHUMHa5DJlSElO83nep3Hd4FqZzL-kvi2oDhg==
x-cache-hits
1
truncated
/
306 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56ce9a9f71a8465359a676d95189390683de779bdc085f4fa9d48ec0651d9a5f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
index.en.json
all.accor.com/components/header/locales/
0
1017 B
Other
General
Full URL
https://all.accor.com/components/header/locales/index.en.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront), 1.1 varnish
age
178197
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
server-timing
dtSInfo;desc="1"
content-encoding
gzip
content-length
648
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
9c5f3951d705a5dc9bb6e04f0d25c690
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535174.168708,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
en
x-cdn-forward
Fastly
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version
V63
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
content-type
application/json
x-amz-cf-id
-vOAtvURuehosz47qI-GrNipuhwizGZM6b6USje4BpQES5d0NaXSMg==
x-cache-hits
10
bg_hub.gif
all.accor.com/imagerie/promotions-offers/
10 KB
10 KB
Image
General
Full URL
https://all.accor.com/imagerie/promotions-offers/bg_hub.gif
Requested by
Host: all.accor.com
URL: https://all.accor.com/css-v2112/set/promotions-offers/index.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
8dc1fef758902b185875fd61e28de5c3687e9550e69e1fc541822771c6e8f676
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/css-v2112/set/promotions-offers/index.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
x-cache
Error from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
server-timing
dtSInfo;desc="1"
content-length
5370
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
77184ffd3c4c5d4d9bd90d11de9d96fd
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
stc,Z,p
server
fasterize
x-timer
S1638535174.175800,VS0,VE54
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-type
text/html; charset=utf-8
via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront), 1.1 varnish
expires
0
cache-control
no-store, no-cache="Set-Cookie"
fastly-version
V63
x-accor-asset
wise
x-cdn-forward
Fastly
accept-ranges
bytes
x-ruxit-js-agent
true
x-amz-cf-id
ayIh16_y11rdJpVIEy-NNXiWd2E7nMfahnqiiPMveVkxaNAG2lMl1w==
x-cache-hits
0
truncated
/
49 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bae778f7c1118ad0e77c4b70bba0703991dd0c91ed87b577d92219b4f70ef66f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/gif
common-sprite.png
all.accor.com/imagerie/commun/pictos/
16 KB
17 KB
Image
General
Full URL
https://all.accor.com/imagerie/commun/pictos/common-sprite.png
Requested by
Host: all.accor.com
URL: https://all.accor.com/css-v2112/set/promotions-offers/index.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
6852c5128a7e7fa162cf99181cfb0a646bc680dbc9e4c3130705428aeed34bd7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/css-v2112/set/promotions-offers/index.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront), 1.1 varnish
age
178247
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
16888
x-gen-id
e52a3888d4dc5cbea5ffdeb28503821f
x-served-by
cache-hhn4072-HHN
x-unique-id
9cdd5a568078467569c779627d1e0990
last-modified
Tue, 30 Nov 2021 13:29:09 GMT
server
fasterize
x-timer
S1638535174.176502,VS0,VE1
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Host,Origin
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
uuXznzPrXYDmxPPpS99SC-M7sQnzz1XaFUtvdoXAn_ytDJVuUgQDBw==
x-fstrz
o,c
x-cache-hits
1
lato-bold.woff2
all.accor.com/assets/fonts/lato/bold/
23 KB
23 KB
Font
General
Full URL
https://all.accor.com/assets/fonts/lato/bold/lato-bold.woff2
Requested by
Host: all.accor.com
URL: https://all.accor.com/styles-v2112/styles-global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
18e425aaa2caa6839f38ab8dc661bb8e59d071a4675f7e05fa221636f064a8a1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/styles-v2112/styles-global.css
Origin
https://all.accor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 5b6e22c950501920595c86fc25834583.cloudfront.net (CloudFront), 1.1 varnish
age
178251
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
23736
x-gen-id
0009d4ca9715a620f6fa2ddabfc0a1c9
x-served-by
cache-hhn4072-HHN
x-unique-id
9d0312e93a884f18b7c0868e91ff5211
last-modified
Tue, 05 Oct 2021 14:33:24 GMT
server
fasterize
x-timer
S1638535174.179939,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
content-type
font/woff2
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
ifbX1l-x_FD7pusXLDJ0G_BSTb14QbooI3F4MiuExQcCRn_Et-lpyQ==
x-fstrz
o,c
x-cache-hits
169
lato-regular.woff2
all.accor.com/assets/fonts/lato/regular/
23 KB
23 KB
Font
General
Full URL
https://all.accor.com/assets/fonts/lato/regular/lato-regular.woff2
Requested by
Host: all.accor.com
URL: https://all.accor.com/styles-v2112/styles-global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
9588b8874bd624c3306bdc5be18215767b7e0345ac216c67204be0d5b9fc52ae
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/styles-v2112/styles-global.css
Origin
https://all.accor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront), 1.1 varnish
age
178251
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
23556
x-gen-id
f014fa37798b1e7cc1fcb6e7ca41a40a
x-served-by
cache-hhn4072-HHN
x-unique-id
ea46c0eb39e00cadbf261f4ab2151229
last-modified
Tue, 05 Oct 2021 14:33:24 GMT
server
fasterize
x-timer
S1638535174.180478,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
content-type
font/woff2
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
4d-Ixbhuy6SnECNDMxuDNc7Jy9HJHGMybxDWs4rAG5pS0k4fsv74Qg==
x-fstrz
o,c
x-cache-hits
166
roboto-regular.woff2
all.accor.com/assets/fonts/roboto/regular/
52 KB
52 KB
Font
General
Full URL
https://all.accor.com/assets/fonts/roboto/regular/roboto-regular.woff2
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
ef3fb28d8dd00170c8ab66069052f98895d76efec6723db1cc2335c0daee7faf
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Origin
https://all.accor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 d63ea68c8b7458d49fe25f66ef7f0a5f.cloudfront.net (CloudFront), 1.1 varnish
age
178263
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
52892
x-gen-id
d00968c035510767e453837be43d7d2b
x-served-by
cache-hhn4072-HHN
x-unique-id
42cf9dd895e73e8e80779dc5a0ef3eaa
last-modified
Tue, 05 Oct 2021 14:33:24 GMT
server
fasterize
x-timer
S1638535174.180573,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
content-type
font/woff2
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
68A0DAHIdN6c_f4zLdGd12gTyKHsnI1EqSg96ttkgOm2MPJrE_Wx4A==
x-fstrz
o,c
x-cache-hits
1002
lato-regular-webfont.ttf.woff2
all.accor.com/fstrz/r/s/c/all.accor.com/css-v2112/fonts/
127 KB
128 KB
Font
General
Full URL
https://all.accor.com/fstrz/r/s/c/all.accor.com/css-v2112/fonts/lato-regular-webfont.ttf.woff2
Requested by
Host: all.accor.com
URL: https://all.accor.com/css-v2112/set/promotions-offers/index.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
2b896d6bb4408d45a7a48315a8616ec07dfc0313b8523b7d09fc84cc633edc69
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/css-v2112/set/promotions-offers/index.css
Origin
https://all.accor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:34 GMT
via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront), 1.1 varnish
age
178247
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
130392
x-gen-id
0cfcbc41e792bf8ea63c7ef3f26d056d
x-served-by
cache-hhn4072-HHN
x-unique-id
f154d98be66ac97b52827e69aca11802
last-modified
Thu, 18 Nov 2021 16:37:26 GMT
server
fasterize
x-timer
S1638535174.180732,VS0,VE1
content-type
font/woff2
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
ToWkZ_aohl1Yu7BWkLBEvVDEpPE1NnlW0uF7WljQ66DPZU59qn_SOw==
x-fstrz
o,c
x-cache-hits
1
lato-bold-webfont.ttf.woff2
all.accor.com/fstrz/r/s/c/all.accor.com/css-v2112/fonts/
128 KB
128 KB
Font
General
Full URL
https://all.accor.com/fstrz/r/s/c/all.accor.com/css-v2112/fonts/lato-bold-webfont.ttf.woff2
Requested by
Host: all.accor.com
URL: https://all.accor.com/css-v2112/set/promotions-offers/index.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
a66a965881a85c8928b4b4d60095164de16d693135e6d7f095e141b8bc68e519
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/css-v2112/set/promotions-offers/index.css
Origin
https://all.accor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:34 GMT
via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront), 1.1 varnish
age
178247
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
130796
x-gen-id
1bb2ebe31c63cf6fc4fe6add99a1f642
x-served-by
cache-hhn4072-HHN
x-unique-id
bfc23592376b349fb8f66f3dfd315899
last-modified
Thu, 18 Nov 2021 16:37:27 GMT
server
fasterize
x-timer
S1638535174.180815,VS0,VE1
content-type
font/woff2
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
WdAZWy4wMmILhmHw2q2drel2rHR8W560rPrdC7nnOMJJHY4F5EWhiQ==
x-fstrz
o,c
x-cache-hits
1
icon-fonts-sharing.woff2
all.accor.com/assets/icons/sharing/
3 KB
3 KB
Font
General
Full URL
https://all.accor.com/assets/icons/sharing/icon-fonts-sharing.woff2
Requested by
Host: all.accor.com
URL: https://all.accor.com/css-v2112/commun/footer_cr.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
19eddfb22ef270441f545430e2a8607f588e1d72069a8507e8496c1c56eecdcb
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/css-v2112/commun/footer_cr.css
Origin
https://all.accor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront), 1.1 varnish
age
178244
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
2868
x-gen-id
47bad063b629243595f01fb9c61d17b3
x-served-by
cache-hhn4072-HHN
x-unique-id
763e20f1f483dcc08d6bdded17843db3
last-modified
Tue, 05 Oct 2021 14:33:24 GMT
server
fasterize
x-timer
S1638535174.180937,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
content-type
font/woff2
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
U24_hXmXvD29KBzL6VKrM0Y3S9ok5K6Ql1q5XdDcZJxUyWq3ySZOuA==
x-fstrz
o,c
x-cache-hits
5
icon-fonts-sharing-logos.woff2
all.accor.com/assets/icons/sharing/logos/
2 KB
2 KB
Font
General
Full URL
https://all.accor.com/assets/icons/sharing/logos/icon-fonts-sharing-logos.woff2
Requested by
Host: all.accor.com
URL: https://all.accor.com/css-v2112/commun/footer_cr.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
2e8c4f9557817a416f5e4b2fdc641f10505fecf93b514796e1b8190304f0fc84
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/css-v2112/commun/footer_cr.css
Origin
https://all.accor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront), 1.1 varnish
age
178244
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
1920
x-gen-id
c1b51c3a0160f7c6ae2771792acc9f21
x-served-by
cache-hhn4072-HHN
x-unique-id
0b63e49b29b2fbd3afff0b8a424d513a
last-modified
Tue, 05 Oct 2021 14:33:24 GMT
server
fasterize
x-timer
S1638535174.181270,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
content-type
font/woff2
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
lUyL9v3vz3ZFmGGGlbux86tWerOi0qEtJMgQCjUMVmO6x2CyfISWbw==
x-fstrz
o,c
x-cache-hits
2
jquery-min-cms.js
all.accor.com/scripts-v2112/lib/
94 KB
33 KB
Other
General
Full URL
https://all.accor.com/scripts-v2112/lib/jquery-min-cms.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
f33f3e068bd1aa24de14f27d789b7ccc224e9c9f8bcabff98e7ffc319ef20e15
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178247
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
33404
x-gen-id
eb13dd30ca44dbc16d4d8bb9005a0b37
x-served-by
cache-hhn4072-HHN
x-unique-id
54fd11eb759e819214bcf95b0fa0bfe5
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.256197,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
mLxjq88IvgrtUdM33awXzlUkDbYalRDalK3TDyE5DFAsPV-BTdE_zQ==
x-cache-hits
2
jquery-2.2.4.min-ah.js
all.accor.com/scripts-v2112/lib/
186 KB
62 KB
Other
General
Full URL
https://all.accor.com/scripts-v2112/lib/jquery-2.2.4.min-ah.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
9e82253850ac7b2700c02c1275f0f178b45f19357cfa5bbdd3928a3e6a786873
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178223
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
62687
x-gen-id
b466b0668b2a13b5078291f3cb657a60
x-served-by
cache-hhn4072-HHN
x-unique-id
b28e8f4ea8ebbff696c607bfb4abf1e2
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.256281,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 c80ae6bd97b709ed6e4747f0d5ea4efd.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
aduqozj1AQrsQMVZlC4uQqXJd7BaCloulfzSg9iEj7C79h8bxE5SzQ==
x-cache-hits
2
booking-core_gb.js
all.accor.com/scripts-v2112/set/
429 KB
118 KB
Other
General
Full URL
https://all.accor.com/scripts-v2112/set/booking-core_gb.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
400341e06329f365de280ab86c1c4caa41512f4e87c345ebadf9be3de61fcdc7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
177223
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
120047
x-gen-id
bd321193d3e4b5a620753da108a69778
x-served-by
cache-hhn4072-HHN
x-unique-id
d3f7d21d6cda3abf3fc195d999ac113e
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.256365,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
WQj3tCarGVwJjOhiu95YmIreQmZdfuIqxOg_PDmTfk0v7hG2h5ckdg==
x-cache-hits
2
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
193 B
403 B
Script
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6b7cdbc75ef04aa4-FRA
autocompletion.js
all.accor.com/scripts-v2112/set/
29 KB
8 KB
Other
General
Full URL
https://all.accor.com/scripts-v2112/set/autocompletion.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
c564b78cbb1c17dfd4ac4f787ef4f693b9a59d8d549d3a7632cbc8aafea5fc21
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178248
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
7972
x-gen-id
f37e17f2900b9b9241c31a81a5ae9a43
x-served-by
cache-hhn4072-HHN
x-unique-id
7472a4a7ba0a91290f33a9bde1796eaf
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.258581,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
GDOkJmJYEa883uDsj_ENXm7A1hFhZiBaAzvAEgTq2Iwx_8nzric-4Q==
x-cache-hits
2
booking-engine.js
all.accor.com/scripts-v2112/set/
169 KB
31 KB
Other
General
Full URL
https://all.accor.com/scripts-v2112/set/booking-engine.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
edc4c8fec66198f373d04130a121f1662836d481806b6f6afe4fe0bf5a203db6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178247
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
31772
x-gen-id
eda39ce7bf30bca3f719d8110c94be21
x-served-by
cache-hhn4072-HHN
x-unique-id
3a0b182b4f4f69c105eeabc6771c15eb
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.258784,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
havy9WRdOdZ8UvkihwYyvpAbJrFf0uOZkFTSUT36yj-KduK9RlnkiQ==
x-cache-hits
2
popins.js
all.accor.com/scripts-v2112/set/
82 KB
21 KB
Other
General
Full URL
https://all.accor.com/scripts-v2112/set/popins.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
b34cd4f0a45e40d7f3a50c5cdb47dabfb46a46430ea2b7036e7d5e3b2c05a588
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178247
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
21158
x-gen-id
c6299689a22ee39ea6e19cb3fc487ac3
x-served-by
cache-hhn4072-HHN
x-unique-id
6cb5de97bdf3623415a1b19aaf2d84d4
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.259282,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
zHNhZDSTyi4Uxfrn8YiRa9pk--4d9FxRX-Q6Cabk9bRQ_VB-L_XcRA==
x-cache-hits
2
promotions-offers_gb.js
all.accor.com/scripts-v2112/set/
329 KB
90 KB
Other
General
Full URL
https://all.accor.com/scripts-v2112/set/promotions-offers_gb.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
97b257cba08bd09e4f15e78e510067ca3c3811ff7ad8caa136d5821324fe3290
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
156463
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
91383
x-gen-id
8bac520b3e464654317d9c50416a4a7a
x-served-by
cache-hhn4072-HHN
x-unique-id
9738f80966e6cf32d80a5e2fd109fb49
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.259571,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Host,Origin
content-type
text/javascript; charset=UTF-8
via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
KLkzspBRUEMkFplvdf7i93b_ZDINY13y5VAIwOtMmpvJ53G-7YYjrA==
x-cache-hits
2
main.js
all.accor.com/scripts-v2112/
709 KB
189 KB
Other
General
Full URL
https://all.accor.com/scripts-v2112/main.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
1289818768c7638870acd4186781558179218f6c0d8c3b6ac6ae22d6f9c86e59
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
131261
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
193663
x-gen-id
cca21b8a074f09b29e411f50b2cc10c7
x-served-by
cache-hhn4072-HHN
x-unique-id
240f20169bb316c63016659f7a2e4ee1
x-fstrz
o,c
server
fasterize
x-timer
S1638535174.259771,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Host,Origin
content-type
text/javascript; charset=UTF-8
via
1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
-IlPSkZtZVQt9fnD27KkRkV5C-pjr1w8G9wYAIIgq0s88kKkbg4M9g==
x-cache-hits
2
index.shtml
all.accor.com/authentication/landing/ Frame C252
Redirect Chain
  • https://api.accor.com/authentication/v2.0/authorization?appId=all.accor&prompt=none&redirect_uri=https://all.accor.com/authentication/landing/index.shtml
  • https://login.accor.com/as/authorization.oauth2?client_id=all.accor&response_type=code&accorregister=false&request=eyJraWQiOiJIMWhSbjlrbG9kTVBkdjJrOTJCdHY1ZGxEQTUtczg3Zk85SVlUUkRqa1pwIiwidHlwIjoiSl...
  • https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
7 KB
3 KB
Document
General
Full URL
https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Requested by
Host: all.accor.com
URL: https://all.accor.com/scripts-v2112/set/promotions-offers_gb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
4dbd3040f0e3280903f9d26ae340099dcc48a2ed61f88437aced99aacc3a6fe9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/

