www.heraldextra.com Open in urlscan Pro
99.86.7.54 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.icptrack.com/icp/relay.php?r=113584961&msgid=927804&act=5B1C&c=664549&destination=https%3A%2F%2Fwww.heraldext...
Effective URL:
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Submission: On January 17 via manual (January 17th 2022, 4:14:07 pm UTC) from DE — Scanned from DE

Summary HTTP 153 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 27 IPs in 3 countries across 19 domains to perform 153 HTTP transactions. The main IP is 99.86.7.54, located in United States and belongs to AMAZON-02, US. The main domain is www.heraldextra.com.
TLS certificate: Issued by Amazon on November 4th 2021. Valid for: a year.

This is the only time www.heraldextra.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.80.167.200 54.80.167.200	14618 (AMAZON-AES) (AMAZON-AES)
18	99.86.7.54 99.86.7.54	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
9	50.31.163.11 50.31.163.11	23352 (SERVERCEN...) (SERVERCENTRAL)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
16	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	65.9.63.91 65.9.63.91	16509 (AMAZON-02) (AMAZON-02)
2	54.231.130.0 54.231.130.0	16509 (AMAZON-02) (AMAZON-02)
12	52.216.226.176 52.216.226.176	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
8	65.9.71.173 65.9.71.173	16509 (AMAZON-02) (AMAZON-02)
2	35.190.62.199 35.190.62.199	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9c	15169 (GOOGLE) (GOOGLE)
1 1	50.31.163.12 50.31.163.12	23352 (SERVERCEN...) (SERVERCENTRAL)
1 7	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2	2600:9000:214... 2600:9000:214f:6600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	35.201.98.64 35.201.98.64	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
153	27

1 54.80.167.200 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-80-167-200.compute-1.amazonaws.com

click.icptrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 99.86.7.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-54.fra6.r.cloudfront.net

www.heraldextra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 50.31.163.11 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: chi-validate.onecount.net

validate.onecount.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.63.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-63-91.fra56.r.cloudfront.net

cdn-images.mailchimp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.231.130.0 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.216.226.176 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

ogden_images.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 65.9.71.173 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-71-173.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.62.199 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 199.62.190.35.bc.googleusercontent.com

detectdiscovery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.31.163.12 (United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: chi-reg.onecount.net

on-reg.onecount.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:214f:6600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

25d885a63e82cae0be7b73d4d0f9a172.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.98.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.98.201.35.bc.googleusercontent.com

butterbulb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 25d885a63e82cae0be7b73d4d0f9a172.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 124 e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com	378 KB
22	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 stats.g.doubleclick.net — Cisco Umbrella Rank: 96 static.doubleclick.net — Cisco Umbrella Rank: 356 googleads.g.doubleclick.net — Cisco Umbrella Rank: 46	720 KB
18	heraldextra.com www.heraldextra.com	112 KB
14	amazonaws.com s3.amazonaws.com ogden_images.s3.amazonaws.com	947 KB
10	onecount.net 1 redirects validate.onecount.net — Cisco Umbrella Rank: 39639 on-reg.onecount.net — Cisco Umbrella Rank: 338771	46 KB
9	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 13 adservice.google.com — Cisco Umbrella Rank: 80	2 KB
8	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 281	80 KB
6	gstatic.com fonts.gstatic.com	134 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 165	186 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	40 KB
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 293 fonts.googleapis.com — Cisco Umbrella Rank: 47	63 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	143 KB
3	google.de www.google.de — Cisco Umbrella Rank: 5557 adservice.google.de — Cisco Umbrella Rank: 8028	1 KB
2	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 533	963 B
2	detectdiscovery.com detectdiscovery.com — Cisco Umbrella Rank: 917536	53 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 440	5 KB
2	mailchimp.com cdn-images.mailchimp.com — Cisco Umbrella Rank: 5534	3 KB
1	butterbulb.com butterbulb.com — Cisco Umbrella Rank: 261153 Failed	628 B
1	icptrack.com 1 redirects click.icptrack.com — Cisco Umbrella Rank: 36545	322 B
153	19

	Domain	Requested by
19	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
18	www.heraldextra.com	www.heraldextra.com ajax.googleapis.com validate.onecount.net
16	securepubads.g.doubleclick.net	www.heraldextra.com securepubads.g.doubleclick.net www.googletagservices.com
12	ogden_images.s3.amazonaws.com	www.heraldextra.com
11	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
9	validate.onecount.net	www.heraldextra.com validate.onecount.net
8	c.amazon-adsystem.com	www.heraldextra.com c.amazon-adsystem.com
7	www.google.com	1 redirects tpc.googlesyndication.com securepubads.g.doubleclick.net
6	fonts.gstatic.com	fonts.googleapis.com
5	www.googletagservices.com	securepubads.g.doubleclick.net e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.heraldextra.com
4	www.googletagmanager.com	www.heraldextra.com www.googletagmanager.com
3	static.doubleclick.net	e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
2	googleads.g.doubleclick.net	e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
2	e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	static.adsafeprotected.com	www.heraldextra.com
2	detectdiscovery.com	www.heraldextra.com
2	fonts.googleapis.com	www.heraldextra.com
2	cdn.jsdelivr.net	www.heraldextra.com
2	s3.amazonaws.com	www.heraldextra.com
2	cdn-images.mailchimp.com	www.heraldextra.com
2	ajax.googleapis.com	www.heraldextra.com
1	butterbulb.com	detectdiscovery.com
1	25d885a63e82cae0be7b73d4d0f9a172.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	www.google.de
1	on-reg.onecount.net	1 redirects
1	stats.g.doubleclick.net	www.google-analytics.com
1	click.icptrack.com	1 redirects
153	30

This site contains links to these domains. Also see Links.

Domain
www.mynewsonthego.com
www.facebook.com
www.twitter.com
www.pinterest.com
www.instagram.com
deals.heraldextra.com
twitter.com
www.ogdennews.com
www.nuttingcompany.com

Subject Issuer	Validity	Valid
*.ogdennews.com Amazon	`2021-11-04` - `2022-12-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.onecount.net Network Solutions OV Server CA 2	`2021-11-09` - `2022-12-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
cdn-images.mailchimp.com Amazon	`2021-07-21` - `2022-08-19`	a year	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-06-23` - `2022-07-24`	a year	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-11` - `2022-02-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
detectdiscovery.com R3	`2021-12-13` - `2022-03-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
butterbulb.com R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Frame ID: C2B167EDE1C7E535988A5D38F68E6270
Requests: 98 HTTP requests in this frame

Frame: https://25d885a63e82cae0be7b73d4d0f9a172.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F0949A9E8CDBDB12E77FAD7F5100E252
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9C1102CA18614C8BFE314CEA1D548A2E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8B24F46262BEECB350E570DD3D561BBD
Requests: 2 HTTP requests in this frame

Frame: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 798FB6C479B6A241C7570CCBEE5B5666
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssMsSSLDmx0aqENW8OY9MGJPxGJ-8jI65VF9SbV7rV4Vgi7Grb52OQ3htPg_tbOlWvJ4bsc9r6UpGtq3CEdewmg1BY7E-JUEv9vPWlvn-g00EuormaG4uEYcWsv5klNIYWB4mPk44c1tOpNBzfRWxT_8VvR3yXEgC7dbQL77Gi0rmYYdMS2fZpDTLW86iOJqf5z2fyBVd4CPQPTxPrPqdKiYVRxYL1-DFaRxcufe_lHBQe4nVk5_B0hwfpSY2uJZWUra0QoupdiFTEKZ06xO8F49QqsmklgXqTQ_h9izsmXx1GNyyXiypScKw5MNa4ShQ&sai=AMfl-YQ5K9s0tCRQ9gk9h9ccC6WBf17vGUgnA3dUxLqQFPA5jOytvy_KHn1fwVW3x_Jeius4R-PXRRpb3CXGKiLyzAIqs56yFR2xxEJ-RR2U_NADOznAI1iFiicK7rxxR38&sig=Cg0ArKJSzN6Mkz9YgRK7EAE&uach_m=[UACH]&adurl=
Frame ID: 2DECD267857430E9F9AD0A7966DB3DDE
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssG1iA-817Hbxj_wcMBVyIuoqC0x1RrqbvUm9BweP5iIo4hluOsiRXlEskPStTdSEgJUU_ePWcTP5MidRDmCN-qoWGKFXS5ZKOXDahWO8cKaEqxCbR8_5-ScymopddRllasMSLP-hOLNOzOvzd29QqxTGLHAmGG7fhJPb3nfJhPoM-NCcy_fy93g18clq3W37bq5akJceR7HUKJ86bBX7wVCGgC_o3ElmT5xBcjUiyxlrBGbZB4Oqx-XXNvBbJkr9TQa0tWHhsKME_Et3BiU5desOZrQY9tOklNRlBQNb_Sxp6KNV3nvMIqVqFdAJlWmi8qUw&sai=AMfl-YQKN5Vl-rWTWDEQtGM5sTqVmEG9sOSM0dpKdyryWjf9B5FxfEkhwX-yPUvHCQE2KN_p36cy3mFFxXrYQieYxgj8xsqpHnCS8iu1naARokuRHt9koXHzKMEtjkBOGu0&sig=Cg0ArKJSzNdilFJbICxPEAE&uach_m=[UACH]&adurl=
Frame ID: 2CBC930B9BBB173FE3E68C29F269FF53
Requests: 8 HTTP requests in this frame