Response headers

content-type
text/html; charset=utf-8
x-unique-id
43618249b11ce52c291f689d3035d016
x-oneagent-js-injection
true
x-ruxit-js-agent
true
p3p
CP="NO P3P POLICY"
x-clacks-overhead
GNU Terry Pratchett
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
x-xss-protection
1; mode=block
referrer-policy
origin
x-accor-asset
wise
server-timing
dtSInfo;desc="0", dtRpid;desc="2058574785"
strict-transport-security
max-age=15552000
x-cache-response
DISABLED
x-fstrz
o
server
fasterize
content-encoding
gzip
via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-amz-cf-id
EKyRyOAXkXtPf7mQD8QLOYSgRD8M6c86kK_firL9Nz50gkBWUMMUkQ==
accept-ranges
bytes
date
Fri, 03 Dec 2021 12:39:34 GMT
x-served-by
cache-hhn4072-HHN
x-cache
Miss from cloudfront, MISS
x-cache-hits
0
x-timer
S1638535175.587817,VS0,VE68
vary
Accept-Encoding, Origin
x-cdn-forward
Fastly
fastly-version
V63

Redirect headers

date
Fri, 03 Dec 2021 12:39:34 GMT
content-type
text/html;charset=utf-8
content-length
0
x-frame-options
SAMEORIGIN
referrer-policy
origin
cache-control
no-cache, no-store
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required#.
strict-transport-security
max-age=15724800; includeSubDomains
x-cdn
Imperva
x-iinfo
13-339838483-339838484 NNNN CT(4 8 0) RT(1638535173846 0) q(0 0 0 0) r(0 0) U11
promo_gb.js
all.accor.com/scripts-v2112/hotels-offers/i18n/
865 B
1 KB
XHR
General
Full URL
https://all.accor.com/scripts-v2112/hotels-offers/i18n/promo_gb.js?_=1638535173465
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
b892a75f0dd129bb98a7d720993fcad637939cbd9459afb44eb61002ce9d33ea
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://all.accor.com/
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h4vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security
max-age=15552000
via
1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront), 1.1 varnish
age
175346
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
ENABLED
server-timing
dtSInfo;desc="1"
content-encoding
gzip
content-length
573
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
d08e8f76388a4ce6c86d77d1aba6c7b2
x-clacks-overhead
GNU Terry Pratchett
expires
Wed, 01 Dec 2021 12:57:08 GMT
x-fstrz
w,p
server
fasterize
x-timer
S1638535174.332689,VS0,VE1
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript
x-cdn-forward
Fastly
cache-control
max-age=3600, s-maxage=5, no-cache="Set-Cookie"
fastly-version
V63
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-amz-cf-id
WjAeX2DhGytbqaCnqY7WzM7i5XjgHl1jf2PigOwAjMQx7axyExH4Ag==
x-cache-hits
1
getViewBeans.action
all.accor.com/bean/
621 B
1 KB
XHR
General
Full URL
https://all.accor.com/bean/getViewBeans.action?beans=OriginViewBean&httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
d92fe8a08fac8d4e03cf3be8a77427e27f58c52039664cdce47f1193cc705dcb
Security Headers
Name Value
Strict-Transport-Security max-age=15552000, max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://all.accor.com/
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h5vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id
3044c9bc-9c14-4e8a-a097-92bad3a95406
strict-transport-security
max-age=15552000, max-age=15552000
via
1.1 d63ea68c8b7458d49fe25f66ef7f0a5f.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
x-cache-response
DISABLED
server-timing
dtSInfo;desc="0", dtRpid;desc="449280960"
content-length
621
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
aaf1d15aa891772b5710001687d19c86
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535174.346944,VS0,VE61
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Origin, Accept-Encoding
content-language
de-DE
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
content-type
application/json;charset=UTF-8
x-amz-cf-id
xzfOPK4cGByU0KmgMAcGXSCmKpmY5F6aQbvQlySoMq1DCBHCJ_DAvQ==
x-cache-hits
0
sdk.js
connect.facebook.net/de_DE/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/de_DE/sdk.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/scripts-v2112/set/promotions-offers_gb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f008:8:face:b00c:0:1 Milan, Italy, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4a9176024a28601348ed4672fdc49e08600bfc751477770154390503d03c16a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
JTT/x+KwIdA1XZ4+oI70Lg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1685
x-fb-rlafr
0
x-fb-debug
eI31JzDxroSMdGhILB6/aTeUOXsl2rM6YwS0tL9KRe7nK/WajvAUqNhcRxChLvtbvSVYA5Ip/iYZ6DdF68D1kA==
x-fb-trip-id
19638678
x-fb-content-md5
f7e0916892501fd13518d9ead1886d9e
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"7b7a6e3dd94199f4a80cb23b47b4cbfe"
timing-allow-origin
*
priority
u=3,i
expires
Fri, 03 Dec 2021 12:44:45 GMT
plusone.js
apis.google.com/js/
52 KB
21 KB
Script
General
Full URL
https://apis.google.com/js/plusone.js?_=1638535173466
Requested by
Host: all.accor.com
URL: https://all.accor.com/scripts-v2112/lib/jquery-2.2.4.min-ah.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0eb4cc8760c02d0de878a8ceeef038d371f739a3a969c324e3cf79aca031d52c
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-B5sHSVqNKDxk8HvBTIUMyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"3f9e0fc992ef48fd58f5e86f448068fe"
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-B5sHSVqNKDxk8HvBTIUMyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires
Fri, 03 Dec 2021 12:39:34 GMT
1385751076072-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/
36 KB
37 KB
Image
General
Full URL
https://all.accor.com/gb/promotions-offers/img/1385751076072-1385494950405.jpg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
f51b94e97479ec49afa97ab34eec54626db8964ff5dc98640e4bc0e109417c88
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 319f376925908156190f5fc160137b43.cloudfront.net (CloudFront), 1.1 varnish
age
2611
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
37049
x-gen-id
66707192ba2ac987005f0a7107e7298c
x-served-by
cache-hhn4072-HHN
x-unique-id
3fae9ad4c17efd193e996489b76275b0
last-modified
Wed, 01 Dec 2021 18:12:11 GMT
server
fasterize
x-timer
S1638535174.363517,VS0,VE1
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Origin
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
6fhzJ--BKCuEhF0gXfbnDnNAu0ZqKS4vY49QxFy5-iwgi_XFSGTpqQ==
x-fstrz
o,c
x-cache-hits
1
1385750707106-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/
27 KB
28 KB
Image
General
Full URL
https://all.accor.com/gb/promotions-offers/img/1385750707106-1385494950405.jpg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
fb6f836bb8707b5249b47fc76b85207a44ae522209cb77570a70456564c7ec49
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront), 1.1 varnish
age
2611
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
28029
x-gen-id
e2019871a4947d6c87e6ea35b5f65b42
x-served-by
cache-hhn4072-HHN
x-unique-id
1e50b4f94765f9cff04990821f2ea6b3
last-modified
Wed, 01 Dec 2021 18:12:11 GMT
server
fasterize
x-timer
S1638535174.363618,VS0,VE1
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Origin
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
tdSePTKBpF160e9KO99ghz4KKVa2A9iAdMJPhLtdQshTLbqlK2dFnw==
x-fstrz
o,c
x-cache-hits
1
1385750780934-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/
45 KB
45 KB
Image
General
Full URL
https://all.accor.com/gb/promotions-offers/img/1385750780934-1385494950405.jpg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
b1b447c9f6fdd0b01b342fa0859dd0e0b09f5050b9c278937726becbe91c610b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
age
2611
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
46225
x-gen-id
b2cbbd19979b0aa30c494c727b07020e
x-served-by
cache-hhn4072-HHN
x-unique-id
10e9c3bc3fcbc9f640f6c24dc2aefe96
last-modified
Wed, 01 Dec 2021 18:12:11 GMT
server
fasterize
x-timer
S1638535174.363713,VS0,VE1
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Origin
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
_XYH-0JydVSLbYfUMONVh5-hk8G8Q0knOr0IUGwANmfcmVmRzXCduw==
x-fstrz
o,c
x-cache-hits
1
1385749836520-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/
32 KB
32 KB
Image
General
Full URL
https://all.accor.com/gb/promotions-offers/img/1385749836520-1385494950405.jpg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
61bf46ddd0347eefdeb6150a5a9fc0fc7364c8bdee2d7b34b8c52aeaf6247d7d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront), 1.1 varnish
age
2611
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
32577
x-gen-id
02fa7a4c268997f4f13cb2f1f8c01304
x-served-by
cache-hhn4072-HHN
x-unique-id
abcd6818fec884d7bc3dfbca51b1555e
last-modified
Wed, 01 Dec 2021 18:12:11 GMT
server
fasterize
x-timer
S1638535174.363915,VS0,VE1
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Origin
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
uJnIxgYoiTEaqWRqfSgg00vo9bUr2Zb9JMVMgcwCz6sE6rxnnFiDyw==
x-fstrz
o,c
x-cache-hits
1
1385754185430-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/
22 KB
23 KB
Image
General
Full URL
https://all.accor.com/gb/promotions-offers/img/1385754185430-1385494950405.jpg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
2debfc21d7901a5ed1bef7f33da5c833e6cffe8ccf5fed6959c3745c0576d696
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront), 1.1 varnish
age
2611
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
22821
x-gen-id
1c8e79b4c30f19eaa8fff51eeb1ccfdd
x-served-by
cache-hhn4072-HHN
x-unique-id
7fafeaa23c92433ced3ee71c1db2662f
last-modified
Wed, 01 Dec 2021 18:12:11 GMT
server
fasterize
x-timer
S1638535174.364245,VS0,VE1
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Origin
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
Wfuu62jNmtlQlCgjDf-xXmqgPfEG-0jDj4GMTXyRZOhWx00lXGImlg==
x-fstrz
o,c
x-cache-hits
1
1385749199997-1385494950405.jpg
all.accor.com/gb/promotions-offers/img/
38 KB
38 KB
Image
General
Full URL
https://all.accor.com/gb/promotions-offers/img/1385749199997-1385494950405.jpg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
68fcfaa7232b50c7033d0c08b3cdbbee150b047c4cfa6445705318abf4e1303f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000, max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000, max-age=15552000
via
1.1 0a71d283a25c1e3f082b4dbc9d844dfe.cloudfront.net (CloudFront), 1.1 varnish
age
2611
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
38955
x-gen-id
b0ac2a0113920a130dfe53df4e6cc69e
x-served-by
cache-hhn4072-HHN
x-unique-id
4d5a406c666a290925fd14eb17e472a1
last-modified
Wed, 01 Dec 2021 18:12:11 GMT
server
fasterize
x-timer
S1638535174.364322,VS0,VE1
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Origin
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
lj9NWs6NgQPG1x5yqCoN_jxiLgcJFGEGmaN92X1mrmzdI9Zh8Pl2Ng==
x-fstrz
o,c
x-cache-hits
1
getViewBeans.action
all.accor.com/bean/
621 B
1 KB
XHR
General
Full URL
https://all.accor.com/bean/getViewBeans.action?beans=OriginViewBean&httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
d92fe8a08fac8d4e03cf3be8a77427e27f58c52039664cdce47f1193cc705dcb
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://all.accor.com/
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h13vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id
3e71bf0b-6d90-47a8-a7df-e3c9f586a9d0
strict-transport-security
max-age=15552000
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
x-cache-response
DISABLED
server-timing
dtSInfo;desc="0", dtRpid;desc="840922296"
content-length
621
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
c5fec544c591f4bab98a8d2bc0c700db
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535174.368568,VS0,VE89
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Origin, Accept-Encoding
content-language
de-DE
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
content-type
application/json;charset=UTF-8
x-amz-cf-id
NXoUehaitLwauaaWX4NbgQnrJBLs6opOZVTgTyB-srssFByT_Cu6kw==
x-cache-hits
0
config.en.json
all.accor.com/header/
12 KB
5 KB
XHR
General
Full URL
https://all.accor.com/header/config.en.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
bb3671d439694ddb775eaff59f9be79502924c6f7b32219d2bfff3d159ad1444
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://all.accor.com/
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h14vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security
max-age=15552000
via
1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront), 1.1 varnish
age
178179
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
server-timing
dtSInfo;desc="1"
content-encoding
gzip
content-length
4472
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
405caba66a97f394422324c1ff48b5ac
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535174.377955,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Host,Origin, Accept-Encoding
content-language
en
x-cdn-forward
Fastly
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version
V63
x-accor-asset
ecom
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
content-type
application/json
x-amz-cf-id
2UFmiEWwSo8hQwuB2vLjkfLUrER2axP4YXHi19Stgi7vt4iean_lNw==
x-cache-hits
4
getViewBeans.action
all.accor.com/bean/
621 B
1017 B
XHR
General
Full URL
https://all.accor.com/bean/getViewBeans.action?beans=OriginViewBean&httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
d92fe8a08fac8d4e03cf3be8a77427e27f58c52039664cdce47f1193cc705dcb
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://all.accor.com/
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h15vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id
9cd5395e-a579-45b5-8933-f06878dddea3
strict-transport-security
max-age=15552000
via
1.1 3296b04068551f925d5fafd1b785ff31.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
x-cache-response
DISABLED
server-timing
dtSInfo;desc="1"
content-length
621
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
a0067acf6e6356db1e012241402bc20a
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535174.384499,VS0,VE112
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Origin, Accept-Encoding
content-language
de-DE
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
content-type
application/json;charset=UTF-8
x-amz-cf-id
oKLeOGWFNZBdTEkSBrYJE3PE5Fmr8BBO-QNINoxSosXpa0La-nnNsg==
x-cache-hits
0
config.en.json
all.accor.com/header/
12 KB
5 KB
XHR
General
Full URL
https://all.accor.com/header/config.en.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
bb3671d439694ddb775eaff59f9be79502924c6f7b32219d2bfff3d159ad1444
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://all.accor.com/
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h16vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security
max-age=15552000
via
1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront), 1.1 varnish
age
178179
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
server-timing
dtSInfo;desc="1"
content-encoding
gzip
content-length
4472
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
405caba66a97f394422324c1ff48b5ac
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535174.389611,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Host,Origin, Accept-Encoding
content-language
en
x-cdn-forward
Fastly
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version
V63
x-accor-asset
ecom
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
content-type
application/json
x-amz-cf-id
2UFmiEWwSo8hQwuB2vLjkfLUrER2axP4YXHi19Stgi7vt4iean_lNw==
x-cache-hits
5
loyalty-program.svg
all.accor.com/components/login-nav/components/loyalty-card/svg/
5 KB
3 KB
Image
General
Full URL
https://all.accor.com/components/login-nav/components/loyalty-card/svg/loyalty-program.svg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
a3abf7d40bd0db59f5c09e497994f3155a8a919881634caf26643b51c058ddd8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178202
via
1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, HIT
x-cdn-forward
Fastly
content-length
2160
x-gen-id
991b64818ec21f14569763422fff3765
x-served-by
cache-hhn4072-HHN
x-unique-id
49bcedea0f3e47c57a50868f2780b0e4
last-modified
Fri, 26 Nov 2021 09:21:39 GMT
server
fasterize
x-timer
S1638535174.453182,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding
content-type
image/svg+xml; charset=UTF-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
x-amz-cf-id
YKFBbq4LOrTsWzmGARauEw5SsiniKbP5zpNfWyDQUvbsfvokqkDc6Q==
x-fstrz
o,c
x-cache-hits
7
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/
148 KB
51 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js?_=1638535173466
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a98d3f21c2cef2241e0ce7f4cc7fd5dd01596a3f813f5f0665efdd8496844d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 14:25:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
166459
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51670
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 01 Dec 2022 14:25:15 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/
96 KB
33 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js?_=1638535173466
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1cc6b66cc42418608faeed8ae5f6fb3cd8f559f9dcf0be3d7a340c5351847a65
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 14:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
166458
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33908
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 01 Dec 2022 14:25:16 GMT
fastbutton
apis.google.com/u/0/se/0/_/+1/ Frame 6AFE
2 KB
2 KB
Document
General
Full URL
https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fall.accor.com&url=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js?_=1638535173466
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/

Response headers

content-type
text/html; charset=UTF-8
referrer-policy
no-referrer
content-length
1585
date
Fri, 03 Dec 2021 12:39:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
getViewBeans.action
all.accor.com/bean/
5 KB
4 KB
XHR
General
Full URL
https://all.accor.com/bean/getViewBeans.action?beans=OriginViewBean|CurrenciesViewBean&httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535173970&lang=en
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
8b478084411b06a69b79593b9c413ff1db2af1008305f1cb63331224569e69a5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://all.accor.com/
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h17vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id
d3437d82-d459-4ae0-bf8b-7cda15c4a031
strict-transport-security
max-age=15552000
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
x-cache-response
DISABLED
server-timing
dtSInfo;desc="0", dtRpid;desc="-1119567447"
content-length
3395
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
9cff73365b9a87301744d46f0c095e61
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535175.534873,VS0,VE74
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
de-DE
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
content-type
application/json;charset=UTF-8
x-amz-cf-id
hEznC9aXQUfoA4KJxkLXDSPiVFGULS3xV7QzZjnu7cNq3tqLLV89aQ==
x-cache-hits
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.23.0/
312 KB
75 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
joMckLq8BtEunD8NH/4XVA==
age
3933123
vary
Accept-Encoding
content-length
76366
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:58 GMT
server
cloudflare
etag
0x8D96DBF6CBEE741
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f4d13985-301e-0055-7e6c-c43391000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbc8eb30d618-MXP
sdk.js
connect.facebook.net/de_DE/
291 KB
82 KB
Script
General
Full URL
https://connect.facebook.net/de_DE/sdk.js?hash=edbdb5e9e4a6635fa4d9557eeb4cd101
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f008:8:face:b00c:0:1 Milan, Italy, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b1ee98990c7c65268f3bcb450fa3f055f9fb1eebfd63f3602951475181eaaa13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://all.accor.com/
Origin
https://all.accor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
DCN1184otYt7Lq8RTdVF6A==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
84367
x-fb-rlafr
0
x-fb-debug
ynmYRKfeo+Y8YD7j0Ul8JH3TxToyvXdn8aroxb9avmH1fkN8z5CtUkN++ZLDvuKc+YLFrLaciDnQPjRh58kxag==
x-fb-content-md5
4920d63791c6033336e7261c827a0c48
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"ae0d233a17cff83d31bfeb90a1f45ad8"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 03 Dec 2022 11:07:26 GMT
gtm.js
www.googletagmanager.com/
460 KB
99 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PKFTZMK&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKQN7D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
51e5f9626e4a0a622abd3b6a613b0f6a2e8f84c350cfb29500be385e18ff25d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
101012
x-xss-protection
0
expires
Fri, 03 Dec 2021 12:39:34 GMT
currencyMap.action
all.accor.com/ajax/currency/
7 KB
5 KB
XHR
General
Full URL
https://all.accor.com/ajax/currency/currencyMap.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174040&lang=en
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
a2670a36b03aa136cbdf4b5389cc3514d600aa6c9c0192757ec9792bf4f67f91
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h18vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id
5955d367-b185-4564-995d-3453dc7cb607
strict-transport-security
max-age=15552000
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
x-cache-response
DISABLED
server-timing
dtSInfo;desc="1"
content-length
4415
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
a2e6cae49429fe1c47929a82f6ab935a
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535175.602904,VS0,VE439
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
de-DE
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
content-type
application/json;charset=UTF-8
x-amz-cf-id
3OVZcSNFzef4gdxrzSELMcXzr-q2kVZ9d_O2JYYaFmGN8wpgRSvRsA==
x-cache-hits
0
displayVersionViewBean.action
all.accor.com/ajax/localisation/
14 KB
5 KB
XHR
General
Full URL
https://all.accor.com/ajax/localisation/displayVersionViewBean.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174045&lang=en
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
3a3b5a1699dbbd60c898504147fd10512b65c40427dfec4c295f94e96ec88ac6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h19vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id
a3b52ff6-aca3-4349-976f-1c4d44aef2bd
strict-transport-security
max-age=15552000
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
x-cache-response
DISABLED
server-timing
dtSInfo;desc="0", dtRpid;desc="-1384331638"
content-length
4650
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
0b565464e6a89c0c53ae7cf4e1791e94
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535175.616561,VS0,VE880
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
de-DE
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
content-type
application/json;charset=UTF-8
x-amz-cf-id
-ow6Q30ZAJOR3g3xLfZ9TC8Rr-X5Uuy9myV5xvhHWauYmNt5USSiCw==
x-cache-hits
0
displayVersionViewBean.action
all.accor.com/ajax/localisation/
14 KB
5 KB
XHR
General
Full URL
https://all.accor.com/ajax/localisation/displayVersionViewBean.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174065&lang=en
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
3a3b5a1699dbbd60c898504147fd10512b65c40427dfec4c295f94e96ec88ac6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h20vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id
215c64e3-5acd-42a2-974c-4e5efcf47cc2
strict-transport-security
max-age=15552000
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
via
1.1 7fd88bab22735486702d23ba4e028d86.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
x-cache-response
DISABLED
server-timing
dtSInfo;desc="0", dtRpid;desc="-506856190"
content-length
4650
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
e6b20ff9cfba8d86246b81ebee4f2413
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535175.630062,VS0,VE881
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
de-DE
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
content-type
application/json;charset=UTF-8
x-amz-cf-id
qlleI49WEqp0X6eg68QpL9TXNQnu6l5EKbzi-gv2MWlePT8ApG1UXg==
x-cache-hits
0
currencyMap.action
all.accor.com/ajax/currency/
7 KB
5 KB
XHR
General
Full URL
https://all.accor.com/ajax/currency/currencyMap.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174076&lang=en
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
a2670a36b03aa136cbdf4b5389cc3514d600aa6c9c0192757ec9792bf4f67f91
Security Headers
Name Value
Strict-Transport-Security max-age=15552000, max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h21vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id
fbe32d77-6979-4151-a34b-5ee5ea3d1734
strict-transport-security
max-age=15552000, max-age=15552000
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
via
1.1 4612dc3b414cf2057f542e94733d59bd.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
x-cache-response
DISABLED
server-timing
dtSInfo;desc="0", dtRpid;desc="-1172594436"
content-length
4415
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
226d9713d12f05c2bbbb53d29ed35c44
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535175.647030,VS0,VE394
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
de-DE
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
content-type
application/json;charset=UTF-8
x-amz-cf-id
6li4e4Ft7BHl5FFNRVtNGpqguWtcy0z1CvPo9IYBqzwNsNudReWzuA==
x-cache-hits
0
en.json
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/
291 KB
47 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/en.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ce192b3ae3bc758a5f61089d32e3d6dc77f42d95967cb005744e584d8a98e2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cF828KugEm5ifV7niRSOqQ==
age
10085
vary
Accept-Encoding
content-length
47516
x-ms-lease-status
unlocked
last-modified
Wed, 08 Sep 2021 10:52:59 GMT
server
cloudflare
etag
0x8D972B6D2A23BB6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b23af271-501e-004e-5815-b61d03000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbc9cf9f0eb7-FRA
expires
Fri, 03 Dec 2021 16:39:34 GMT
postmessageRelay
accounts.google.com/o/oauth2/ Frame 994C
566 B
857 B
Document
General
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fall.accor.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2317fd367b7eb5e77a6dd7e1e18f5cd5e9d05cd055dae1382487ec56326036df
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-qJ54qbyd9Cp0cI37U8k6Ew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 03 Dec 2021 12:39:34 GMT
content-security-policy
script-src 'report-sample' 'nonce-qJ54qbyd9Cp0cI37U8k6Ew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame 6AFE
3 KB
4 KB
Image
General
Full URL
https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
Requested by
Host: apis.google.com
URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fall.accor.com&url=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apis.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:34 GMT
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:30:00 GMT
server
sffe
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
private, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3170
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 03 Dec 2021 12:39:34 GMT
styles.css
all.accor.com/authentication/styles-v2112/ Frame C252
67 KB
8 KB
Stylesheet
General
Full URL
https://all.accor.com/authentication/styles-v2112/styles.css
Requested by
Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
d6c6c43c6c523314595d87f55b5feb9d0d13f8ab9e9d123f29f1a5ec54e0dffe
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178270
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
7447
x-gen-id
595792d76e84a43c06032576ab4628c2
x-served-by
cache-hhn4072-HHN
x-unique-id
7edf6fe8fac69d7fb211e894f70bd005
x-fstrz
o,c
server
fasterize
x-timer
S1638535175.758197,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/css
via
1.1 c3b74c81fdcb7942211a6c721efa13fd.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
I7MzgilGA-EgOVcugG8EMeYVGwczeWl9Mvjf0L394mPEGGhhXCGv0A==
x-cache-hits
87
ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
all.accor.com/ Frame C252
237 KB
89 KB
Script
General
Full URL
https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
92bca9e2ff98cd0edf78c573d0946d5b73ad3cfef7a79e8d325f13e45293f30a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178270
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
90473
x-gen-id
de9866000d131ff7ae3f4e490822cd14
x-served-by
cache-hhn4072-HHN
x-unique-id
a09fb7baefbfc12b3b965f908aeddfc1
expires
Thu, 01 Dec 2022 11:07:09 GMT
x-fstrz
o,c
server
fasterize
x-timer
S1638535175.758288,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
Bhd98hITRS_pmRoDn1s2wJCwwFjO0aOrYFa7tGKsuc5W_LQg1Z7GsQ==
x-cache-hits
1080
optimize.js
www.googleoptimize.com/ Frame C252
264 KB
59 KB
Script
General
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-KT4B6DF
Requested by
Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ea0a0d171ccac7a9fc28af7fce59ae181389ddc6851d904a91bcdd2b479daf3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60371
x-xss-protection
0
expires
Fri, 03 Dec 2021 12:39:34 GMT
main.js
all.accor.com/services/webview-consent/scripts-v2112/ Frame C252
4 KB
2 KB
Script
General
Full URL
https://all.accor.com/services/webview-consent/scripts-v2112/main.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178270
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
1791
x-gen-id
39400a227f1e6449e62033e0ecad2631
x-served-by
cache-hhn4072-HHN
x-unique-id
9f82341ab6769166cbf31d997da73b47
x-fstrz
o,c
server
fasterize
x-timer
S1638535175.758400,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits
1791
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ Frame C252
19 KB
6 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Lh0CEVPkmGuwf4KyqdKdhw==
age
7100
vary
Accept-Encoding
content-length
6403
x-ms-lease-status
unlocked
last-modified
Mon, 29 Nov 2021 20:31:03 GMT
server
cloudflare
etag
0x8D9B37729BED1A3
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
52709849-801e-006e-5672-e571cf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbca2c98d618-MXP
main.js
all.accor.com/authentication/landing/scripts-v2112/ Frame C252
216 KB
61 KB
Script
General
Full URL
https://all.accor.com/authentication/landing/scripts-v2112/main.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
24b113968e62ff8f7257831bd877f3f1dee714a5815818469e16475f651e9e70
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178270
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
62225
x-gen-id
d990b34ccc8090c38633c47d11bba1da
x-served-by
cache-hhn4072-HHN
x-unique-id
f541b74396cabea3838fd096143aa921
x-fstrz
o,c
server
fasterize
x-timer
S1638535175.758510,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 1d67a4c00b06651cb6daa95ec3f21f9b.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
O04mmGI500Es4rMD1_d_fG_v-A4s63a5jTG-WluIMrV7UHk_FI9W5w==
x-cache-hits
174
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.23.0/assets/
9 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCenterRounded.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cGkddLGcEkFdkLgUFXgOUA==
age
3933118
vary
Accept-Encoding
content-length
2584
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:52 GMT
server
cloudflare
etag
0x8D96DBF69965AE8
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
70caaec9-101e-0060-146c-c49dc4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbca68840eb7-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/
47 KB
11 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcCenter.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
+0xPzL52AeUkZsqLfWvieg==
age
3933118
vary
Accept-Encoding
content-length
11387
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:53 GMT
server
cloudflare
etag
0x8D96DBF69F1D28E
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
104d501c-001e-0091-6f6c-c44c57000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbca78880eb7-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.23.0/assets/
20 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Ye6OeZcNyuFoWog7CYs00A==
age
3933118
vary
Accept-Encoding
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:12:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
0f383678-701e-0034-706c-c4774e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
6b7cdbca78920eb7-FRA
3087399934-postmessagerelay.js
ssl.gstatic.com/accounts/o/ Frame 994C
10 KB
5 KB
Script
General
Full URL
https://ssl.gstatic.com/accounts/o/3087399934-postmessagerelay.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fall.accor.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f95544529bf5a220675a5144deef8a36863d63b94d13b5408341bbd3229691f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 29 Nov 2021 20:10:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
318529
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4296
x-xss-protection
0
last-modified
Fri, 19 Nov 2021 03:08:51 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="federated-signon-mpm-access"
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 29 Nov 2022 20:10:45 GMT
rpc:shindig_random.js
apis.google.com/js/ Frame 994C
13 KB
5 KB
Script
General
Full URL
https://apis.google.com/js/rpc:shindig_random.js?onload=init
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fall.accor.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-LcAnut/3viGYCte2OOs1ZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"3fc975e12af4bcde7e44fdb36bca1117"
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-LcAnut/3viGYCte2OOs1ZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires
Fri, 03 Dec 2021 12:39:34 GMT
87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ Frame C252
3 KB
1 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9eeaf00c349716eb5d967968348d9d19d52aa95bc20d4494083775c543aeb9fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Q/oKYcvv88yFXq/UgjQcqQ==
age
9308
vary
Accept-Encoding
content-length
1420
x-ms-lease-status
unlocked
last-modified
Wed, 08 Sep 2021 10:52:35 GMT
server
cloudflare
etag
0x8D972B6C4870440
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3890e59a-401e-0138-2515-b6dfea000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbcad9140eb7-FRA
expires
Fri, 03 Dec 2021 16:39:34 GMT
truncated
/ Frame C252
306 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56ce9a9f71a8465359a676d95189390683de779bdc085f4fa9d48ec0651d9a5f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
all.accor.com/ Frame C252
237 KB
89 KB
Other
General
Full URL
https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
92bca9e2ff98cd0edf78c573d0946d5b73ad3cfef7a79e8d325f13e45293f30a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178270
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
90473
x-gen-id
de9866000d131ff7ae3f4e490822cd14
x-served-by
cache-hhn4072-HHN
x-unique-id
a09fb7baefbfc12b3b965f908aeddfc1
expires
Thu, 01 Dec 2022 11:07:09 GMT
x-fstrz
o,c
server
fasterize
x-timer
S1638535175.899719,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
Bhd98hITRS_pmRoDn1s2wJCwwFjO0aOrYFa7tGKsuc5W_LQg1Z7GsQ==
x-cache-hits
1081
main.js
all.accor.com/services/webview-consent/scripts-v2112/ Frame C252
4 KB
2 KB
Other
General
Full URL
https://all.accor.com/services/webview-consent/scripts-v2112/main.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178270
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
1791
x-gen-id
39400a227f1e6449e62033e0ecad2631
x-served-by
cache-hhn4072-HHN
x-unique-id
9f82341ab6769166cbf31d997da73b47
x-fstrz
o,c
server
fasterize
x-timer
S1638535175.899851,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits
1792
main.js
all.accor.com/authentication/landing/scripts-v2112/ Frame C252
216 KB
61 KB
Other
General
Full URL
https://all.accor.com/authentication/landing/scripts-v2112/main.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
24b113968e62ff8f7257831bd877f3f1dee714a5815818469e16475f651e9e70
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178271
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
62225
x-gen-id
d990b34ccc8090c38633c47d11bba1da
x-served-by
cache-hhn4072-HHN
x-unique-id
f541b74396cabea3838fd096143aa921
x-fstrz
o,c
server
fasterize
x-timer
S1638535175.899966,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 1d67a4c00b06651cb6daa95ec3f21f9b.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
O04mmGI500Es4rMD1_d_fG_v-A4s63a5jTG-WluIMrV7UHk_FI9W5w==
x-cache-hits
175
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame C252
193 B
240 B
Script
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:34 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6b7cdbcb1e5c4aa4-FRA
loginnav.en.json
all.accor.com/components/login-nav/locales/
612 B
1002 B
XHR
General
Full URL
https://all.accor.com/components/login-nav/locales/loginnav.en.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
0e9a0335bdb00a8f209751c84c51195fadd96979281fc4abb3f32cf4c8999129
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h28vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security
max-age=15552000
via
1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront), 1.1 varnish
age
178180
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
server-timing
dtSInfo;desc="0", dtRpid;desc="911752641"
content-encoding
gzip
content-length
434
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
a1aaed6fc29b1a8c2ce352bd1120ea9c
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535175.926853,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
en
x-cdn-forward
Fastly
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version
V63
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-type
application/json
x-amz-cf-id
VAG1DgvkfvLznhcZAMHUMHa5DJlSElO83nep3Hd4FqZzL-kvi2oDhg==
x-cache-hits
2
currencyMap.action
all.accor.com/ajax/currency/
7 KB
5 KB
XHR
General
Full URL
https://all.accor.com/ajax/currency/currencyMap.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174370&lang=en
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
a2670a36b03aa136cbdf4b5389cc3514d600aa6c9c0192757ec9792bf4f67f91
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h29vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id
ad18d3b4-02d0-41b9-b044-11bb7f1d0343
strict-transport-security
max-age=15552000
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
via
1.1 6fc439c8bc0a64a7ab978ce699795275.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
x-cache-response
DISABLED
server-timing
dtSInfo;desc="0", dtRpid;desc="-1856623396"
content-length
4415
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
e5e69e451ca92042b0fecaa1470aacbb
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535175.933455,VS0,VE428
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
de-DE
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
content-type
application/json;charset=UTF-8
x-amz-cf-id
xbTiG1ArPfwEIeIFE_Z0wfuxXnkf1v3PtBveMExGjow94pGfHgmaaw==
x-cache-hits
0
currencyMap.action
all.accor.com/ajax/currency/
7 KB
5 KB
XHR
General
Full URL
https://all.accor.com/ajax/currency/currencyMap.action?httpSessionId=05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97&t=1638535174387&lang=en
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
a2670a36b03aa136cbdf4b5389cc3514d600aa6c9c0192757ec9792bf4f67f91
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h30vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