Frame: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B782E0A22A1AF7681CFDE0F1846ACA0A
Requests: 12 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssbl3Vu6lm3BLsUnlpS3QklWAqIxFNW7HkIGbr3LMsXv9kmPyVnzR6SfMabeF3qy0HQzj_Va1gTVaPWKd4RCHTQGp05dxsKwIwum7MOPN1SP7lFMQR2WqjTjILqbIwUpletFHvCuU2-LFjJpUp59G-pXkoNMUTVgLEWXwL6aKLPueQA9QIoGn9DWD0nb42VpeX5ZGamr3-6modr2HdbKNZywbvlGYh9M0Win6TOQQifgPJih2dUC5N_YlvsEP78EX95oSWhzwWpXa3eFxRzOVb0iULYehp1P0oqFWhnE0z0tzZONyJ46z5IDjxnij7tw2JrmT_AJyc&sai=AMfl-YQltSKARKyWkRk-GgpDU-HgSR_SWZiInaD_hiHlxOUCoYlYEcjj84RAkkOFBHj8isbjqyYR-C2Os_vyDg6G6yXoYZcxxowz6hNBUmTkag5KSijUV6gYQexWhYc5ePk&sig=Cg0ArKJSzIUPLi4HcRtMEAE&uach_m=[UACH]&adurl=
Frame ID: E1B2B1EC597B5C752D584B977782AA61
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstTVnt5718kFE8qdGiNK7Vm47NyUoMyVhMflFr16KSKUFlmRH4RxQ5x7La_1I8s-HM6C5ZsW-FE-el0LP6Q6EraS7UHSzVhoYUKwUHefUSZaBnFrFqXwTx09r_W3XEOlv8nfmeLgesDmw8dMPanJj3C46B7o2QtwmbM-qigtN1NtdKJ0iDKaui9r4iP9qV3WVHT4eOYAqHxdepcYiq2DL1CyRfs6hPnCAdNKFRaxtsolg2ljOoOg2KWJDwL0foQkL3ZH4ljqj9JDQ0ZrGuQ6Pm8tKq4GQeEjgnH20UNjYF7Z6Zd1Yki2YsTXC9e0tYVXduc5Ko6cnv4&sai=AMfl-YR6Is37nqDhP077f5JInXPupyGTn0JE5hDAJ8asc9ZMnUyU-kSp4ypJ0p0tlFuqkkH-bIBlAdTmj-pL-DP9X72o5CIatFCa35GV-uPGG6rjsnYkfV5roo6_rGxL7iw&sig=Cg0ArKJSzMb5Nzib6d4aEAE&uach_m=[UACH]&adurl=
Frame ID: EE4F16BB91033DAB81B5982B6A8813DD
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 35E8BBEB5CD88C154648DDCF036EBE82
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F0E6D5AA6030DA64D95FA3A93328A0CD
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E3159753E0C97D4C2A273E8FD6F8823E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nu Skin becomes first sensory certified company worldwide | News, Sports, Jobs - Daily Herald

Page URL History Show full URLs

https://click.icptrack.com/icp/relay.php?r=113584961&msgid=927804&act=5B1C&c=664549&destination=https%3... HTTP 302
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldw... Page URL
https://on-reg.onecount.net/onecount/redirects/index.php?action=get-tokens&js=1&sid=&return=https%3A%2F%... HTTP 302
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldw... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

s3\.amazonaws\.com/downloads\.mailchimp\.com/js/mc-validate\.js
cdn-images\.mailchimp\.com/[^>]*\.css

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

153
Requests

96 %
HTTPS

61 %
IPv6

19
Domains

30
Subdomains

27
IPs

3
Countries

2913 kB
Transfer

5413 kB
Size

18
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: http://www.mynewsonthego.com/provo/free/getpubfront.aspx?freeid=990ff282-8e70-4476-bd8a-da63641757ab
Title: Today’s Paper

Search URL Search Domain Scan URL

URL: https://www.facebook.com/UtahValleyDailyHerald/
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.twitter.com/heraldextra
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/dailyherald
Title: Pinterest

Search URL Search Domain Scan URL

URL: http://www.instagram.com/dailyheraldutah
Title: Instagram

Search URL Search Domain Scan URL

URL: https://deals.heraldextra.com/
Title: Deals

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwide%20https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Search URL Search Domain Scan URL

URL: https://twitter.com/heraldextra
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.ogdennews.com/
Title: Ogden Newspapers

Search URL Search Domain Scan URL

URL: https://www.nuttingcompany.com/
Title: The Nutting Company

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.icptrack.com/icp/relay.php?r=113584961&msgid=927804&act=5B1C&c=664549&destination=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&cf=11300&v=f09640331078a84c309e19d4582f303a32e4962202364f67738e403a89aacaa5 HTTP 302
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/ Page URL
https://on-reg.onecount.net/onecount/redirects/index.php?action=get-tokens&js=1&sid=&return=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&sid=gbrvbugnhhasi6t5t67ck58vu7 HTTP 302
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://click.icptrack.com/icp/relay.php?r=113584961&msgid=927804&act=5B1C&c=664549&destination=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&cf=11300&v=f09640331078a84c309e19d4582f303a32e4962202364f67738e403a89aacaa5 HTTP 302
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Request Chain 146

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

153 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Redirect Chain

https://click.icptrack.com/icp/relay.php?r=113584961&msgid=927804&act=5B1C&c=664549&destination=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-cer...
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

51 KB
13 KB

52ms
19ms

Document
text/html

99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 / PHP/7.4.21
Resource Hash: 79c6ee01469a33f1b8b7a125e65cb8c8d82340312c331ca7f9db94e12bf47d36

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
content-length: 12911
date: Mon, 17 Jan 2022 16:12:09 GMT
server: Apache/2.4.51 () PHP/7.4.21
x-powered-by: PHP/7.4.21
expires: Mon, 17 Jan 2022 15:29:54 GMT
cache-control: max-age=600, s-maxage=86400
link: <https://www.heraldextra.com/?p=1586117>; rel=shortlink
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: -i3Fup44t-nZGrSkC_68FBYFDHgwoOHAK2Rdb85JpinowcAuAVCdtQ==
age: 110

Redirect headers

Content-Type: text/html; charset=utf-8
Date: Mon, 17 Jan 2022 16:13:59 GMT
Location: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Server: Apache
X-Cnection: close
X-FORWARDED-FOR: (null)
Content-Length: 0
Connection: keep-alive

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 54ms
31ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-3240622-1

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9923331472ad320c13a702429890f59e3972d79e65cf51aec2141e63b522b462

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:13:59 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36512
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 Jan 2022 16:13:59 GMT

GET
H2 200 layout.css
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/ 63 KB
11 KB 10ms
9ms Stylesheet
text/css 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 722210b715ecf92d8ac18dcb76fee5f651a2ac73f040c5b38b772d8d519976d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:56 GMT
content-encoding: gzip
last-modified: Tue, 04 Jan 2022 15:05:44 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185883
etag: "fb68-5d4c2f8a7a7fe-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 10900
x-amz-cf-id: pxppqwoVN1tXQUPEb5Rhx4J9OcQe7qA7naP85k-m8NoX7TZ4o2eAJg==

GET
H/1.1 200
OK all.min.js Show response
validate.onecount.net/js/ 61 KB
21 KB 543ms
111ms Script
application/javascript 50.31.163.11
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/js/all.min.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.31.163.11 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: chi-validate.onecount.net
Software: nginx /
Resource Hash: 7fcb39e632e5b859e385dc26327ce2e389d71410ac13b019c42d0e3155025cd8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:13:59 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:53:57 GMT
server: nginx
etag: W/"61734105-f323"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, public, private
transfer-encoding: chunked
expires: Tue, 18 Jan 2022 16:13:59 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 30ms
8ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 14:58:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 350151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 14:58:08 GMT

GET
H2 200 gpt.js
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 236ms
149ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1104 / 398 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 17 Jan 2022 16:14:00 GMT

GET
H2 200 style.min.css
www.heraldextra.com/wp-includes/css/dist/block-library/ 79 KB
11 KB 9ms
8ms Stylesheet
text/css 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.3
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:56 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 15:19:56 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185883
etag: "13abe-5c921eaf59ce9-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 10523
x-amz-cf-id: E5-PmbQMGEfHnnCEQgs254D1nec3ZeQww7W_KOpZP6Jzda5RpPsSaw==

GET
H2 200 daily_herald_logo.svg
www.heraldextra.com/wp-content/themes/oni_2021_daily/images/ 5 KB
3 KB 11ms
9ms Image
image/svg+xml 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/images/daily_herald_logo.svg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 6d57f608a733bc3af253e3b75bda92c747c351b01cbcbb4ee3ce18f4a04df155

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 00:09:49 GMT
content-encoding: gzip
last-modified: Mon, 16 Aug 2021 18:15:38 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 57851
etag: "142f-5c9b13029e680-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 2262
x-amz-cf-id: Bs2LDMzu025sbxwwf2Fo-xBUyPSmvLXIMgjfJrEL236NxC_CZE5eKw==

GET
H/1.1 200
OK classic-10_7.css
cdn-images.mailchimp.com/embedcode/ 4 KB
2 KB 34ms
7ms Stylesheet
text/css 65.9.63.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-images.mailchimp.com/embedcode/classic-10_7.css
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-91.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 05:39:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Dec 2015 16:52:30 GMT
Server: AmazonS3
Age: 38045
ETag: W/"ae0fc9b84c30cada1784022044962394"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA56-C1
X-Amz-Cf-Id: LxgYe5beqoBzp7O2TIuHGujuEASqdBJXmsZswdeCuj4dXMBUc30pwg==

GET
H/1.1 200
OK mc-validate.js Show response
s3.amazonaws.com/downloads.mailchimp.com/js/ 140 KB
140 KB 407ms
115ms Script
application/javascript 54.231.130.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.130.0 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b15aceb04dbf5604df5617cfe984f48479cb131c1df02825d1c24e9f35d01857

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:00 GMT
Last-Modified: Mon, 20 Aug 2018 17:42:38 GMT
Server: AmazonS3
x-amz-request-id: GEY5Z1PQZZKCAYB3
ETag: "6465dd4a8331265e6629cd069e03504c"
Content-Type: application/javascript
Cache-Control: public,max-age=2592000
Accept-Ranges: bytes
Content-Length: 143249
x-amz-id-2: l4/SS2LW14CD+Mn4DJKTlwZFRO1M0jVhvW6POmbCc60gIQR2JlDHNepOhQJAVkGF+8dfUH58s14=

GET
H/1.1 200
OK Quinoa-thumbnail-3-460x259.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/13173420/ 36 KB
37 KB 450ms
115ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/13173420/Quinoa-thumbnail-3-460x259.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:01 GMT
Last-Modified: Fri, 14 Jan 2022 00:34:21 GMT
Server: AmazonS3
x-amz-request-id: F09WZ43GW04NKQFZ
ETag: "2d38b9eaf6f6273148e436e607b9f110"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 37101
x-amz-id-2: zkM7g2iWbzy6OTIIy0IV/vQl16eT5tjyTT3/JxzCzcOxBmbGg9o+ZFXcMhwtIuhZBk379I8llXI=
Expires: Sat, 14 Jan 2023 00:34:20 GMT

GET
H/1.1 200
OK 82cf113232e02edb8d342fdad5ef32aa-411x274.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/06/19070221/ 47 KB
48 KB 450ms
116ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/06/19070221/82cf113232e02edb8d342fdad5ef32aa-411x274.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:01 GMT
Last-Modified: Fri, 20 Aug 2021 01:32:16 GMT
Server: AmazonS3
x-amz-request-id: F09W6H0PE9Z97R8N
ETag: "8e3dd6598f15c0cc13fb0048c61ae89b"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 48353
x-amz-id-2: boOCP4BOtZnj78qmaGvu64TpUF5PbCGcpP0GpVArx/BgqXlESGCMI/ZjTSIQKbx+6Hyx+iPq0W4=
Expires: Sat, 20 Aug 2022 01:32:15 GMT

GET
H/1.1 200
OK image002-365x274.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/14162133/ 19 KB
20 KB 449ms
115ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/14162133/image002-365x274.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:01 GMT
Last-Modified: Fri, 14 Jan 2022 23:21:35 GMT
Server: AmazonS3
x-amz-request-id: F09QDHDFND8R3PQB
ETag: "ddc5b26bf25db189bd42b94354a4a7e9"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 19918
x-amz-id-2: yWe/+a8lMI+R6Oz9lV/HbhqzhRiYymWKIXscTknKzQJVmRYiMqwOmyJZ7r1eSY+JcqHkmR4HajM=
Expires: Sat, 14 Jan 2023 23:21:34 GMT

GET
H2 200 wp-embed.min.js Show response
www.heraldextra.com/wp-includes/js/ 1 KB
1 KB 8ms
8ms Script
application/javascript 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-includes/js/wp-embed.min.js?ver=5.8.3
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:06:45 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 15:19:56 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 187634
etag: "592-5c921eaf648ca-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 765
x-amz-cf-id: PyRPqCA41kcmB4UqzA5jPXHpa16pB6vtezOPFh4qAB6EInK-2Ad96A==

GET
H2 200 lazyload.min.js Show response
cdn.jsdelivr.net/npm/vanilla-lazyload@11.0.6/dist/ 5 KB
3 KB 135ms
21ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vanilla-lazyload@11.0.6/dist/lazyload.min.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd9b21475370627e77a6988f76c0bf93a005f9e66c4f2e9fd62e5c2de5976dc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 943850
x-jsd-version: 11.0.6
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19137-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"1499-chVA5Lq8JbbyRbkq7vcOmT5AjYA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6cf0dfc30ee64e49-FRA

GET
H2 200 print.css
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/ 1 KB
848 B 9ms
8ms Stylesheet
text/css 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/print.css
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 2aa38f9689f47b8c0620ba023e4f88b244bd1645532d526a77e308bce3e4292d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:57 GMT
content-encoding: gzip
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185883
etag: "4ce-5c7050ee1db80-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 457
x-amz-cf-id: vJIktPPa8HEnQ_7YZrC1iP-l2wJMh4S1OnhTOhlDvE5BqcVZwjL6hA==

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
975 B 38ms
16ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8dd5d260a5dc3c4d883eddc0f204ab1383d00aa9ac46cebfd577d8ae5868b41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 15:22:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 17 Jan 2022 16:13:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 Jan 2022 16:13:59 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 34ms
32ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-92804485-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-3240622-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

27b806f24e1c325299f76d347e315341092625023bc76301a2b2c15fed67ea11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36537
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 Jan 2022 16:14:00 GMT