correlation-id
739e678f-204a-43ee-aad7-6b7f3ad3f474
strict-transport-security
max-age=15552000
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
via
1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
x-cache-response
DISABLED
server-timing
dtSInfo;desc="0", dtRpid;desc="1482399944"
content-length
4415
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
f9f43bb4c980385b163b5020fde8c96f
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535175.948223,VS0,VE398
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
de-DE
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
content-type
application/json;charset=UTF-8
x-amz-cf-id
wIHE6HCeGJzkrIy9BbkJjQt3Liygf12xFT601IReI8N5eO4nivt3bA==
x-cache-hits
0
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ Frame 994C
51 KB
18 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 12:56:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
171794
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18237
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 01 Dec 2022 12:56:20 GMT
account-24.svg
all.accor.com/components/login-nav/components/button-logo/svg/
935 B
931 B
Other
General
Full URL
https://all.accor.com/components/login-nav/components/button-logo/svg/account-24.svg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
63a8bb0607d9c563bf656316ff741977e9ae4752b0775a5ec22507c61555003a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178203
via
1.1 f06c87fa57d0c9fd7439d7fdbd148c63.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, HIT
x-cdn-forward
Fastly
content-length
528
x-gen-id
fde2fedfb93aed36064a8c64421ab00e
x-served-by
cache-hhn4072-HHN
x-unique-id
7341a798e746876486a48dfdea11b940
last-modified
Fri, 26 Nov 2021 09:21:39 GMT
server
fasterize
x-timer
S1638535175.955727,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding
content-type
image/svg+xml; charset=UTF-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
x-amz-cf-id
ngX7ZuuGfElES9Z5ja63_RJQl-Tsgld1dKFAB6yJPY5hAnogsozM4A==
x-fstrz
o,c
x-cache-hits
10
2a22008a1a0b.js
w.usabilla.com/ Frame FF14
51 KB
14 KB
Script
General
Full URL
https://w.usabilla.com/2a22008a1a0b.js?lv=1
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.214.99.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-214-99-201.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7ebbbd0b097263f41dc3ffcabaed2601900ed9fb22e3bd704c47008fdb51df24

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-widget-server
2.1
etag
"7abb8e27a373fe255e25d0a48e98c99b"
content-type
text/javascript
cache-control
public,max-age=0
content-length
13854
logo.svg
all.accor.com/assets/images/logo/
5 KB
2 KB
Image
General
Full URL
https://all.accor.com/assets/images/logo/logo.svg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
43622fd79cb7b679831f09443b32a16108750d48014d9e425f6cf18bbd4ed369
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178273
via
1.1 ca8cb14c76df16342491237cea8cfed6.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, HIT
x-cdn-forward
Fastly
content-length
1950
x-gen-id
73bd033ae62765e9577c023c3c420c9d
x-served-by
cache-hhn4072-HHN
x-unique-id
73dd667e6e8e26bb7a79b9812d0775a6
last-modified
Fri, 26 Nov 2021 09:21:45 GMT
server
fasterize
x-timer
S1638535175.996423,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
vary
Accept-Encoding
content-type
image/svg+xml; charset=UTF-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
x-amz-cf-id
3pQJ-UTPka-V5bz-4wQKYXZxyMrUAB5iItXsWl2LZAMbkcwXRpYa8g==
x-fstrz
o,c
x-cache-hits
129
roboto-bold.woff2
all.accor.com/assets/fonts/roboto/bold/
53 KB
53 KB
Font
General
Full URL
https://all.accor.com/assets/fonts/roboto/bold/roboto-bold.woff2
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
a73ba8ada5a51f6245f8dad192953259b83419108e50865843691487c07bdfba
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Origin
https://all.accor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 69f13f852a135432abb1b7bfc5a8b421.cloudfront.net (CloudFront), 1.1 varnish
age
178263
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
54096
x-gen-id
399cae3416eee568a3eaa62ea897cfec
x-served-by
cache-hhn4072-HHN
x-unique-id
3b7006e77a96a790f9abd5560cf88de4
last-modified
Tue, 05 Oct 2021 14:33:24 GMT
server
fasterize
x-timer
S1638535175.997047,VS0,VE0
date
Fri, 03 Dec 2021 12:39:34 GMT
content-type
font/woff2
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
sKCmG2kBfon7DtR9MJTt6BpeKM5tNsBcaMT82JphmY9hMf7KieQ35Q==
x-fstrz
o,c
x-cache-hits
763
loyalty-program.svg
all.accor.com/components/login-nav/components/loyalty-card/svg/
5 KB
3 KB
Other
General
Full URL
https://all.accor.com/components/login-nav/components/loyalty-card/svg/loyalty-program.svg
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
a3abf7d40bd0db59f5c09e497994f3155a8a919881634caf26643b51c058ddd8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178203
via
1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, HIT
x-cdn-forward
Fastly
content-length
2160
x-gen-id
991b64818ec21f14569763422fff3765
x-served-by
cache-hhn4072-HHN
x-unique-id
49bcedea0f3e47c57a50868f2780b0e4
last-modified
Fri, 26 Nov 2021 09:21:39 GMT
server
fasterize
x-timer
S1638535175.015734,VS0,VE0
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding
content-type
image/svg+xml; charset=UTF-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
x-amz-cf-id
YKFBbq4LOrTsWzmGARauEw5SsiniKbP5zpNfWyDQUvbsfvokqkDc6Q==
x-fstrz
o,c
x-cache-hits
8
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.23.0/ Frame C252
312 KB
75 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
joMckLq8BtEunD8NH/4XVA==
age
3933124
vary
Accept-Encoding
content-length
76366
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:58 GMT
server
cloudflare
etag
0x8D96DBF6CBEE741
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f4d13985-301e-0055-7e6c-c43391000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbcbfe98d618-MXP
en.json
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/ Frame C252
291 KB
47 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/en.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ce192b3ae3bc758a5f61089d32e3d6dc77f42d95967cb005744e584d8a98e2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cF828KugEm5ifV7niRSOqQ==
age
10086
vary
Accept-Encoding
content-length
47516
x-ms-lease-status
unlocked
last-modified
Wed, 08 Sep 2021 10:52:59 GMT
server
cloudflare
etag
0x8D972B6D2A23BB6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b23af271-501e-004e-5815-b61d03000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbcc7b6d0eb7-FRA
expires
Fri, 03 Dec 2021 16:39:35 GMT
radar.js
radar.cedexis.com/1621860284/ Frame C252
Redirect Chain
  • https://radar.cedexis.com/1/10096/radar.js
  • https://radar.cedexis.com/1621860284/radar.js
44 KB
18 KB
Script
General
Full URL
https://radar.cedexis.com/1621860284/radar.js
Protocol
H2
Server
35.241.57.45 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
45.57.241.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
38b126f92a3104c7d73e1cf2f448db9896d4f29ebf3a7b593b380e6cdd0ae378

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
last-modified
Mon, 24 May 2021 13:00:31 GMT
server
nginx
etag
W/"60aba36f-af61"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=1209600, public
alt-svc
clear
expires
Fri, 17 Dec 2021 12:39:35 GMT

Redirect headers

date
Fri, 03 Dec 2021 12:39:35 GMT
via
1.1 google
server
nginx
vary
User-Agent,DNT
content-type
text/html
location
/1621860284/radar.js
cache-control
max-age=600
alt-svc
clear
content-length
154
expires
Fri, 03 Dec 2021 12:49:35 GMT
radar.js
radar.cedexis.com/1621860284/
Redirect Chain
  • https://radar.cedexis.com/1/10096/radar.js
  • https://radar.cedexis.com/1621860284/radar.js
44 KB
19 KB
Script
General
Full URL
https://radar.cedexis.com/1621860284/radar.js
Protocol
H2
Server
35.241.57.45 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
45.57.241.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
38b126f92a3104c7d73e1cf2f448db9896d4f29ebf3a7b593b380e6cdd0ae378

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
last-modified
Mon, 24 May 2021 13:00:31 GMT
server
nginx
etag
W/"60aba36f-af61"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=1209600, public
alt-svc
clear
expires
Fri, 17 Dec 2021 12:39:35 GMT

Redirect headers

date
Fri, 03 Dec 2021 12:39:35 GMT
via
1.1 google
server
nginx
vary
User-Agent,DNT
content-type
text/html
location
/1621860284/radar.js
cache-control
max-age=600
alt-svc
clear
content-length
154
expires
Fri, 03 Dec 2021 12:49:35 GMT
share_button.php
www.facebook.com/v2.0/plugins/ Frame 73E9
44 KB
16 KB
Document
General
Full URL
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js?hash=edbdb5e9e4a6635fa4d9557eeb4cd101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a91d2e08704d224f8b2c5561696768f5a1263c68699687f6cd59315dd891c466
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version
v5.0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
j/B49SL/6TErGN+LHBFwnjI6vLIh2y4UXXO02apYG12R7hqUUINMfG2Cu7doKVino/gki/IbCNlLsMpftkoQeA==
date
Fri, 03 Dec 2021 12:39:35 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
accorhotel-button-33db7e58f18a5aefd9fe80a87ec3b6ca.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame E2CC
3 KB
3 KB
Image
General
Full URL
https://d6tizftlrpuof.cloudfront.net/themes/production/accorhotel-button-33db7e58f18a5aefd9fe80a87ec3b6ca.png
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.222.206.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-206-77.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d66e75ff961935e0415f5c6a2742c4e375870f2eaf0b01447a5e3364ceb9a82

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 16 Oct 2021 01:31:29 GMT
Via
1.1 4360596ad590d8363ce70eb7bf282e43.cloudfront.net (CloudFront)
Connection
keep-alive
Last-Modified
Wed, 18 Nov 2020 11:25:38 GMT
Server
AmazonS3
Age
4187288
ETag
"33db7e58f18a5aefd9fe80a87ec3b6ca"
X-Cache
Hit from cloudfront
x-amz-version-id
7RrTJyLjZezyQlBCDWvtH9LnPMRV2hl8
Cache-Control
max-age=315360000, no-transform, public
X-Amz-Cf-Pop
FRA56-P3
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
2821
X-Amz-Cf-Id
AvMaVUPurPByn_ZIE2w9PALHw3kIrIMltPX3ppN09QVNT4BV9Uqg8w==
boomerang-1.650.0.1574759547.0.min.js
all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/ Frame C252
62 KB
20 KB
Script
General
Full URL
https://all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/boomerang-1.650.0.1574759547.0.min.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/authentication/landing/index.shtml?appId=all.accor&state=GQOjM0QdTZMILziNGEiXps&error=login_required
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
ca582f52b0ffe53dc8e7c123657788f4969d0e118ed86ff25306327d6a73ddab

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
age
54214
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
19802
x-gen-id
048bb80e2a50218d9198df4f125a44e3
x-served-by
cache-hhn4072-HHN
x-unique-id
291e3fce6b5e63d5c768cb3a1b18ae97
last-modified
Fri, 22 Oct 2021 08:12:49 GMT
server
fasterize
x-timer
S1638535175.167432,VS0,VE0
etag
W/"feab-17ca70f47e8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 d63ea68c8b7458d49fe25f66ef7f0a5f.cloudfront.net (CloudFront), 1.1 varnish
expires
Sat, 01 Jan 2022 15:31:08 GMT
cache-control
max-age=2592000
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
4JyY-S73N_Svho_b0EUQbQS1zOu9_dTcBqKntExQOQGr8XcqfK3Vlg==
x-fstrz
o,c
x-cache-hits
32
boomerang-1.650.0.1574759547.0.min.js
all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/
62 KB
19 KB
Script
General
Full URL
https://all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/boomerang-1.650.0.1574759547.0.min.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
ca582f52b0ffe53dc8e7c123657788f4969d0e118ed86ff25306327d6a73ddab