GET
H/1.1 200
OK index.php
validate.onecount.net/onecount/api/public/ 706 B
892 B 192ms
190ms Script
application/json 50.31.163.11
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/onecount/api/public/index.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&host=www.heraldextra.com&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&cookie=&sid=&js=1&url=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&referrer=
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.31.163.11 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: chi-validate.onecount.net
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/json
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
transfer-encoding: chunked
access-control-allow-orgin: *
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK index.php
validate.onecount.net/js/custom/ 63 B
371 B 300ms
107ms Script
application/javascript 50.31.163.11
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/js/custom/index.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&host=www.heraldextra.com
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.31.163.11 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: chi-validate.onecount.net
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:26:25 GMT
content-encoding: gzip
transfer-encoding: chunked
server: nginx
cache-control: private
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H/1.1 200
OK a.php Show response
validate.onecount.net/onecount/automation/ 2 B
546 B 167ms
166ms Script
application/json 50.31.163.11
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.31.163.11 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: chi-validate.onecount.net
Software: nginx /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/json
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
transfer-encoding: chunked
access-control-allow-orgin: *
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 83ms
7ms Script
application/javascript 65.9.71.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-71-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: c59ecf34c8e169eb2c385296530f952be5ced6af24abbe7f2d47b89e520be544

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: SKwQUYZY6s9wJPymt5_yhNbSVWOe2iBW
content-encoding: gzip
etag: 8d3665a9b316600491247ca6d78c204c
age: 157
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 17F89QFWJ31J1D5AXRGE
date: Mon, 17 Jan 2022 16:11:23 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 8es0iu6xAzAwN-Sp5q-w2o3brKu-qEQyZylWQstCDU30Ox7Z8ciUvQ==

GET
H2 200 85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed
detectdiscovery.com/ 88 KB
26 KB 376ms
302ms Script
text/javascript 35.190.62.199
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://detectdiscovery.com/85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.62.199 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

199.62.190.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "df69efcef919ee2c064fb083e7fd86ca1407adf46a7faf9074f87763ce494f5a"
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-dw7g
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Mon, 17 Jan 2022 16:14:00 GMT
timing-allow-origin: *

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
23 KB 81ms
9ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 04:27:49 GMT
x-content-type-options: nosniff
age: 301571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 14 Jan 2023 04:27:49 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 88ms
16ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 21:26:28 GMT
x-content-type-options: nosniff
age: 586052
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 10 Jan 2023 21:26:28 GMT

GET
H2 200 fontello.woff2
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/font/ 3 KB
4 KB 8ms
8ms Font
application/octet-stream 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/font/fontello.woff2?63277023
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 1d376489c78a57ab22ae9aacfec24b47e8f3a2ba8731f7112fe21902baf83c40

Request headers

Referer: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:57 GMT
content-encoding: gzip
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185883
etag: "cd8-5c7050ee1db80-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 3311
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
x-amz-cf-id: WKf4-pfnqyEuIbqcyvvv2MWthKSfcw8wlYY9hDKn94kP5VrMR-_l-Q==

GET
H2 200 S6u8w4BMUTPHh30AXC-q.woff2
fonts.gstatic.com/s/lato/v20/ 21 KB
21 KB 57ms
19ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u8w4BMUTPHh30AXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d971119a046fb86eeec343e50c680c36a72eb2df85521c8f343dc9678924398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 09:44:04 GMT
x-content-type-options: nosniff
age: 455396
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21580
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:37 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 12 Jan 2023 09:44:04 GMT

GET
H/1.1 200
OK Nu-Sking-emoployees-making-gifts.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15123830/ 67 KB
68 KB 410ms
118ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15123830/Nu-Sking-emoployees-making-gifts.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:01 GMT
Last-Modified: Wed, 15 Dec 2021 19:38:31 GMT
Server: AmazonS3
x-amz-request-id: F09VB5G1K37CSKJA
ETag: "dfc331a37bb524e43715946f8c0ca62c"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 68723
x-amz-id-2: G3tRKYLR81IeDBpg/onEtj7LKQFEnvpx47i2dMOoC9cygto5vz4qhf6LpWcDPK38hANNLpn4+yA=
Expires: Thu, 15 Dec 2022 19:38:30 GMT

GET
H/1.1 200
OK Nu-Skin-semsoory-panel.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124022/ 63 KB
64 KB 407ms
116ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124022/Nu-Skin-semsoory-panel.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:01 GMT
Last-Modified: Wed, 15 Dec 2021 19:40:23 GMT
Server: AmazonS3
x-amz-request-id: F09J31V7THC253HR
ETag: "e26adcaa611ac6adb8476d4bae87f699"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 64984
x-amz-id-2: V/K1Oz7T57/EaS+0YsoYAkNqHaO1TY7Vf6Iku/itszVstOgavH6TvQ0S6l53Y4AIus5ZNiAAE6Y=
Expires: Thu, 15 Dec 2022 19:40:22 GMT

GET
H/1.1 200
OK Nu-Skin-employees-listen-to-sensory-panel.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124206/ 97 KB
97 KB 409ms
118ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124206/Nu-Skin-employees-listen-to-sensory-panel.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:01 GMT
Last-Modified: Wed, 15 Dec 2021 19:42:07 GMT
Server: AmazonS3
x-amz-request-id: F09TVHW77AVJ3STX
ETag: "75aceb828165c1b994e2d00df9fae4f7"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 99305
x-amz-id-2: jwdlab8EqQKzgw3e5ejfRIAVa8aBUXc82KW7lV0NyRWdO03bGNyQ/v/G5mncV/vZczs5/FnMw7c=
Expires: Thu, 15 Dec 2022 19:42:06 GMT

GET
H2 200 blur_image.jpg
www.heraldextra.com/wp-content/themes/oni_2021_daily/images/ 12 KB
13 KB 18ms
18ms Image
image/jpeg 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/images/blur_image.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: eb66a3807316801bcea37697d7af86a86345dfe48f335e7f804f73df1a85fc5e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 09:17:27 GMT
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 24993
etag: "30a7-5c7050ee1db80"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 12455
x-amz-cf-id: 2KkyBnAVSBK1prw9FLDmgr2NZJRyrrzposv-CYWDVbqMxtLGcsTL7g==

GET
H2 200 inc_breakingNews.js
www.heraldextra.com/_breakingNews/ 216 B
509 B 294ms
294ms XHR
application/javascript 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/_breakingNews/inc_breakingNews.js?_=1642436040089
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: gzip
last-modified: Tue, 09 Nov 2021 11:10:53 GMT
server: Apache/2.4.51 () PHP/7.4.21
x-amz-cf-pop: FRA6-C1
etag: "d8-5d05929acf861-gzip"
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=2628000
accept-ranges: bytes
content-length: 111
x-amz-cf-id: d__vo44WHa85CWaERhiL_if-gFV7w0VkGg4-FujcFNUGAeKlR81xWA==

GET
H2 200 analytics.js
www.google-analytics.com/ 49 KB
20 KB 31ms
6ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-92804485-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4374
date: Mon, 17 Jan 2022 15:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 17 Jan 2022 17:01:06 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
312 B 9ms
9ms XHR
text/plain 65.9.71.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.heraldextra.com&pubid=729ce0ef-27ae-4112-a6f1-52cb2c548a08
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-71-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 13:56:52 GMT
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
server: Server
age: 8227
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.heraldextra.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: dDPpzoSDKrp3v70Q7TKsobsug9chP2GDzdF0_zpwHHOxGq8Ls5ii-w==

GET
H2 200 aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 24ms
10ms XHR
application/javascript 65.9.71.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-71-173.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
x-amz-cf-pop: FRA56-C1
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 22 Dec 2021 01:41:37 GMT
server: AmazonS3
date: Mon, 17 Jan 2022 16:14:00 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-id: Ns1HOk6o-0yzjVOKu0TZmkJ-2yLoAzCKUNGEC8s2yWEcpMJEJzDPmg==

POST
H3 200 collect
www.google-analytics.com/j/ 2 B
22 B 28ms
14ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=835053204&t=pageview&_s=1&dl=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&ul=en-us&de=UTF-8&dt=Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwide%20%7C%20News%2C%20Sports%2C%20Jobs%20-%20Daily%20Herald&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=227794036&gjid=1357311193&cid=2125727322.1642436040&tid=UA-92804485-1&_gid=90434243.1642436040&_r=1&gtm=2ou1c0&z=291479630

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.heraldextra.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect
stats.g.doubleclick.net/j/ 4 B
445 B 59ms
19ms XHR
text/plain 2a00:1450:400c:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-92804485-1&cid=2125727322.1642436040&jid=227794036&gjid=1357311193&_gid=90434243.1642436040&_u=YEBAAUAAAAAAAC~&z=1443609878

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 17 Jan 2022 16:14:00 GMT
content-type: text/plain
access-control-allow-origin: https://www.heraldextra.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Primary Request / Show response
www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Redirect Chain

https://on-reg.onecount.net/onecount/redirects/index.php?action=get-tokens&js=1&sid=&return=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certifi...
https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

51 KB
13 KB

9ms
8ms

Document
text/html

99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 / PHP/7.4.21
Resource Hash: 79c6ee01469a33f1b8b7a125e65cb8c8d82340312c331ca7f9db94e12bf47d36

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Response headers

content-type: text/html; charset=UTF-8
content-length: 12911
date: Mon, 17 Jan 2022 16:12:09 GMT
server: Apache/2.4.51 () PHP/7.4.21
x-powered-by: PHP/7.4.21
expires: Mon, 17 Jan 2022 15:29:54 GMT
cache-control: max-age=600, s-maxage=86400
link: <https://www.heraldextra.com/?p=1586117>; rel=shortlink
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: WY9aJ9qubzvdkAEfWieigsVo7vDHbW_HKHbljebwCSy4mRoJRkmltw==
age: 112

Redirect headers

server: nginx
date: Mon, 17 Jan 2022 16:14:01 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
location: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
strict-transport-security: max-age=16000000; includeSubDomains; preload;

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 56ms
32ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-92804485-1&cid=2125727322.1642436040&jid=227794036&_u=YEBAAUAAAAAAAC~&z=356009255

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 52ms
31ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-92804485-1&cid=2125727322.1642436040&jid=227794036&_u=YEBAAUAAAAAAAC~&z=356009255

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_2022011002.js
securepubads.g.doubleclick.net/gpt/ 352 KB
118 KB 24ms
8ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 17 Jan 2023 16:12:15 GMT

GET
H3 200 ppub_config
securepubads.g.doubleclick.net/pagead/ 160 B
135 B 31ms
16ms XHR
application/json 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 0
expires: Mon, 17 Jan 2022 16:14:00 GMT

GET
H2 200 bid
c.amazon-adsystem.com/e/dtb/ 23 B
495 B 117ms
117ms XHR
text/javascript 65.9.71.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&pid=aZjKG2YmLeyyj&cb=0&ws=1600x1200&v=7.72.0&t=3000&slots=%5B%7B%22sd%22%3A%22DHPU_Top_728x90%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%2C%22452x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Top_728x90%22%7D%2C%7B%22sd%22%3A%22DHPU_Right_300x600%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Right_300x600%22%7D%2C%7B%22sd%22%3A%22DHPU_Bottom_728x90%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%2C%22452x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Bottom_728x90%22%7D%2C%7B%22sd%22%3A%22DHPU_Article_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Article_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Article2_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Article2_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Middle_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Middle_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Middle2_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Middle2_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_FloatBar_1x1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_FloatBar_1x1%22%7D%2C%7B%22sd%22%3A%22DHPU_PAW_1x1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_PAW_1x1%22%7D%5D&pubid=729ce0ef-27ae-4112-a6f1-52cb2c548a08&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.71.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-71-173.fra56.r.cloudfront.net

Software

Server /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:00 GMT
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C1
x-amz-rid: HW776EV4D7TH5C0D5KPM
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.heraldextra.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: y7NgdRgrS8uWDVzXL-100etpeZz7kmTNGh5Yi2gZkTLBMyLY-Nrdvw==

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
481 B 48ms
7ms Image
image/gif 2600:9000:214f:6600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront)
age: 14169566
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: 0LjQ_Dg6v6O162bfUrXA2tkclBGkR0AM03PysD3-MbxWS2sH4QlyAw==

GET
H2 200 integrator.js
adservice.google.de/adsid/ 107 B
792 B 40ms
17ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js
adservice.google.com/adsid/ 107 B
549 B 39ms
16ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET ads
securepubads.g.doubleclick.net/gampad/ 0
0

GET
H2 200 sodar
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 46ms
22ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8669
x-xss-protection: 0

GET
H2 200 container.html
25d885a63e82cae0be7b73d4d0f9a172.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F094 6 KB
4 KB 111ms
41ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://25d885a63e82cae0be7b73d4d0f9a172.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 17 Jan 2022 16:14:00 GMT
expires: Tue, 17 Jan 2023 16:14:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 161ms
138ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:14:00 GMT

GET
H3 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9C11 13 KB
5 KB 25ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Jan 2022 15:44:51 GMT
expires: Tue, 17 Jan 2023 15:44:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1749
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 8B24 783 B
536 B 34ms
17ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2z5gvVFuMQ6P2le/9BTYJQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 17 Jan 2022 16:14:00 GMT
date: Mon, 17 Jan 2022 16:14:00 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-2z5gvVFuMQ6P2le/9BTYJQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js
pagead2.googlesyndication.com/bg/ Frame 9C11 35 KB
13 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 245648
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8B24 0
0 60ms
46ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=1230917285278013&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

POST v2qvsEcQISNfOaR9g0Sy-RgfboG5uf9qczXgyMqSm0FODpBJ-8mK7a3UIGhOscfFtrKfPnE3e
butterbulb.com/ 0
0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9C11 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ZKD-Sg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=1230917285278013&bg=!fH-lfzvNAAaocxMpqHM7ACkAdvg8Wg6F3I22RA7mO6nVK168OF7qLGo0wi35srvYRfFYVh40GHRwbAIAAABzUgAAAANoAQcKAGW587JMFWKiPHQXkg_qF--AHibQ8-PrJdZllbyqYoEPTegPbgWoqxdxGA8MaFC7-_dG-NO05g5d9Ku0nSf6qT6HDU7IaZqwmviZemt_cmVqJ8kh8d_cCqpJfk4v5PizXHVnh081q5kCyu8eEoC-2HNi2_i5khsFsNpBQfnR-lonvELWNcl_sVN7M2DZ5VkoAthOLIUpPubKdLMD9laPKQO51dgYtIPTbf1WRujEEIimYWHSKA3Jg0NfWx9W19g85TFZMhyv5TXBpW_B0xvrRp9a0Rw9IvtNtRLkzSt5k5zpEc4ZQd73y4jzdU5-_snaGM3PGCeAGy7jDprAXdy_7dPRtjnxoI3tFlamDhjek0LEU95KqGbjFX3ut11cZSCfuLgVr_m-egqYz0G30lbnCNg-uy58WgI6GJzCyze0wKbHW51-8gB4ZFV21zRDodx5PFlNoVLe-uacmDbfCo4VeOst1hksnCDhTz6nFHk7O8zlYzR4WsPLbGoBhNqMalunEn_Wgyu3LxRlv_z2VknQnoQr6TaNlJsppYALgVjULuUGgAZqzSPnOHXvniXgVHwvJXKmxIS7RAQ1HUdGWWdil4raqYO_rphVyF0HYQk3lNmWufTNvKTqnQ2CVDPGxtpgCboLdRSLnK3QG3zkOnZWesoLB5b2CKr_AVlYmAa9H4s2RoHhq7mHF15TOX9bHVetj1xzLwAJwgysLlsR1LoDyK_O8cS9m1LhD5Kx2zxr--meQCQlJNbheYNJwbXvEWXV_l9EoauOfuhGmyUxnpcBbEFrgJXp8_lHYxOLHDDy3BUd790zRIPV4YysKKLnC_o3Wz0dfP9NSgXPBLktEEjNk-46Xyo-gR1NaFGHsBppJ_VJXLEeo0L1oNCJJXbC0ldc_mDgVAw3AN-naDv-JU5TgEQSTnlIRM_d3b-ymQYOWDGYRpsZw4s1jN2AcDvuDf3o9BrZRXtgONtQijCRK80dQidEbQ28dRRLJY8cqDsbFIkgyqbOSKwxz9JtzjtGdJsny2z3kZVpGh8jelU3Uf9vknE7JbviiaPFh9ccMWGq-KrJ3ifAvJEDAag1T_GHoyHCVXq1vA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-3240622-1