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
age
54214
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
19802
x-gen-id
048bb80e2a50218d9198df4f125a44e3
x-served-by
cache-hhn4072-HHN
x-unique-id
291e3fce6b5e63d5c768cb3a1b18ae97
last-modified
Fri, 22 Oct 2021 08:12:49 GMT
server
fasterize
x-timer
S1638535175.170095,VS0,VE0
etag
W/"feab-17ca70f47e8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 d63ea68c8b7458d49fe25f66ef7f0a5f.cloudfront.net (CloudFront), 1.1 varnish
expires
Sat, 01 Jan 2022 15:31:08 GMT
cache-control
max-age=2592000
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
4JyY-S73N_Svho_b0EUQbQS1zOu9_dTcBqKntExQOQGr8XcqfK3Vlg==
x-fstrz
o,c
x-cache-hits
33
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame C252
9 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCenterRounded.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cGkddLGcEkFdkLgUFXgOUA==
age
3933119
vary
Accept-Encoding
content-length
2584
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:52 GMT
server
cloudflare
etag
0x8D96DBF69965AE8
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
70caaec9-101e-0060-146c-c49dc4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbccfc450eb7-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ Frame C252
47 KB
11 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcCenter.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
+0xPzL52AeUkZsqLfWvieg==
age
3933119
vary
Accept-Encoding
content-length
11387
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:53 GMT
server
cloudflare
etag
0x8D96DBF69F1D28E
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
104d501c-001e-0091-6f6c-c44c57000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbccfc4b0eb7-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame C252
20 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Ye6OeZcNyuFoWog7CYs00A==
age
3933119
vary
Accept-Encoding
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:12:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
0f383678-701e-0034-706c-c4774e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
6b7cdbcd0c560eb7-FRA
providers.json
i2-tonyrcetydjmicxmeqdzlehmbovcxw.init.cedexis-radar.net/i2/1/10096/j1/20/123/1638535174/0/0/
5 KB
2 KB
XHR
General
Full URL
https://i2-tonyrcetydjmicxmeqdzlehmbovcxw.init.cedexis-radar.net/i2/1/10096/j1/20/123/1638535174/0/0/providers.json?imagesok=1&n=1&p=1&r=1&s=1&t=1
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.225.98.129 Amsterdam, Netherlands, ASN36236 (NETACTUATE, US),
Reverse DNS
129.98.225.104.ptr.anycast.net
Software
nginx/1.10.3 /
Resource Hash
8413e2e0b600e68fe059ce4fea45f846e3e4b89665ad21fabf3d8d79d9c0bc84

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 03 Dec 2021 12:39:35 GMT
Content-Encoding
gzip
Server
nginx/1.10.3
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
Keep-Alive
timeout=1
providers.json
i2-sxevtvqdzyxqzklbhxmpveuqukjuqv.init.cedexis-radar.net/i2/1/10096/j1/20/123/1638535174/0/0/ Frame C252
6 KB
2 KB
XHR
General
Full URL
https://i2-sxevtvqdzyxqzklbhxmpveuqukjuqv.init.cedexis-radar.net/i2/1/10096/j1/20/123/1638535174/0/0/providers.json?imagesok=1&n=1&p=1&r=1&s=1&t=1
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.225.98.129 Amsterdam, Netherlands, ASN36236 (NETACTUATE, US),
Reverse DNS
129.98.225.104.ptr.anycast.net
Software
nginx/1.10.3 /
Resource Hash
ae16bcd7e62dfaa2e3f87a35397a0201d5a19cf6012af275d150bd98e749c175

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 03 Dec 2021 12:39:35 GMT
Content-Encoding
gzip
Server
nginx/1.10.3
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
Keep-Alive
timeout=1
beacon
all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/ Frame C252
0
356 B
Image
General
Full URL
https://all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/beacon?cust=7109&mob.etype=4g&mob.dl=10&c.e=kwqdjblf&c.tti.m=lt&optimized=true&domstats=scripts%7C14%2Cscriptssrc%7C9%2Cstylesheets%7C1%2Cimgs%7C1%2Cloadedimgs%7C1&jserrors=0&nt_nav_st=1638535173747&nt_fet_st=1638535174029&nt_dns_st=1638535174029&nt_dns_end=1638535174029&nt_con_st=1638535174029&nt_con_end=1638535174029&nt_req_st=1638535174030&nt_res_st=1638535174105&nt_res_end=1638535174106&nt_domloading=1638535174157&nt_domint=1638535174370&nt_domcontloaded_st=1638535174370&nt_domcontloaded_end=1638535174370&nt_domcomp=1638535174565&nt_load_st=1638535174568&nt_load_end=1638535174568&nt_ssl_st=1638535174029&nt_enc_size=2755&nt_dec_size=7234&nt_trn_size=3055&nt_protocol=h2&nt_red_cnt=0&nt_nav_type=0&u=https%3A%2F%2Fall.accor.com%2Fauthentication%2Flanding%2Findex.shtml%3FappId%3Dall.accor%26state%3DGQOjM0QdTZMILziNGEiXps%26error%3Dlogin_required&v=1.650.0.1574759547.0&sv=12&sm=p&rt.si=atea4t8i1ht-NaN&rt.ss=&rt.sl=0&vis.st=visible&ua.plt=Linux%20x86_64&ua.vnd=Google%20Inc.&pid=eh5su0zr&n=1&c.t.fps=04&c.tti.vr=623&c.f=80&c.f.d=50&c.f.m=4&c.f.s=kwqdjcat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
via
1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-powered-by
Express
x-cache
Miss from cloudfront, MISS
x-cache-response
DISABLED
x-cache-hits
0
x-served-by
cache-hhn4072-HHN
x-unique-id
164106096f63d5c2816700fc34e3954e
x-fstrz
stc,Z,p
server
fasterize
x-timer
S1638535175.271723,VS0,VE27
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
cache-control
no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
3eIN5DU5U-MvdS8bT2DOBHlha-65vjqx29WaFP69ZOrShyWf4VLX-w==
expires
0
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
9s0usOs7XdjUo2vIFa2YmcBn+/n0C/0ZDSeE/XWcwMMa9AeF4nVdRJPcZd+IiBVWZDlgPx5tYhW6bQLukrWW5w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
1ZH+GsJMgW1vn2RG+YTlSE4Uf/VaazbC7EFd5Y2E+kMxZBARl2oAn9FyPqRKKqTEOoZNfb9N2y+vClWkxXWKaA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
ctgujcORY8sQDAfpcQaZBUjejOrEdNarZ252xn7v2us1jRgrTeciXW89bnl7oN1G77eus0eUiSKAA0De7xh9FQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
7Vmm6CzZWqXSa9n0J+MLEOg0bZ5Tsr0FzglCUIRxPDB1cbP47uWXyqDYjqXcEwUX8PHbMV8t4hFlsMq16GhZYQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
uTH6BRIFYrq8CNQ7dlRmZCqtfXensmFQ9OYUKj5A9Xks6F47k/Znx02klzfAq5J1fmIhEZyARq4/EKFIYwkqEw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
JjDLYyIQn4C2z3UK6Xur8g49xa5p9zbLm6rEbPKDiIBCp8llTjD2CTduJr58sEzo/a9UgDPrha8Zv1LGafkjsQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
G16bLHSJRt2Fa/L2eaud9DpJntcOeiDDKy8LNenHDgU9/taJT2majUoJRQWsTI+kQQyUB7Sfz1GwmbDY/2oivw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
34 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
w8tA4IsvHm8FFQl+smSCMPWSIwRbm3R90nzOE28Np4sWM1jOpoLnMoRWZcTdEJhFhS1ioivfsfUDMixta/OdvA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
XEwCva0WMLs/QmZMnLmGzdB9MpfX4eKzX1L+gdRMfDX+e4kXUZFUnPX0YEXK7pWwJM7b6RPFsMv1YrZUH0wL0A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
Q8XmYwcP2hhe1dWmqu1gbtTM+/TbtFKEf7XlilqMbrsSzElwKPtb9hUW2Q0S/rWv4yvuXYr95/x5XMVrr8wY5w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
nAOhyubE40QoXtZrpABlDWqNV3cqNe8BjxflVeM1F6UPsPlBLyi5q1YNHhY+23sxvS9fhbckhBqw6WXYW38UoQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
33 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
tzwIJX6dTjCP98RJRv65fV1OHdHd23kAxPUZ3KWwOEVc/ZIMTcslHGjOYVmttSCXUUHMtaKdLnxgjAJtaMEUxg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
QuJA29cm7zfKZQubnnMBWD176HMaWMRAaLlbfvwjXjP5eeHlOS3L/L3hD/KPBDhNkLpdhgIzwVGggDrRI7eBzg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
qHQQVTbb9h2gAoIaaNC7/yBYpJGpIup9wWPom1OFbtv6rjMooXSXQMBvUg/N0SB9v49nIX23TkcSfLaHEk7eRQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
OEmux306t+LuqrAXH/Eq0Z2JEVQjLEcXakda+s+JDeyL2ShTTNoId+fcWONjMRSivwZLjVz3SrwiOjmUasWuzg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
6lFYDcdg/n6xMrcFJRjg8wJ4oPGRc6pWw8CarZW5yGq/kW+qjDuN7W78UU4Fiu38lZusX1IZIigava7kHmTtBg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
QQxkdEr4+2pHKU//tdt2+eQwAk5Jodl0Qs+tzyASAONLvrUTztX2LSVjum1va2qERapi6ceXe3/StYcMwLWlhQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
ZhksFaX0cXdKO49PAnx93UHcmfRNtB5nrKr4ZM0eapDQaoDPQY4XPpHgv+mrPMYIGcAHlC8bv3WaPqfIH/DVsA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
BQ5UQXcMqdchvgZ5a9imFGjc4A5h6sWGNnCicY3sw+OebOV/ljlWWSv0RgE3Z7u+WKAEbK8LiEEk8FcTJmFFGA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
5VadSlQaONrkJJ+c8iGUlKw7Rjz8UZBZDFHnk9Inozko8aONRec2e6tp79kdKKHrye58UFA8C8IrH2wnt5olUQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 73E9
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: all.accor.com
URL: https://all.accor.com/gb/promotions-offers/hw003098-festive-offers-for-members-of-all.shtml?utm_medium=email&utm_source=animation-marketing&utm_campaign=ml-all-2112-lc-b-me-gb-00-1-hdhd&utm_content=ME-EN-NA-NA&uauid=a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
uEZn36HDNR/4uXna5wMqDKVlb6Ntz3/Az4m9jZexS/GfIlpQjOSJz2+aUwY+6LAEWEMrwj5c2T2Axj6crFNjqQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
impact.js
radar.cedexis.com/releases/1621860284/
7 KB
3 KB
Script
General
Full URL
https://radar.cedexis.com/releases/1621860284/impact.js
Requested by
Host: radar.cedexis.com
URL: https://radar.cedexis.com/1/10096/radar.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.57.45 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
45.57.241.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
f7309b6ccc1a76da1e7a0709abb8a0bf549277dee6c21ae7a466e73426fe9667

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
last-modified
Mon, 24 May 2021 13:00:31 GMT
server
nginx
etag
W/"60aba36f-1c28"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=1209600, public
alt-svc
clear
expires
Fri, 17 Dec 2021 12:39:35 GMT
impact.js
radar.cedexis.com/releases/1621860284/ Frame C252
7 KB
4 KB
Script
General
Full URL
https://radar.cedexis.com/releases/1621860284/impact.js
Requested by
Host: radar.cedexis.com
URL: https://radar.cedexis.com/1/10096/radar.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.57.45 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
45.57.241.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
f7309b6ccc1a76da1e7a0709abb8a0bf549277dee6c21ae7a466e73426fe9667

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
last-modified
Mon, 24 May 2021 12:50:38 GMT
server
nginx
etag
W/"60aba11e-1c28"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=1209600, public
alt-svc
clear
expires
Fri, 17 Dec 2021 12:39:35 GMT
zSKZHMh8mXU.png
www.facebook.com/rsrc.php/v3/yr/r/ Frame 73E9
388 B
440 B
Image
General
Full URL
https://www.facebook.com/rsrc.php/v3/yr/r/zSKZHMh8mXU.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f9a1a0ac26eaf5b7f6cc7223b5dd4b5f545b5a48fb598c7442e5f76384f1be8c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 01 Dec 2021 03:29:01 GMT
x-content-type-options
nosniff
content-md5
mLIKfuTnwd0c8uA9BXg4cQ==
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cross-origin-resource-policy
cross-origin
content-length
388
x-fb-rlafr
0
x-fb-debug
AvHjgIVVOJVkXmlsIuNlA0aR+J81XH5a0KtgHxKk3pD2qJfRDIKKaRF35U/O/CeeWEAktfiBwawH4BNAeLL+JQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 01 Dec 2022 03:29:01 GMT
S9mNw1OGQPJ.js
www.facebook.com/rsrc.php/v3iAxA4/yx/l/de_DE/ Frame 73E9
517 KB
135 KB
Script
General
Full URL
https://www.facebook.com/rsrc.php/v3iAxA4/yx/l/de_DE/S9mNw1OGQPJ.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
da2ff52023f137da43e498693495313f37f73da94ba5bb08c411049db116e5ab
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 02 Dec 2021 15:44:57 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
6eK0JSPxexHJEawljmcuOg==
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cross-origin-resource-policy
cross-origin
content-length
138680
x-fb-rlafr
0
x-fb-debug
suR7p6RhppBihRxPG6hB8/Mgzrd9/tjuPfFu6upJb1+SC0NUamHYMN0VPuimuk2ekjNtxDIvEX8yf3UdcGcPWQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 02 Dec 2022 15:44:57 GMT
platform.html
all.accor.com/cdx/ Frame 2240
Redirect Chain
  • https://www.accorhotels.com/cdx/platform.html?p=%2Fcdx%2Fplatform.gif&z=1&c=10096
  • https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
1 KB
1 KB
Document
General
Full URL
https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Requested by
Host: radar.cedexis.com
URL: https://radar.cedexis.com/releases/1621860284/impact.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
0eb8844242f2945a3cca36e65754df1dd3500906a4d9d3a8a4fa04ba11b3a66e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/

Response headers

content-type
text/html; charset=utf-8
x-unique-id
316a34f23921390233cd8a4d4f6688e4
p3p
CP="NO P3P POLICY"
x-clacks-overhead
GNU Terry Pratchett
cache-control
private, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
x-xss-protection
1; mode=block
referrer-policy
origin
x-accor-asset
wise
server-timing
dtSInfo;desc="0", dtRpid;desc="-1545414318"
strict-transport-security
max-age=15552000
content-encoding
gzip
x-cache-response
DISABLED
accept-ranges
bytes
x-fstrz
ecc,Z,p
server
fasterize
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-amz-cf-id
VswZ_Z3zvkS06BNqSqXEAA7sCjrwEvaTqp1ovO84uMb2hbhUhWMdUA==
date
Fri, 03 Dec 2021 12:39:35 GMT
x-served-by
cache-hhn4072-HHN
x-cache
Miss from cloudfront, MISS
x-cache-hits
0
x-timer
S1638535175.424046,VS0,VE71
vary
Accept-Encoding, Origin, Accept-Encoding
x-cdn-forward
Fastly
fastly-version
V63
content-length
1014

Redirect headers

content-type
text/html; charset=iso-8859-1
date
Fri, 03 Dec 2021 12:39:35 GMT
location
https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
server
Apache
server-timing
dtSInfo;desc="0", dtRpid;desc="1643229506",edge;dur=28
strict-transport-security
max-age=15552000
vary
Accept-Encoding
x-cdn-forward
EdgeCast
content-length
295
platform.html
all.accor.com/cdx/ Frame 75AF
Redirect Chain
  • https://www.accorhotels.com/cdx/platform.html?p=%2Fcdx%2Fplatform.gif&z=1&c=10096
  • https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
1 KB
1 KB
Document
General
Full URL
https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Requested by
Host: radar.cedexis.com
URL: https://radar.cedexis.com/releases/1621860284/impact.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
0eb8844242f2945a3cca36e65754df1dd3500906a4d9d3a8a4fa04ba11b3a66e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000, max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/

Response headers

content-type
text/html; charset=utf-8
x-unique-id
8308544419cede9935552494d3efdb08
p3p
CP="NO P3P POLICY"
x-clacks-overhead
GNU Terry Pratchett
cache-control
private, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
x-xss-protection
1; mode=block
referrer-policy
origin
x-accor-asset
wise
server-timing
dtSInfo;desc="0", dtRpid;desc="-1460338957"
strict-transport-security
max-age=15552000, max-age=15552000
content-encoding
gzip
x-cache-response
DISABLED
accept-ranges
bytes
x-fstrz
ecc,Z,p
server
fasterize
via
1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-amz-cf-id
NrlxhoQIPUijqmItrgDqdjGkz2PVWX_-gnY7uc0C71_QUp2XOmPhRA==
date
Fri, 03 Dec 2021 12:39:35 GMT
x-served-by
cache-hhn4072-HHN
x-cache
Miss from cloudfront, MISS
x-cache-hits
0
x-timer
S1638535175.423614,VS0,VE73
vary
Accept-Encoding, Origin, Accept-Encoding
x-cdn-forward
Fastly
fastly-version
V63
content-length
1014

Redirect headers

content-type
text/html; charset=iso-8859-1
date
Fri, 03 Dec 2021 12:39:35 GMT
location
https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
server
Apache
server-timing
dtSInfo;desc="0", dtRpid;desc="1387939349",edge;dur=26
strict-transport-security
max-age=15552000
vary
Accept-Encoding
x-cdn-forward
EdgeCast
content-length
295
beacon
all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/
0
344 B
Image
General
Full URL
https://all.accor.com/fstrz/r/stats-euwest1.fzcdn.net/beacon?cust=7109&mob.etype=4g&mob.dl=10&c.e=kwqdjar1&c.tti.m=lt&optimized=true&domstats=scripts%7C36%2Cscriptssrc%7C24%2Cstylesheets%7C3%2Cimgs%7C10%2Cloadedimgs%7C10&jserrors=0&nt_nav_st=1638535172653&nt_fet_st=1638535173180&nt_dns_st=1638535173180&nt_dns_end=1638535173180&nt_con_st=1638535173180&nt_con_end=1638535173180&nt_req_st=1638535173180&nt_res_st=1638535173293&nt_res_end=1638535173296&nt_domloading=1638535173297&nt_domint=1638535173762&nt_domcontloaded_st=1638535173762&nt_domcontloaded_end=1638535173832&nt_domcomp=1638535174567&nt_load_st=1638535174572&nt_load_end=1638535174604&nt_ssl_st=1638535173180&nt_enc_size=14329&nt_dec_size=60775&nt_trn_size=14629&nt_protocol=h2&nt_first_paint=1638535173678&nt_red_cnt=0&nt_nav_type=0&pt.fp=1025&pt.fcp=1025&u=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&v=1.650.0.1574759547.0&sv=12&sm=p&rt.si=9or48t26hch-NaN&rt.ss=&rt.sl=0&vis.st=visible&ua.plt=Linux%20x86_64&ua.vnd=Google%20Inc.&pid=awhntxod&n=1&c.t.fps=07&c.tti.vr=1179&c.f=67&c.f.d=103&c.f.m=7&c.f.s=kwqdjcb1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-powered-by
Express
x-cache
Miss from cloudfront, MISS
x-cache-response
DISABLED
x-cache-hits
0
x-served-by
cache-hhn4072-HHN
x-unique-id
9a5a6c6b8afb86b91578cfbf45d6c12c
x-fstrz
stc,Z,p
server
fasterize
x-timer
S1638535175.334538,VS0,VE39
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
cache-control
no-store, no-cache="Set-Cookie"
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
86MboYodOZcMuR4YzmLlaoZQasK5a3lJ6gBOUkD14BBsKHQo-j8BRg==
expires
0
index.en.json
all.accor.com/components/currency-selector/locales/
344 B
595 B
XHR
General
Full URL
https://all.accor.com/components/currency-selector/locales/index.en.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
5be54d615f798b47e05e26e32a03a24526e53b2bce029d71fcdad4c15891693f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h39vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security
max-age=15552000
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront), 1.1 varnish
age
178238
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
server-timing
dtSInfo;desc="1"
content-encoding
gzip
content-length
270
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
c7b98a4cd9c778a4eb355ecdc1805141
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535175.372869,VS0,VE0
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
en
x-cdn-forward
Fastly
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version
V63
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-type
application/json
x-amz-cf-id
poBv9I5fki8yZCP40nozhnMwSB_yU5Se-rwRO9rcUtzAdYH6zqOPVA==
x-cache-hits
9
index.en.json
all.accor.com/components/currency-selector/locales/
344 B
539 B
XHR
General
Full URL
https://all.accor.com/components/currency-selector/locales/index.en.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
5be54d615f798b47e05e26e32a03a24526e53b2bce029d71fcdad4c15891693f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h40vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security
max-age=15552000
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront), 1.1 varnish
age
178238
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
server-timing
dtSInfo;desc="1"
content-encoding
gzip
content-length
270
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
c7b98a4cd9c778a4eb355ecdc1805141
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535175.378266,VS0,VE0
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
en
x-cdn-forward
Fastly
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version
V63
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-type
application/json
x-amz-cf-id
poBv9I5fki8yZCP40nozhnMwSB_yU5Se-rwRO9rcUtzAdYH6zqOPVA==
x-cache-hits
10
cavalry_endpoint.php
www.facebook.com/common/ Frame 73E9
67 B
99 B
Image
General
Full URL
https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1638535174755&t_start=1638535174755&t_domcontent=1638535174767&t_layout=1638535174848&t_onload=1638535174848&t_paint=1638535174848&t_creport=1638535174849&t_tti=1638535174767&lid=7037454991921022932-0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/v2.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ac5e3556a1d7c%26domain%3Dall.accor.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fall.accor.com%252Ff24140ad140e7fc%26relation%3Dparent.parent&container_width=85&href=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&locale=de_DE&sdk=joey&type=button_count
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
x-xss-protection
0
pragma
no-cache
x-fb-debug
3kIS97OHF3WggwRQ0a+mWtDQCLSdA5lS+17VoSBZPl207h4Zcv+pVTNXj5P0PwpStla+QMdtM51hoEa9VrwDjg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 03 Dec 2021 12:39:35 GMT
strict-transport-security
max-age=15552000; preload
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
image/png
vary
Accept-Encoding
cache-control
private, no-store, no-cache, must-revalidate
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
index.de.json
all.accor.com/components/geoloc-selector/locales/
386 B
657 B
XHR
General
Full URL
https://all.accor.com/components/geoloc-selector/locales/index.de.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
3ea040be164bb8cc607e54db640f96593744abc36a97a731de45ae2d3d8640f4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h41vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security
max-age=15552000
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8675.cloudfront.net (CloudFront), 1.1 varnish
age
178260
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
server-timing
dtSInfo;desc="1"
content-encoding
gzip
content-length
295
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
59c3b7ba476e5c3aff6d969d02a55d64
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535176.510355,VS0,VE0
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
de
x-cdn-forward
Fastly
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version
V63
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
content-type
application/json
x-amz-cf-id
-9-Fe6WMirBBw7vkeupzNqLjGvhehe5E93LS9_kQNhKIS7dV9InEdA==
x-cache-hits
3
index.de.json
all.accor.com/components/geoloc-selector/locales/
386 B
736 B
XHR
General
Full URL
https://all.accor.com/components/geoloc-selector/locales/index.de.json
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
3ea040be164bb8cc607e54db640f96593744abc36a97a731de45ae2d3d8640f4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-dtpc
1$535173357_278h42vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0