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5f0829677311730166f61ee211e27a13d0439f716f3c454ad9a1d0cda31fc1fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36512
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 Jan 2022 16:14:01 GMT

GET
H2 200 layout.css
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/ 63 KB
11 KB 10ms
8ms Stylesheet
text/css 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 722210b715ecf92d8ac18dcb76fee5f651a2ac73f040c5b38b772d8d519976d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:56 GMT
content-encoding: gzip
last-modified: Tue, 04 Jan 2022 15:05:44 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185885
etag: "fb68-5d4c2f8a7a7fe-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 10900
x-amz-cf-id: oFcdhyfVM2xn9tNpo3cMckenP__vefAejG0wiLfSIsEjMYCqcQ6ggw==

GET
H/1.1 200
OK all.min.js Show response
validate.onecount.net/js/ 61 KB
21 KB 115ms
114ms Script
application/javascript 50.31.163.11
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/js/all.min.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.31.163.11 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: chi-validate.onecount.net
Software: nginx /
Resource Hash: 7fcb39e632e5b859e385dc26327ce2e389d71410ac13b019c42d0e3155025cd8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: gzip
last-modified: Fri, 22 Oct 2021 22:53:57 GMT
server: nginx
etag: W/"61734105-f323"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, public, private
transfer-encoding: chunked
expires: Tue, 18 Jan 2022 16:14:01 GMT

GET
H3 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
30 KB 25ms
10ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 14:58:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 350153
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 14:58:08 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
26 KB 96ms
95ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1104 / 85 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 17 Jan 2022 16:14:01 GMT

GET
H2 200 style.min.css
www.heraldextra.com/wp-includes/css/dist/block-library/ 79 KB
11 KB 9ms
8ms Stylesheet
text/css 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.3
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:56 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 15:19:56 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185885
etag: "13abe-5c921eaf59ce9-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 10523
x-amz-cf-id: zQmDXagaJvVckElapNk1CGaYDuyPIAsMFOW-7gj_TEyld2MJ7bK8eg==

GET
H2 200 daily_herald_logo.svg
www.heraldextra.com/wp-content/themes/oni_2021_daily/images/ 5 KB
3 KB 8ms
8ms Image
image/svg+xml 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/images/daily_herald_logo.svg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 6d57f608a733bc3af253e3b75bda92c747c351b01cbcbb4ee3ce18f4a04df155

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 00:09:49 GMT
content-encoding: gzip
last-modified: Mon, 16 Aug 2021 18:15:38 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 57852
etag: "142f-5c9b13029e680-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 2262
x-amz-cf-id: NYp7ta5Wdr-OazS4H73iOILrf7tbxxxQ_olvMkIFvVesv8ZX-Ghh-A==

GET
H/1.1 200
OK classic-10_7.css
cdn-images.mailchimp.com/embedcode/ 4 KB
2 KB 7ms
7ms Stylesheet
text/css 65.9.63.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-images.mailchimp.com/embedcode/classic-10_7.css
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-91.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 05:39:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Dec 2015 16:52:30 GMT
Server: AmazonS3
Age: 38047
ETag: W/"ae0fc9b84c30cada1784022044962394"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA56-C1
X-Amz-Cf-Id: nSWn7TbfDyFptrXSJB_aIXD8xEnDb48dvbpzRLP-mbmBRAypgewH9A==

GET
H/1.1 200
OK mc-validate.js Show response
s3.amazonaws.com/downloads.mailchimp.com/js/ 140 KB
140 KB 106ms
106ms Script
application/javascript 54.231.130.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.130.0 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b15aceb04dbf5604df5617cfe984f48479cb131c1df02825d1c24e9f35d01857

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:02 GMT
Last-Modified: Mon, 20 Aug 2018 17:42:38 GMT
Server: AmazonS3
x-amz-request-id: DWVQTBNCSCX16PKA
ETag: "6465dd4a8331265e6629cd069e03504c"
Content-Type: application/javascript
Cache-Control: public,max-age=2592000
Accept-Ranges: bytes
Content-Length: 143249
x-amz-id-2: OwCOIFwc1rSJDt+BKf4yb55i7pzJ5VdBvOxOgPJEXgDTBYbe6cspfsUmNcu3z3vJPQs954jmaug=

GET
H/1.1 200
OK Quinoa-thumbnail-3-460x259.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/13173420/ 36 KB
37 KB 111ms
110ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/13173420/Quinoa-thumbnail-3-460x259.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: f9add41b34d28dd25695af28d7d87aaf8e4e3612aaa5b0d5d58d2df7bc000a6c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:02 GMT
Last-Modified: Fri, 14 Jan 2022 00:34:21 GMT
Server: AmazonS3
x-amz-request-id: DWVT496MNTYWAKYX
ETag: "2d38b9eaf6f6273148e436e607b9f110"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 37101
x-amz-id-2: +VJs99CjAgqTfp7P3R+4wAUzcF/MnvaXzYClZMbj6FZQwulhMAJNzCV2b0mWWQ5UH0dY8ma1tQE=
Expires: Sat, 14 Jan 2023 00:34:20 GMT

GET
H/1.1 200
OK 82cf113232e02edb8d342fdad5ef32aa-411x274.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/06/19070221/ 47 KB
48 KB 112ms
110ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/06/19070221/82cf113232e02edb8d342fdad5ef32aa-411x274.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 40110f7498faa8c9394743de0ac8ec779c19c6085ae35dd954e52d6bb26a17a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:02 GMT
Last-Modified: Fri, 20 Aug 2021 01:32:16 GMT
Server: AmazonS3
x-amz-request-id: DWVPB4K986ZXPST6
ETag: "8e3dd6598f15c0cc13fb0048c61ae89b"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 48353
x-amz-id-2: x6en/2AdQHsOptvmUGB2ie7Ou0CSeGc7A1Dquyg7WH9GccevQ+3GDjXeLR2Z/pN/Jo71gQMHOOs=
Expires: Sat, 20 Aug 2022 01:32:15 GMT

GET
H/1.1 200
OK image002-365x274.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/14162133/ 19 KB
20 KB 110ms
107ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2022/01/14162133/image002-365x274.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7a537efc2ae5b8c92d1106ff5c3a0142d9119c440044e007438abb2074235015

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:02 GMT
Last-Modified: Fri, 14 Jan 2022 23:21:35 GMT
Server: AmazonS3
x-amz-request-id: DWVHYY3WX7BR11RF
ETag: "ddc5b26bf25db189bd42b94354a4a7e9"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 19918
x-amz-id-2: M9stXuKTDl1O6eT9FYvZC8FFZ2ZJW5tn9zmI6vq6Ae1mkVoDFN3gLOSUD+Ul6AuyD6+6dM09IwI=
Expires: Sat, 14 Jan 2023 23:21:34 GMT

GET
H2 200 wp-embed.min.js Show response
www.heraldextra.com/wp-includes/js/ 1 KB
1 KB 8ms
8ms Script
application/javascript 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-includes/js/wp-embed.min.js?ver=5.8.3
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:06:45 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 15:19:56 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 187636
etag: "592-5c921eaf648ca-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 765
x-amz-cf-id: 3yum9dv-uEx2kgV2gbqZx3_tjlngDDwQk-2t_i_86wNqVHgsxsHmlQ==

GET
H3 200 lazyload.min.js Show response
cdn.jsdelivr.net/npm/vanilla-lazyload@11.0.6/dist/ 5 KB
2 KB 84ms
50ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vanilla-lazyload@11.0.6/dist/lazyload.min.js

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd9b21475370627e77a6988f76c0bf93a005f9e66c4f2e9fd62e5c2de5976dc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7241211
x-jsd-version: 11.0.6
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19154-FRA, cache-mxp6950-MXP
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"1499-chVA5Lq8JbbyRbkq7vcOmT5AjYA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6cf0dfcb5fb7839a-MXP

GET
H2 200 print.css
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/ 1 KB
847 B 10ms
8ms Stylesheet
text/css 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/print.css
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 2aa38f9689f47b8c0620ba023e4f88b244bd1645532d526a77e308bce3e4292d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:57 GMT
content-encoding: gzip
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185884
etag: "4ce-5c7050ee1db80-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 457
x-amz-cf-id: vIMATon8ig3hKNcXlkFX7As5rrp4E6BT83yeS_N57nMzGBvA5kxOiw==