Response headers

strict-transport-security
max-age=15552000
via
1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8675.cloudfront.net (CloudFront), 1.1 varnish
age
178260
x-cache
Miss from cloudfront, HIT
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
server-timing
dtSInfo;desc="1"
content-encoding
gzip
content-length
295
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
59c3b7ba476e5c3aff6d969d02a55d64
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
ecc,Z,p
server
fasterize
x-timer
S1638535176.523753,VS0,VE0
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-language
de
x-cdn-forward
Fastly
cache-control
public, max-age=3600, stale-while-revalidate=21600, no-cache="Set-Cookie"
fastly-version
V63
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
content-type
application/json
x-amz-cf-id
-9-Fe6WMirBBw7vkeupzNqLjGvhehe5E93LS9_kQNhKIS7dV9InEdA==
x-cache-hits
4
optimize.js
www.googleoptimize.com/ Frame 2240
264 KB
59 KB
Script
General
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-KT4B6DF
Requested by
Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
72da6e172f01dffa244c75bd90627ae5d72aff4fd873a01c70c06f71d974bd34
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60315
x-xss-protection
0
expires
Fri, 03 Dec 2021 12:39:35 GMT
main.js
all.accor.com/services/webview-consent/scripts-v2112/ Frame 2240
4 KB
2 KB
Script
General
Full URL
https://all.accor.com/services/webview-consent/scripts-v2112/main.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178271
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
1791
x-gen-id
39400a227f1e6449e62033e0ecad2631
x-served-by
cache-hhn4072-HHN
x-unique-id
9f82341ab6769166cbf31d997da73b47
x-fstrz
o,c
server
fasterize
x-timer
S1638535176.647704,VS0,VE0
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits
1793
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ Frame 2240
19 KB
6 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Lh0CEVPkmGuwf4KyqdKdhw==
age
7101
vary
Accept-Encoding
content-length
6403
x-ms-lease-status
unlocked
last-modified
Mon, 29 Nov 2021 20:31:03 GMT
server
cloudflare
etag
0x8D9B37729BED1A3
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
52709849-801e-006e-5672-e571cf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbcfda92d618-MXP
optimize.js
www.googleoptimize.com/ Frame 75AF
264 KB
59 KB
Script
General
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-KT4B6DF
Requested by
Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bfa356facf68d486fe6db278a2851f893ca34d59c79cb58274272cbc0319a672
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60374
x-xss-protection
0
expires
Fri, 03 Dec 2021 12:39:35 GMT
main.js
all.accor.com/services/webview-consent/scripts-v2112/ Frame 75AF
4 KB
2 KB
Script
General
Full URL
https://all.accor.com/services/webview-consent/scripts-v2112/main.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178271
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
1791
x-gen-id
39400a227f1e6449e62033e0ecad2631
x-served-by
cache-hhn4072-HHN
x-unique-id
9f82341ab6769166cbf31d997da73b47
x-fstrz
o,c
server
fasterize
x-timer
S1638535176.650614,VS0,VE0
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits
1794
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ Frame 75AF
19 KB
6 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: all.accor.com
URL: https://all.accor.com/cdx/platform.html?p=%252Fcdx%252Fplatform.gif&z=1&c=10096
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Lh0CEVPkmGuwf4KyqdKdhw==
age
7101
vary
Accept-Encoding
content-length
6403
x-ms-lease-status
unlocked
last-modified
Mon, 29 Nov 2021 20:31:03 GMT
server
cloudflare
etag
0x8D9B37729BED1A3
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
52709849-801e-006e-5672-e571cf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbcfda98d618-MXP
87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ Frame 2240
3 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9eeaf00c349716eb5d967968348d9d19d52aa95bc20d4494083775c543aeb9fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Q/oKYcvv88yFXq/UgjQcqQ==
age
9309
vary
Accept-Encoding
content-length
1420
x-ms-lease-status
unlocked
last-modified
Wed, 08 Sep 2021 10:52:35 GMT
server
cloudflare
etag
0x8D972B6C4870440
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3890e59a-401e-0138-2515-b6dfea000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbd028cb0eb7-FRA
expires
Fri, 03 Dec 2021 16:39:35 GMT
main.js
all.accor.com/services/webview-consent/scripts-v2112/ Frame 2240
4 KB
2 KB
Other
General
Full URL
https://all.accor.com/services/webview-consent/scripts-v2112/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178271
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
1791
x-gen-id
39400a227f1e6449e62033e0ecad2631
x-served-by
cache-hhn4072-HHN
x-unique-id
9f82341ab6769166cbf31d997da73b47
x-fstrz
o,c
server
fasterize
x-timer
S1638535176.714247,VS0,VE0
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits
1795
87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ Frame 75AF
3 KB
1 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9eeaf00c349716eb5d967968348d9d19d52aa95bc20d4494083775c543aeb9fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Q/oKYcvv88yFXq/UgjQcqQ==
age
9309
vary
Accept-Encoding
content-length
1420
x-ms-lease-status
unlocked
last-modified
Wed, 08 Sep 2021 10:52:35 GMT
server
cloudflare
etag
0x8D972B6C4870440
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3890e59a-401e-0138-2515-b6dfea000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbd0590a0eb7-FRA
expires
Fri, 03 Dec 2021 16:39:35 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 2240
193 B
263 B
Script
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6b7cdbd05ff14aa4-FRA
main.js
all.accor.com/services/webview-consent/scripts-v2112/ Frame 75AF
4 KB
2 KB
Other
General
Full URL
https://all.accor.com/services/webview-consent/scripts-v2112/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178271
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA2-C1
content-length
1791
x-gen-id
39400a227f1e6449e62033e0ecad2631
x-served-by
cache-hhn4072-HHN
x-unique-id
9f82341ab6769166cbf31d997da73b47
x-fstrz
o,c
server
fasterize
x-timer
S1638535176.737358,VS0,VE0
date
Fri, 03 Dec 2021 12:39:35 GMT
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
via
1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront), 1.1 varnish
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
ETsgfKZM5DIuuKcEk1YDspri1pYmAQxt1vbrZzJszQbiyiAPGrQrag==
x-cache-hits
1796
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 75AF
193 B
231 B
Script
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6b7cdbd0681c4aa4-FRA
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.23.0/ Frame 2240
312 KB
75 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
joMckLq8BtEunD8NH/4XVA==
age
3933124
vary
Accept-Encoding
content-length
76366
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:58 GMT
server
cloudflare
etag
0x8D96DBF6CBEE741
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f4d13985-301e-0055-7e6c-c43391000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbd08b70d618-MXP
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.23.0/ Frame 75AF
312 KB
75 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
joMckLq8BtEunD8NH/4XVA==
age
3933124
vary
Accept-Encoding
content-length
76366
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:58 GMT
server
cloudflare
etag
0x8D96DBF6CBEE741
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f4d13985-301e-0055-7e6c-c43391000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbd09b81d618-MXP
en.json
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/ Frame 2240
291 KB
47 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ce192b3ae3bc758a5f61089d32e3d6dc77f42d95967cb005744e584d8a98e2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cF828KugEm5ifV7niRSOqQ==
age
10086
vary
Accept-Encoding
content-length
47516
x-ms-lease-status
unlocked
last-modified
Wed, 08 Sep 2021 10:52:59 GMT
server
cloudflare
etag
0x8D972B6D2A23BB6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b23af271-501e-004e-5815-b61d03000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbd0da3a0eb7-FRA
expires
Fri, 03 Dec 2021 16:39:35 GMT
en.json
cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/ Frame 75AF
291 KB
47 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/87c4fef0-8732-44e4-bee3-f4faa4ce5a9d/ea7759fe-d629-4fb0-8702-d9cb8c0ef4bf/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ce192b3ae3bc758a5f61089d32e3d6dc77f42d95967cb005744e584d8a98e2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cF828KugEm5ifV7niRSOqQ==
age
10086
vary
Accept-Encoding
content-length
47516
x-ms-lease-status
unlocked
last-modified
Wed, 08 Sep 2021 10:52:59 GMT
server
cloudflare
etag
0x8D972B6D2A23BB6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b23af271-501e-004e-5815-b61d03000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbd0fa7b0eb7-FRA
expires
Fri, 03 Dec 2021 16:39:35 GMT
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame 2240
9 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCenterRounded.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cGkddLGcEkFdkLgUFXgOUA==
age
3933119
vary
Accept-Encoding
content-length
2584
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:52 GMT
server
cloudflare
etag
0x8D96DBF69965AE8
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
70caaec9-101e-0060-146c-c49dc4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbd13ae80eb7-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ Frame 2240
47 KB
11 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
+0xPzL52AeUkZsqLfWvieg==
age
3933119
vary
Accept-Encoding
content-length
11387
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:53 GMT
server
cloudflare
etag
0x8D96DBF69F1D28E
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
104d501c-001e-0091-6f6c-c44c57000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbd13aeb0eb7-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame 2240
20 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Ye6OeZcNyuFoWog7CYs00A==
age
3933119
vary
Accept-Encoding
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:12:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
0f383678-701e-0034-706c-c4774e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
6b7cdbd13aee0eb7-FRA
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame 75AF
9 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCenterRounded.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cGkddLGcEkFdkLgUFXgOUA==
age
3933119
vary
Accept-Encoding
content-length
2584
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:52 GMT
server
cloudflare
etag
0x8D96DBF69965AE8
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
70caaec9-101e-0060-146c-c49dc4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbd16b300eb7-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ Frame 75AF
47 KB
11 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
+0xPzL52AeUkZsqLfWvieg==
age
3933119
vary
Accept-Encoding
content-length
11387
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:11:53 GMT
server
cloudflare
etag
0x8D96DBF69F1D28E
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
104d501c-001e-0091-6f6c-c44c57000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6b7cdbd16b330eb7-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ Frame 75AF
20 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 03 Dec 2021 12:39:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Ye6OeZcNyuFoWog7CYs00A==
age
3933119
vary
Accept-Encoding
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 03:12:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
0f383678-701e-0034-706c-c4774e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
6b7cdbd16b350eb7-FRA
rb_80be963f-a859-4808-9b2a-ceb8d44df738
all.accor.com/ Frame C252
120 B
827 B
XHR
General
Full URL
https://all.accor.com/rb_80be963f-a859-4808-9b2a-ceb8d44df738?type=js3&sn=v_4_srv_1_sn_03660515936FCF2F4B63809AC8E612AD_perc_100000_ol_0_mul_1_app-3A1a152145cd696e21_1_rcs-3Acss_0&svrid=1&flavor=post&vi=NIECLFCITAQGGIUEODURDCDEJDOSAHQS-0&modifiedSince=1637323498056&rf=https%3A%2F%2Fall.accor.com%2Fauthentication%2Flanding%2Findex.shtml%3FappId%3Dall.accor%26state%3DGQOjM0QdTZMILziNGEiXps%26error%3Dlogin_required%23.&bp=3&app=1a152145cd696e21&crc=1901568166&en=85aac0bj&end=1
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
633e7bf5df5fb0d6b4538e8f6d256e86e7999a25bdfe16dae66b1779a6510af7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15552000
via
1.1 3296b04068551f925d5fafd1b785ff31.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
content-length
120
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
access-control-allow-origin
*
x-unique-id
16e698778da54f50c3ebdc54acbd01ff
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
!c,Z,p
server
fasterize
x-timer
S1638535177.520410,VS0,VE36
date
Fri, 03 Dec 2021 12:39:36 GMT
vary
Origin
access-control-allow-methods
PUT, GET, POST, DELETE, OPTIONS
content-type
text/plain; charset=utf-8
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
access-control-allow-credentials
true
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
access-control-allow-headers
authorization, content-type
x-amz-cf-id
miKuAtAui8n6p-iOkYWxhuk3mdUchRH2PDFgNtKs6Xq6ZJQmmULY6A==
x-cache-hits
0
calendar.svg
all.accor.com/components/header/assets/icons/
830 B
747 B
Image
General
Full URL
https://all.accor.com/components/header/assets/icons/calendar.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
d1dc24913826ce79efd8b1b277eeb81bf3843dba4a68c5715a521854004b58c1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178266
via
1.1 79272ab9b399ee696b329d4f677dca49.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, HIT
x-cdn-forward
Fastly
content-length
414
x-gen-id
48985f634bd85edf8b758da2da836467
x-served-by
cache-hhn4072-HHN
x-unique-id
1fd2730b0e2222a4323c3a0b29786195
last-modified
Fri, 26 Nov 2021 09:21:39 GMT
server
fasterize
x-timer
S1638535177.767773,VS0,VE0
date
Fri, 03 Dec 2021 12:39:36 GMT
vary
Accept-Encoding
content-type
image/svg+xml; charset=UTF-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
x-amz-cf-id
K4rCO_TKafNDDGBQKwp4PV1kxV3-x_uKUY9baDUE2RkW-PR8lIElGw==
x-fstrz
o,c
x-cache-hits
111
help.svg
all.accor.com/components/header/assets/icons/
371 B
543 B
Image
General
Full URL
https://all.accor.com/components/header/assets/icons/help.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
1aebfde1ab4aa7699ebbe78b3e65f1dbe4f106262f1952de62888a0ea10184f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
age
178266
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfd.cloudfront.net (CloudFront), 1.1 varnish
x-cache
Miss from cloudfront, HIT
x-cdn-forward
Fastly
content-length
235
x-gen-id
aa64be13f73f3b59047d8ecf7dce1079
x-served-by
cache-hhn4072-HHN
x-unique-id
4af3bea553e5f2c55f4c3f71c5437b2c
last-modified
Fri, 26 Nov 2021 09:21:39 GMT
server
fasterize
x-timer
S1638535177.767911,VS0,VE0
date
Fri, 03 Dec 2021 12:39:36 GMT
vary
Accept-Encoding
content-type
image/svg+xml; charset=UTF-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-amz-cf-id
isqVRXTa4_p5UeejnLv571pbb-9Sx8_JyjApGFFHI9bY2VZOF5nOaA==
x-fstrz
o,c
x-cache-hits
102
germany.png
all.accor.com/components/header/assets/images/flags/
215 B
592 B
Image
General
Full URL
https://all.accor.com/components/header/assets/images/flags/germany.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
4f014357e09b50cdcd3f2865e0d14507e009f8a0399300ffabb853d949adb2e0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
via
1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront), 1.1 varnish
age
124517
x-cache
Miss from cloudfront, HIT
x-amz-cf-pop
FRA60-P3
content-length
215
x-gen-id
ea6f657f10460ea14e8acd20eec9c209
x-served-by
cache-hhn4072-HHN
x-unique-id
803d745670a10e51c5a935cb6f7031b7
last-modified
Tue, 30 Nov 2021 13:31:30 GMT
server
fasterize
x-timer
S1638535177.768043,VS0,VE0
date
Fri, 03 Dec 2021 12:39:36 GMT
vary
Origin
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=3600, stale-while-revalidate=21600
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
x-amz-cf-id
pszUQ7pj5YvaSWdHtI6IeAHWjyPiAO8afwYbFaVE-nh7D-zaPFy_pw==
x-fstrz
o,c
x-cache-hits
3
bg_hub.gif
all.accor.com/imagerie/promotions-offers/
10 KB
10 KB
Image
General
Full URL
https://all.accor.com/imagerie/promotions-offers/bg_hub.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
ce72c829adef77d9e829c23789b5afcb7899f8d031c635ec7cf6a3527459a468
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://all.accor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
x-cache
Error from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-oneagent-js-injection
true
server-timing
dtSInfo;desc="1"
content-length
5371
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
x-unique-id
e3772afb8b9e8577165b1200d3a4d61b
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
stc,Z,p
server
fasterize
x-timer
S1638535177.768197,VS0,VE56
date
Fri, 03 Dec 2021 12:39:36 GMT
vary
Accept-Encoding, Origin, Accept-Encoding
content-type
text/html; charset=utf-8
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront), 1.1 varnish
expires
0
cache-control
no-store, no-cache="Set-Cookie"
fastly-version
V63
x-accor-asset
wise
x-cdn-forward
Fastly
accept-ranges
bytes
x-ruxit-js-agent
true
x-amz-cf-id
q1RqD2Sg7_uYfg0R43H2p2CIHbmCmk2xeCC6tzhm06aoNBbF11XzVg==
x-cache-hits
0
rb_80be963f-a859-4808-9b2a-ceb8d44df738
all.accor.com/
120 B
683 B
XHR
General
Full URL
https://all.accor.com/rb_80be963f-a859-4808-9b2a-ceb8d44df738?type=js3&sn=v_4_srv_1_sn_03660515936FCF2F4B63809AC8E612AD_perc_100000_ol_0_mul_1_app-3A1a152145cd696e21_1_rcs-3Acss_0&svrid=1&flavor=post&vi=NIECLFCITAQGGIUEODURDCDEJDOSAHQS-0&modifiedSince=1637323498056&rf=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&bp=3&app=1a152145cd696e21&crc=2730624603&en=85aac0bj&end=1
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
633e7bf5df5fb0d6b4538e8f6d256e86e7999a25bdfe16dae66b1779a6510af7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15552000
via
1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
content-length
120
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
access-control-allow-origin
*
x-unique-id
cb290d8aa134e5e8da89d7545f7546a9
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
!c,Z,p
server
fasterize
x-timer
S1638535177.911116,VS0,VE43
date
Fri, 03 Dec 2021 12:39:36 GMT
vary
Origin
access-control-allow-methods
PUT, GET, POST, DELETE, OPTIONS
content-type
text/plain; charset=utf-8
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
access-control-allow-credentials
true
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
access-control-allow-headers
authorization, content-type
x-amz-cf-id
DeY6gxDQYHv2DZsQYBT6uYwhZVlR2Feg-7T0-BGitgGkFPEx32eZKw==
x-cache-hits
0
rb_80be963f-a859-4808-9b2a-ceb8d44df738
all.accor.com/ Frame C252
120 B
532 B
XHR
General
Full URL
https://all.accor.com/rb_80be963f-a859-4808-9b2a-ceb8d44df738?type=js3&sn=v_4_srv_1_sn_03660515936FCF2F4B63809AC8E612AD_perc_100000_ol_0_mul_1_app-3A1a152145cd696e21_1_rcs-3Acss_0&svrid=1&flavor=post&vi=NIECLFCITAQGGIUEODURDCDEJDOSAHQS-0&modifiedSince=1637323498056&rf=https%3A%2F%2Fall.accor.com%2Fauthentication%2Flanding%2Findex.shtml%3FappId%3Dall.accor%26state%3DGQOjM0QdTZMILziNGEiXps%26error%3Dlogin_required%23.&bp=3&app=1a152145cd696e21&crc=3107502863&en=85aac0bj&end=1
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
633e7bf5df5fb0d6b4538e8f6d256e86e7999a25bdfe16dae66b1779a6510af7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000, max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15552000, max-age=15552000
via
1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
content-length
120
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
access-control-allow-origin
*
x-unique-id
18522d32f6307829dddc5df2f4a9066b
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
!c,Z,p
server
fasterize
x-timer
S1638535179.564487,VS0,VE41
date
Fri, 03 Dec 2021 12:39:38 GMT
vary
Origin
access-control-allow-methods
PUT, GET, POST, DELETE, OPTIONS
content-type
text/plain; charset=utf-8
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
access-control-allow-credentials
true
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
access-control-allow-headers
authorization, content-type
x-amz-cf-id
_BXYdXlXmbTPFcyZrbyc5rtyz7rvPqg9A7bT-kE-pixZMVqftXJd-A==
x-cache-hits
0
rb_80be963f-a859-4808-9b2a-ceb8d44df738
all.accor.com/
120 B
706 B
XHR
General
Full URL
https://all.accor.com/rb_80be963f-a859-4808-9b2a-ceb8d44df738?type=js3&sn=v_4_srv_1_sn_03660515936FCF2F4B63809AC8E612AD_perc_100000_ol_0_mul_1_app-3A1a152145cd696e21_1_rcs-3Acss_0&svrid=1&flavor=post&vi=NIECLFCITAQGGIUEODURDCDEJDOSAHQS-0&modifiedSince=1637323498056&rf=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml%3Futm_medium%3Demail%26utm_source%3Danimation-marketing%26utm_campaign%3Dml-all-2112-lc-b-me-gb-00-1-hdhd%26utm_content%3DME-EN-NA-NA%26uauid%3Da02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf&bp=3&app=1a152145cd696e21&crc=3891245171&en=85aac0bj&end=1
Requested by
Host: all.accor.com
URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
fasterize /
Resource Hash
633e7bf5df5fb0d6b4538e8f6d256e86e7999a25bdfe16dae66b1779a6510af7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://all.accor.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15552000
via
1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront, MISS
p3p
CP="NO P3P POLICY"
x-cache-response
DISABLED
content-length
120
x-xss-protection
1; mode=block
x-served-by
cache-hhn4072-HHN
referrer-policy
origin
access-control-allow-origin
*
x-unique-id
2333d349243444bfc54cfad13fddd46d
x-clacks-overhead
GNU Terry Pratchett
x-fstrz
!c,Z,p
server
fasterize
x-timer
S1638535179.985575,VS0,VE43
date
Fri, 03 Dec 2021 12:39:39 GMT
vary
Origin
access-control-allow-methods
PUT, GET, POST, DELETE, OPTIONS
content-type
text/plain; charset=utf-8
pragma
no-cache
cache-control
private, no-cache, no-store, no-cache="Set-Cookie"
access-control-allow-credentials
true
fastly-version
V63
x-cdn-forward
Fastly
accept-ranges
bytes
access-control-allow-headers
authorization, content-type
x-amz-cf-id
GzC1cba3NFhmPmbSSlkl9EafYX0We2l2a_hvXjmGoK_AaIaV_JkysA==
x-cache-hits
0

Verdicts & Comments Add Verdict or Comment

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler number| frzSpeedIndexRatio boolean| fstrz string| FRZ_GLOBAL_CUSTOMER_KEY object| BOOMR_GLOBAL_CONFIG object| BOOMR object| dT_ object| dtrum object| google_tag_manager object| dataLayer object| google_optimize object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups function| OptanonWrapper function| $ object| jqueryuiBugFix object| i18n object| i18n_LH object| i18n_MEE object| i18n_FS object| i18n_LOL object| i18n_socialMedia object| i18n_whiteLabel object| i18n_options_product function| Calendar object| globalViewbeansData object| ajaxRequest object| utils object| targetTopper string| v1 string| v2 string| v3 string| v4 object| click2Call function| DP_jQuery_1638535173473 object| lazySizesConfig object| lazySizes function| TemplateUtils function| opFORFactory object| Currencies object| __core-js_shared__ object| AccorHotels object| SessionService object| ah function| autoCompletion object| getData function| getCookie object| bookingEngineToggler object| roomDisplay object| SearchHistory function| BookingEngine undefined| currentPopinIframe object| popinsOpeningActions object| popinsClosingActions object| popins function| popups function| resizePopinIframe function| getHeightDocument object| brandCommon function| setCookie function| getCoefficient number| coff function| shuffle object| displayPromoOffers object| displayPromoLoad object| insitePromoDisplay object| displaySocialPlugins function| analytics function| linkToButtons function| SliderComponent function| Cookies object| dfp object| regeneratorRuntime function| jQuery3 function| setImmediate function| clearImmediate object| Xloader object| TagManager function| Vue object| GTMStateLoader function| jsonFeed object| i18nPromo string| k boolean| keyFound number| hideMoreNum object| gapi object| ___jsl function| postscribe object| google_tag_manager_external object| otStubData object| FB function| gtag object| google_tag_data object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| Optanon object| OneTrust undefined| memberStatus function| usaBillaIntegration object| _uxa number| w number| h function| lightningjs function| usabilla_live object| customObj string| brandname string| displayZone string| loyaltypoints string| memberstatus string| navigatorLanguages string| numberofadults string| numberofchildren string| pagename string| searchcity string| sessionId string| usercity string| userCurrency string| userLang string| userlog string| userLocalizationInitial string| usernameU object| dtExpire number| BOOMR_onload object| cedexis object| closure_lm_118135 function| BOOMR_check_doc_domain object| config function| RUMSpeedIndex