GET
H3 200 css2
fonts.googleapis.com/ 3 KB
473 B 33ms
17ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8dd5d260a5dc3c4d883eddc0f204ab1383d00aa9ac46cebfd577d8ae5868b41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 16:04:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 17 Jan 2022 16:14:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 Jan 2022 16:14:01 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
36 KB 26ms
24ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-92804485-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-3240622-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5d502c6302ccc823a3667d1af7f30e174f1843ad5d8b6e44996ffd81e1747beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36538
x-xss-protection: 0
last-modified: Mon, 17 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 Jan 2022 16:14:01 GMT

GET
H/1.1 200
OK index.php Show response
validate.onecount.net/onecount/api/public/ 648 B
942 B 231ms
229ms Script
application/json 50.31.163.11
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/onecount/api/public/index.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&host=www.heraldextra.com&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/97.0.4692.71%20Safari/537.36&cookie=_gcna%3D0.0.1642436040.1%3B%20_gcnb%3D1642436040.1%3B%20_gcnz%3D%3B%20_ga%3DGA1.2.2125727322.1642436040%3B%20_gid%3DGA1.2.90434243.1642436040%3B%20_gat_gtag_UA_92804485_1%3D1%3B%20oc-js-session%3Dgbrvbugnhhasi6t5t67ck58vu7&sid=gbrvbugnhhasi6t5t67ck58vu7&js=1&url=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&referrer=https://www.heraldextra.com/
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.31.163.11 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: chi-validate.onecount.net
Software: nginx /
Resource Hash: 6d8d13adeda783683e5c5d96519581ed9ffa1b74ac4c0309fe8790409a4e59ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/json
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
transfer-encoding: chunked
access-control-allow-orgin: *
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK index.php Show response
validate.onecount.net/js/custom/ 63 B
371 B 115ms
113ms Script
application/javascript 50.31.163.11
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/js/custom/index.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&host=www.heraldextra.com
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.31.163.11 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: chi-validate.onecount.net
Software: nginx /
Resource Hash: bff25bb684e20763177fc1204c049d141b44fdcbcbf6b1f7f3599bb1862b8100

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:26:26 GMT
content-encoding: gzip
transfer-encoding: chunked
server: nginx
cache-control: private
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H/1.1 200
OK a.php Show response
validate.onecount.net/onecount/automation/ 2 B
466 B 138ms
138ms Script
application/json 50.31.163.11
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Requested by: Host: validate.onecount.net
URL: https://validate.onecount.net/js/all.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.31.163.11 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: chi-validate.onecount.net
Software: nginx /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/json
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
transfer-encoding: chunked
access-control-allow-orgin: *
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 10ms
6ms Script
application/javascript 65.9.71.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-71-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: c59ecf34c8e169eb2c385296530f952be5ced6af24abbe7f2d47b89e520be544

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: SKwQUYZY6s9wJPymt5_yhNbSVWOe2iBW
content-encoding: gzip
etag: 8d3665a9b316600491247ca6d78c204c
age: 158
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 17F89QFWJ31J1D5AXRGE
date: Mon, 17 Jan 2022 16:11:23 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 5MpgdDsIfFvwLkLsNwjBNmGA82TR6chzazNSDDtDe7iKs6Pnr5AGCw==

GET
H2 200 85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed Show response
detectdiscovery.com/ 88 KB
26 KB 299ms
295ms Script
text/javascript 35.190.62.199
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://detectdiscovery.com/85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.62.199 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

199.62.190.35.bc.googleusercontent.com

Software

Resource Hash

6b99808b168cb2ef8d11818bbd8148d9e7d6658bc655ce4497e420c4802ad039

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "df69efcef919ee2c064fb083e7fd86ca1407adf46a7faf9074f87763ce494f5a"
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-dw7g
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Mon, 17 Jan 2022 16:14:01 GMT
timing-allow-origin: *

GET
H3 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
22 KB 32ms
14ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 04:27:49 GMT
x-content-type-options: nosniff
age: 301572
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 14 Jan 2023 04:27:49 GMT

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 34ms
17ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 21:26:28 GMT
x-content-type-options: nosniff
age: 586053
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 10 Jan 2023 21:26:28 GMT

GET
H2 200 fontello.woff2
www.heraldextra.com/wp-content/themes/oni_2021_daily/css/font/ 3 KB
4 KB 9ms
9ms Font
application/octet-stream 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/font/fontello.woff2?63277023
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: 1d376489c78a57ab22ae9aacfec24b47e8f3a2ba8731f7112fe21902baf83c40

Request headers

Referer: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:35:57 GMT
content-encoding: gzip
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 185884
etag: "cd8-5c7050ee1db80-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
access-control-allow-origin: *
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 3311
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
x-amz-cf-id: -5T8l4RofZC5Y24N8V2YjYczfXzNzyKjQAqbhtF2m_iMPTzL428NJA==

GET
H3 200 S6u8w4BMUTPHh30AXC-q.woff2
fonts.gstatic.com/s/lato/v20/ 21 KB
21 KB 20ms
12ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u8w4BMUTPHh30AXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@100;300;400;700;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d971119a046fb86eeec343e50c680c36a72eb2df85521c8f343dc9678924398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.heraldextra.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 09:44:04 GMT
x-content-type-options: nosniff
age: 455397
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21580
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:37 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 12 Jan 2023 09:44:04 GMT

GET
H2 200 blur_image.jpg
www.heraldextra.com/wp-content/themes/oni_2021_daily/images/ 12 KB
13 KB 9ms
8ms Image
image/jpeg 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/images/blur_image.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: eb66a3807316801bcea37697d7af86a86345dfe48f335e7f804f73df1a85fc5e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/wp-content/themes/oni_2021_daily/css/layout.css?v=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 09:17:27 GMT
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
last-modified: Tue, 13 Jul 2021 18:03:42 GMT
server: Apache/2.4.51 () PHP/7.4.21
age: 24994
etag: "30a7-5c7050ee1db80"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=2628000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 12455
x-amz-cf-id: vHbeOCtMCaLe9MudcETHg6KJhPh9Ha0HEZIr5YKjqDB1KvKWii2L4w==

GET
H/1.1 200
OK Nu-Sking-emoployees-making-gifts.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15123830/ 67 KB
68 KB 120ms
119ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15123830/Nu-Sking-emoployees-making-gifts.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: a6f36fa8e2fe4a6a07456cfeaca03da4b09e7ab4d8ce52558e50b35f3a98d8d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:02 GMT
Last-Modified: Wed, 15 Dec 2021 19:38:31 GMT
Server: AmazonS3
x-amz-request-id: DWVJW6F33D32B7C2
ETag: "dfc331a37bb524e43715946f8c0ca62c"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 68723
x-amz-id-2: +M3zFAT8D7pVAv/8zleiEVsL4GlYSwMO0BqF/5d8MW46isu5BMhIcKhx06iKQyPKDdMPVPub/NA=
Expires: Thu, 15 Dec 2022 19:38:30 GMT

GET
H/1.1 200
OK Nu-Skin-semsoory-panel.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124022/ 63 KB
64 KB 108ms
108ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124022/Nu-Skin-semsoory-panel.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 1118028f6efb56ef44a489c471c961d4651ed5b8ec57bad974b267ee9aadd395

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:02 GMT
Last-Modified: Wed, 15 Dec 2021 19:40:23 GMT
Server: AmazonS3
x-amz-request-id: DWVPR5H97RX6KNRV
ETag: "e26adcaa611ac6adb8476d4bae87f699"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 64984
x-amz-id-2: 8uiXRmC8O0znFACwPcoDBDCm0FfM6kyahuu/iEPuAuAc4etGkLbR9U6pHVJHWpBALEBf0t6Nyzc=
Expires: Thu, 15 Dec 2022 19:40:22 GMT