36 Cookies

Domain/Path Name / Value
.accor-mail.com/ Name: uuid230
Value: 73254d69-1f64-4146-9bc9-86efb32a136d
.accor-mail.com/ Name: nlid
Value: 1d7198f0|8a002299
.accor.com/ Name: JSESSIONID
Value: 05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97
.accor.com/ Name: CSESSIONID
Value: HZA063E301CA5E44F387822D1392C63CA4
.accor.com/ Name: displayZone
Value: germany
.accor.com/ Name: userBrowsingZoneLocalization
Value: deutschland
.accor.com/ Name: userLocalization
Value: de
.accor.com/ Name: userLocalizationInitial
Value: de
.accor.com/ Name: contribZone
Value: deutschland
.accor.com/ Name: userLang
Value: de
.accor.com/ Name: userPrefLocalization
Value: de
.accor.com/ Name: affcookie
Value: nvC0f4+U056xcIFo+bjzGPIBV6KbSvmX7Zmb4dwrtP5ZIOd5HndgJg==
.accor.com/ Name: UAUID
Value: a02d2bdc56931f2c6bc10d04cf2c138e708e9a08768db066b86c3f625404a2cf
.accor.com/ Name: _Hw2h_
Value: .p77c
.accor.com/ Name: org
Value: elr
.accor.com/ Name: dtCookie
Value: v_4_srv_1_sn_03660515936FCF2F4B63809AC8E612AD_perc_100000_ol_0_mul_1_app-3A1a152145cd696e21_1_rcs-3Acss_0
.accor.com/ Name: rxVisitor
Value: 1638535173359ITJC3H6RBFHAK4HSPF5J1RQQVQ78DFN6
.accor.com/ Name: dtSa
Value: -
.accor.com/ Name: SESSIONRANDOM
Value: 05AEBA57DAEAB5246D5F1113794C2B2408ABBAFBA8250B7CDB97
.accor.com/ Name: Coefficient
Value: 0.055309988802885846
all.accor.com/ Name: _integrity_
Value: c912556ab36326a29c035a1a7325b543ee003df93a1aaa35b38013f7dba73da02c02b1d562b4df029494f2b9cddaa87ddad16ca18bd186de6ccd2a60b089eee1
.google.com/ Name: NID
Value: 511=powRjp3w9NJDhf7Yp0dTW2ZlAOy6PpRdhWdetSoUW6jSO5BFCODqXTfVxVIAB5bAv4Orzx3mxo-hncspQr1iibDxJb3VmIHcOzDYqMHyQE1FFa0oJQS1kVAsdlD-3Gdid10gb15rMy1dNaUGG6LUiwOsUU2hJBawgiNkcPoNqMw
api.accor.com/ Name: OAU_all.accor
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJyZWRpcmVjdF9zaXRlX3VyaSI6Imh0dHBzOi8vYWxsLmFjY29yLmNvbSIsInN0YXRlIjoiR1FPak0wUWRUWk1JTHppTkdFaVhwcyIsImV4cCI6MTYzODUzNjA3NCwiaWF0IjoxNjM4NTM1MTc0LCJhcHBfaWQiOiJhbGwuYWNjb3IiLCJub25jZSI6IlJBQkIwa3dlZjFRQXFzaWpVQ0R0am4iLCJwcm9tcHQiOiJub25lIn0.jONeafMovo37769HsRGgoFDulNcYVirapJTmuplGaELEfIWIk97g1J8qngW4TUKSpBUL1USImOMx-9lCit0yfKmyq_zLzN_lkxW7yXp4aZN2FM_DBMlYmtQCxTxO3blWAQl0t2XpztXShdY3RpK2bH2KJNaTPZal1NMMLi3iyJu2tfq_gAUSUh_IA1ZBLOpuI1BrGDrTB_uwxCyJLULxDNA-m0-QOpuY6TYMgBqv1GPk3IaV3dbxmWg_0MjlvkQ2-iVYDJcwVjkMyGxXQzWAAJKZ5EJDJGrOZL7UWls6iBk122SISMlK_bnwUTLuo9M4_JbwQLlnv4fM1fBZAf2doA
login.accor.com/ Name: PF
Value: dQbuS6RzooBmBVcB1lDeiK
.accor.com/ Name: visid_incap_2545443
Value: 3A2w+SlOTXWAXu9j+m7W8AUQqmEAAAAAQUIPAAAAAAAv2cBI2w733/TcNoWE4CGk
.accor.com/ Name: nlbi_2545443
Value: mSTQWYHyvytLCTmV+0jM0AAAAAARoJoe9Dqbgu6qhcf0wUOy
.accor.com/ Name: incap_ses_1515_2545443
Value: wSarJ6Aen0xqHnKEkFwGFQUQqmEAAAAAr2/59vl5GPN7O0p9GIuCvQ==
.accor.com/ Name: OCC_all.accor
Value: fail
.accor.com/ Name: tarsmid
Value: undefined
.accor.com/ Name: tarssid
Value: ml-all-2112-lc-b-me-gb-00-1-hdhd
.accor.com/ Name: mid
Value:
.accor.com/ Name: sid
Value: ml-all-2112-lc-b-me-gb-00-1-hdhd
.accor.com/ Name: rxvt
Value: 1638536974965|1638535173361
.accor.com/ Name: dtPC
Value: 1$535173357_278h-vNIECLFCITAQGGIUEODURDCDEJDOSAHQS-0e0
.accor.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Fri+Dec+03+2021+12%3A39%3A35+GMT%2B0000+(GMT)&version=6.23.0&isIABGlobal=false&hosts=&genVendors=V62%3A0%2CV37%3A0%2CV67%3A0%2CV38%3A0%2CV64%3A0%2CV58%3A0%2CV25%3A0%2CV26%3A0%2CV42%3A0%2CV9%3A0%2CV8%3A0%2CV27%3A0%2CV51%3A0%2CV39%3A0%2CV23%3A0%2CV55%3A0%2CV5%3A0%2CV34%3A0%2CV10%3A0%2CV53%3A0%2CV59%3A0%2CV36%3A0%2CV49%3A0%2CV65%3A0%2CV19%3A0%2CV33%3A0%2CV57%3A0%2CV52%3A0%2CV48%3A0%2CV29%3A0%2CV17%3A0%2CV11%3A0%2CV56%3A0%2CV12%3A0%2CV13%3A0%2CV41%3A0%2CV40%3A0%2CV68%3A0%2CV60%3A0%2CV50%3A0%2CV15%3A0%2CV54%3A0%2CV28%3A0%2CV30%3A0%2CV46%3A0%2CV4%3A0%2CV14%3A0%2CV61%3A0%2CV7%3A0%2CV45%3A0%2CV16%3A0%2CV32%3A0%2CV21%3A0%2CV69%3A0%2CV63%3A0%2CV6%3A0%2CV18%3A0%2CV31%3A0%2CV44%3A0%2CV43%3A0%2CV35%3A0%2CV47%3A0%2C&consentId=1bf42731-6bf3-4397-9f83-e20fff802c7b&interactionCount=0&landingPath=NotLandingPage&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0007%3A0%2CC0004%3A0%2CC0005%3A0&AwaitingReconsent=false
.accor.com/ Name: dtLatC
Value: 1

208 Console Messages

Source Level URL
Text
deprecation warning URL: https://all.accor.com/ruxitagentjs_ICA27Vfgjqrux_10227211018092056.js(Line 269)
Message:
Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
network error URL: https://all.accor.com/imagerie/promotions-offers/bg_hub.gif
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fall.accor.com&url=https%3A%2F%2Fall.accor.com%2Fgb%2Fpromotions-offers%2Fhw003098-festive-offers-for-members-of-all.shtml&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Conload&id=I0_1638535173961&_gfid=I0_1638535173961&parent=https%3A%2F%2Fall.accor.com&pfname=&rpctoken=24304981
Message:
Failed to load resource: the server responded with a status of 404 ()
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
network error URL: https://all.accor.com/imagerie/promotions-offers/bg_hub.gif
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
all.accor.com
api.accor.com
apis.google.com
cdn.cookielaw.org
connect.facebook.net
d6tizftlrpuof.cloudfront.net
geolocation.onetrust.com
i2-sxevtvqdzyxqzklbhxmpveuqukjuqv.init.cedexis-radar.net
i2-tonyrcetydjmicxmeqdzlehmbovcxw.init.cedexis-radar.net
login.accor.com
radar.cedexis.com
ssl.gstatic.com
t5.mid.accor-mail.com
w.usabilla.com
www.accorhotels.com
www.facebook.com
www.google.com
www.googleoptimize.com
www.googletagmanager.com
104.225.98.129
151.101.2.132
152.199.22.100
2606:4700:10::6814:b944
2606:4700::6810:9440
2a00:1450:4001:808::2004
2a00:1450:4001:808::200e
2a00:1450:4001:813::200d
2a00:1450:4001:82f::2008
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2003
2a03:2880:f008:8:face:b00c:0:1
2a03:2880:f145:82:face:b00c:0:25de
35.240.103.94
35.241.57.45
45.60.155.180
52.214.99.201
52.222.206.77
63.34.185.171
01a7150b75bfd0acaa9bd97cc147022706b4fec3d6ed9735173b77448dbb48e5
09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5
0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390
0ce192b3ae3bc758a5f61089d32e3d6dc77f42d95967cb005744e584d8a98e2c
0e9a0335bdb00a8f209751c84c51195fadd96979281fc4abb3f32cf4c8999129
0eb4cc8760c02d0de878a8ceeef038d371f739a3a969c324e3cf79aca031d52c
0eb8844242f2945a3cca36e65754df1dd3500906a4d9d3a8a4fa04ba11b3a66e
1289818768c7638870acd4186781558179218f6c0d8c3b6ac6ae22d6f9c86e59
18e425aaa2caa6839f38ab8dc661bb8e59d071a4675f7e05fa221636f064a8a1
19eddfb22ef270441f545430e2a8607f588e1d72069a8507e8496c1c56eecdcb
1aebfde1ab4aa7699ebbe78b3e65f1dbe4f106262f1952de62888a0ea10184f8
1cc6b66cc42418608faeed8ae5f6fb3cd8f559f9dcf0be3d7a340c5351847a65
2317fd367b7eb5e77a6dd7e1e18f5cd5e9d05cd055dae1382487ec56326036df
24b113968e62ff8f7257831bd877f3f1dee714a5815818469e16475f651e9e70
2b896d6bb4408d45a7a48315a8616ec07dfc0313b8523b7d09fc84cc633edc69
2d66e75ff961935e0415f5c6a2742c4e375870f2eaf0b01447a5e3364ceb9a82
2debfc21d7901a5ed1bef7f33da5c833e6cffe8ccf5fed6959c3745c0576d696
2e8c4f9557817a416f5e4b2fdc641f10505fecf93b514796e1b8190304f0fc84
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
38b126f92a3104c7d73e1cf2f448db9896d4f29ebf3a7b593b380e6cdd0ae378
3a3b5a1699dbbd60c898504147fd10512b65c40427dfec4c295f94e96ec88ac6
3ea040be164bb8cc607e54db640f96593744abc36a97a731de45ae2d3d8640f4
3f95544529bf5a220675a5144deef8a36863d63b94d13b5408341bbd3229691f
400341e06329f365de280ab86c1c4caa41512f4e87c345ebadf9be3de61fcdc7
43622fd79cb7b679831f09443b32a16108750d48014d9e425f6cf18bbd4ed369
4a9176024a28601348ed4672fdc49e08600bfc751477770154390503d03c16a5
4dbd3040f0e3280903f9d26ae340099dcc48a2ed61f88437aced99aacc3a6fe9
4f014357e09b50cdcd3f2865e0d14507e009f8a0399300ffabb853d949adb2e0
4f6bee0f5c99de49d1a9ac883dc86c6b682439fcec623456efddaff410eb8dcb
51e5f9626e4a0a622abd3b6a613b0f6a2e8f84c350cfb29500be385e18ff25d9
56ce9a9f71a8465359a676d95189390683de779bdc085f4fa9d48ec0651d9a5f
59415c8f1106151e421f5a3e46e8f8aca679ea9cefba5eb1d386ca0381d48c18
5a98d3f21c2cef2241e0ce7f4cc7fd5dd01596a3f813f5f0665efdd8496844d8
5be54d615f798b47e05e26e32a03a24526e53b2bce029d71fcdad4c15891693f
61bf46ddd0347eefdeb6150a5a9fc0fc7364c8bdee2d7b34b8c52aeaf6247d7d
633e7bf5df5fb0d6b4538e8f6d256e86e7999a25bdfe16dae66b1779a6510af7
63914bf2e01926065ceae08a1a0f0d5065204512a3d6ff1180b6af51b47895e8
63a8bb0607d9c563bf656316ff741977e9ae4752b0775a5ec22507c61555003a
6852c5128a7e7fa162cf99181cfb0a646bc680dbc9e4c3130705428aeed34bd7
68fcfaa7232b50c7033d0c08b3cdbbee150b047c4cfa6445705318abf4e1303f
72da6e172f01dffa244c75bd90627ae5d72aff4fd873a01c70c06f71d974bd34
73f38b873dd938c1653591fbd507597402498c9ec81ce957ef554a550a111541
7ebbbd0b097263f41dc3ffcabaed2601900ed9fb22e3bd704c47008fdb51df24
7f68affba3f1c780f877960c7ee3e441309078b41043d35501e2eda8f7fde683
8413e2e0b600e68fe059ce4fea45f846e3e4b89665ad21fabf3d8d79d9c0bc84
8b478084411b06a69b79593b9c413ff1db2af1008305f1cb63331224569e69a5
8dc1fef758902b185875fd61e28de5c3687e9550e69e1fc541822771c6e8f676
92bca9e2ff98cd0edf78c573d0946d5b73ad3cfef7a79e8d325f13e45293f30a
9588b8874bd624c3306bdc5be18215767b7e0345ac216c67204be0d5b9fc52ae
97b257cba08bd09e4f15e78e510067ca3c3811ff7ad8caa136d5821324fe3290
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
9e82253850ac7b2700c02c1275f0f178b45f19357cfa5bbdd3928a3e6a786873
9eeaf00c349716eb5d967968348d9d19d52aa95bc20d4494083775c543aeb9fc
a2670a36b03aa136cbdf4b5389cc3514d600aa6c9c0192757ec9792bf4f67f91
a3abf7d40bd0db59f5c09e497994f3155a8a919881634caf26643b51c058ddd8
a66a965881a85c8928b4b4d60095164de16d693135e6d7f095e141b8bc68e519
a73ba8ada5a51f6245f8dad192953259b83419108e50865843691487c07bdfba
a91d2e08704d224f8b2c5561696768f5a1263c68699687f6cd59315dd891c466
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8
ae16bcd7e62dfaa2e3f87a35397a0201d5a19cf6012af275d150bd98e749c175
b1b447c9f6fdd0b01b342fa0859dd0e0b09f5050b9c278937726becbe91c610b
b1ee98990c7c65268f3bcb450fa3f055f9fb1eebfd63f3602951475181eaaa13
b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8
b34cd4f0a45e40d7f3a50c5cdb47dabfb46a46430ea2b7036e7d5e3b2c05a588
b4eddb167733c7c9a91a75c0450df01116ab95e9e5607831e3dc87a6c47d7ae8
b892a75f0dd129bb98a7d720993fcad637939cbd9459afb44eb61002ce9d33ea
bae778f7c1118ad0e77c4b70bba0703991dd0c91ed87b577d92219b4f70ef66f
bb3671d439694ddb775eaff59f9be79502924c6f7b32219d2bfff3d159ad1444
bfa356facf68d486fe6db278a2851f893ca34d59c79cb58274272cbc0319a672
c47629d29ecd71e534e1eb5f97cde08cb68675e32ec6687c5d16417d122c010c
c564b78cbb1c17dfd4ac4f787ef4f693b9a59d8d549d3a7632cbc8aafea5fc21
ca582f52b0ffe53dc8e7c123657788f4969d0e118ed86ff25306327d6a73ddab
ce72c829adef77d9e829c23789b5afcb7899f8d031c635ec7cf6a3527459a468
d1dc24913826ce79efd8b1b277eeb81bf3843dba4a68c5715a521854004b58c1
d6c6c43c6c523314595d87f55b5feb9d0d13f8ab9e9d123f29f1a5ec54e0dffe
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
d92fe8a08fac8d4e03cf3be8a77427e27f58c52039664cdce47f1193cc705dcb
da2ff52023f137da43e498693495313f37f73da94ba5bb08c411049db116e5ab
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b
e2640d8d921b0ea6ba3f453c2a405fe7f03975e05c748f9af2465bb2984c28f8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea0a0d171ccac7a9fc28af7fce59ae181389ddc6851d904a91bcdd2b479daf3b
edc4c8fec66198f373d04130a121f1662836d481806b6f6afe4fe0bf5a203db6
ef3fb28d8dd00170c8ab66069052f98895d76efec6723db1cc2335c0daee7faf
f33f3e068bd1aa24de14f27d789b7ccc224e9c9f8bcabff98e7ffc319ef20e15
f51b94e97479ec49afa97ab34eec54626db8964ff5dc98640e4bc0e109417c88
f7309b6ccc1a76da1e7a0709abb8a0bf549277dee6c21ae7a466e73426fe9667
f9a1a0ac26eaf5b7f6cc7223b5dd4b5f545b5a48fb598c7442e5f76384f1be8c
f9c64bb9b2bdfd432bbf61455a77b47972d0f6c5bfb3701aa3ef061b4cf0c3c8
fb6f836bb8707b5249b47fc76b85207a44ae522209cb77570a70456564c7ec49