GET
H/1.1 200
OK Nu-Skin-employees-listen-to-sensory-panel.jpg
ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124206/ 97 KB
97 KB 112ms
111ms Image
image/jpeg 52.216.226.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ogden_images.s3.amazonaws.com/www.heraldextra.com/images/2021/12/15124206/Nu-Skin-employees-listen-to-sensory-panel.jpg
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.226.176 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 9ce077008495bf3b42de08f6e6a63ab802693be717238b211d51864b7afa5c3c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 17 Jan 2022 16:14:02 GMT
Last-Modified: Wed, 15 Dec 2021 19:42:07 GMT
Server: AmazonS3
x-amz-request-id: DWVS4MEF2VR7C5HY
ETag: "75aceb828165c1b994e2d00df9fae4f7"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 99305
x-amz-id-2: wsTbkiXS8rEJ8CkS/wNkuCuc8BUNa/1KtjOplCJzuw4RSLW2bPOHCQxs9Syj3eyzyaU6j71yHDo=
Expires: Thu, 15 Dec 2022 19:42:06 GMT

GET
H2 200 inc_breakingNews.js Show response
www.heraldextra.com/_breakingNews/ 216 B
511 B 375ms
374ms XHR
application/javascript 99.86.7.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heraldextra.com/_breakingNews/inc_breakingNews.js?_=1642436041551
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-54.fra6.r.cloudfront.net
Software: Apache/2.4.51 () PHP/7.4.21 /
Resource Hash: c32feb0b2794d622e7fcd8fe31922ec811d1aff3265d1b438f4d8ce093549750

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: gzip
last-modified: Tue, 09 Nov 2021 11:10:53 GMT
server: Apache/2.4.51 () PHP/7.4.21
x-amz-cf-pop: FRA6-C1
etag: "d8-5d05929acf861-gzip"
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control: max-age=2628000
accept-ranges: bytes
content-length: 111
x-amz-cf-id: Xp5EYsWyzTpQQ3TOE6JvYinMep9JSbFY3vw62-CDyevJKX1dZT8fnQ==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
313 B 13ms
12ms XHR
text/plain 65.9.71.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.heraldextra.com&pubid=729ce0ef-27ae-4112-a6f1-52cb2c548a08
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-71-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 13:56:52 GMT
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
server: Server
age: 8228
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.heraldextra.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: tIltMlye6B3yCf7bEvtwY5Ad43yoj3TqPmHj9pYHDdDxmmSX_zRbDQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 8ms
8ms XHR
application/javascript 65.9.71.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-71-173.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 38663
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 22 Dec 2021 01:41:37 GMT
server: AmazonS3
date: Mon, 17 Jan 2022 16:14:00 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: rXKA7JtJP2mhzcoIjc7jTa28yPpyBH3EpNOAUHDE8OHhiHmkm82pPQ==

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-92804485-1&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4375
date: Mon, 17 Jan 2022 15:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 17 Jan 2022 17:01:06 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2084724016&t=pageview&_s=1&dl=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&ul=en-us&de=UTF-8&dt=Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwide%20%7C%20News%2C%20Sports%2C%20Jobs%20-%20Daily%20Herald&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUAB~&jid=&gjid=&cid=2125727322.1642436040&tid=UA-92804485-1&_gid=90434243.1642436040&gtm=2ou1c0&z=764027862

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Jan 2022 18:09:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79484
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ 352 KB
118 KB 8ms
8ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:12:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 17 Jan 2023 16:12:15 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 160 B
135 B 17ms
17ms XHR
application/json 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

f941571253bef66a69dd036e27e5b3afb06a8c8f67474645b75810df89a7dce4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 0
expires: Mon, 17 Jan 2022 16:14:01 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
495 B 57ms
57ms XHR
text/javascript 65.9.71.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&pr=https%3A%2F%2Fwww.heraldextra.com%2F&pid=Hex0UG7AK8Zr9&cb=0&ws=1600x1200&v=7.72.0&t=3000&slots=%5B%7B%22sd%22%3A%22DHPU_Top_728x90%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%2C%22452x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Top_728x90%22%7D%2C%7B%22sd%22%3A%22DHPU_Right_300x600%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Right_300x600%22%7D%2C%7B%22sd%22%3A%22DHPU_Bottom_728x90%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%2C%22452x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Bottom_728x90%22%7D%2C%7B%22sd%22%3A%22DHPU_Article_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Article_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Article2_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Article2_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Middle_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Middle_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_Middle2_300x250%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_Middle2_300x250%22%7D%2C%7B%22sd%22%3A%22DHPU_FloatBar_1x1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_FloatBar_1x1%22%7D%2C%7B%22sd%22%3A%22DHPU_PAW_1x1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%22%2F1032081%2FDHPU_PAW_1x1%22%7D%5D&pubid=729ce0ef-27ae-4112-a6f1-52cb2c548a08&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.71.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-71-173.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:01 GMT
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C1
x-amz-rid: 718JQYQJ0AN8C6GYFMHS
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.heraldextra.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: tPNJEV44sB3WHXy0VRZY7kH200OhnakwoMTaQ_dTWR-hQteRkkIKHw==

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
17ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 31ms
17ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.heraldextra.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 259 KB
41 KB 742ms
742ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2113947086930528&correlator=2740754891392999&output=ldjh&impl=fifs&eid=44757101&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220117&iu_parts=1032081%2CDHPU_Top_728x90%2CDHPU_Right_300x600%2CDHPU_Bottom_728x90%2CDHPU_Article_300x250%2CDHPU_Article2_300x250%2CDHPU_Middle_300x250%2CDHPU_Middle2_300x250%2CDHPU_FloatBar_1x1%2CDHPU_PAW_1x1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=970x250%7C728x90%7C452x250%2C300x600%2C970x250%7C728x90%7C452x250%2C300x250%2C300x250%2C300x250%2C300x250%2C1x1%2C1x1&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=SiteID%3DDHPU%26MSection%3DBusiness%26SubSection%3DBusiness%26amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1642436041&dt=1642436041740&dlt=1642436041172&idt=492&frm=20&biw=1600&bih=1200&oid=2&adxs=315%2C1170%2C315%2C-9%2C-9%2C1170%2C1170%2C800%2C800&adys=141%2C207%2C4533%2C-9%2C-9%2C868%2C1137%2C141%2C84&adks=1409385974%2C3131396195%2C2709727305%2C2112290363%2C2787689133%2C1942493593%2C409150159%2C2600185601%2C3918076839&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&ref=https%3A%2F%2Fwww.heraldextra.com%2F&vis=1&scr_x=0&scr_y=0&psz=1600x0%7C359x661%7C1600x62%7C0x-1%7C0x-1%7C360x4324%7C360x4324%7C1600x4717%7C1600x4717&msz=970x0%7C300x600%7C970x0%7C0x-1%7C0x-1%7C300x250%7C300x250%7C1600x0%7C1600x0&ga_vid=2125727322.1642436040&ga_sid=1642436042&ga_hid=2084724016&ga_fc=true&fws=0%2C0%2C0%2C2%2C2%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&btvi=0%7C0%7C1%7C-1%7C-1%7C0%7C0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

006b81f771a994272a7234e5386394477169eabd626a105a6b63c88d4017340b

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLqh24aXufUCFYeSdwodf44J2A&gqi=&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLqh24aXufUCFYeSdwodf44J2A&gqi=&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2
google-creative-id: 138378448438,138377009178,-1,138357060775,-1,138377944162,138378440521,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41999
x-xss-protection: 0
google-lineitem-id: 5886385675,5874600175,-1,5743463997,-1,5880969062,5886916928,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
date: Mon, 17 Jan 2022 16:14:02 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.heraldextra.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 798F 6 KB
3 KB 66ms
40ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 17 Jan 2022 16:14:01 GMT
expires: Tue, 17 Jan 2023 16:14:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK tracker.php
validate.onecount.net/onecount/oc_track/ 42 B
490 B 332ms
332ms Image
image/gif 50.31.163.11
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://validate.onecount.net/onecount/oc_track/tracker.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&_c=1&_d=0&_h=www.heraldextra.com&_l=en-US&_p=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&_pf=Linux%20x86_64&_r=https%3A%2F%2Fwww.heraldextra.com%2F&_s=1600x1200&_t=Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwide%20%7C%20News%2C%20Sports%2C%20Jobs%20-%20Daily%20Herald&_u=129325867&_us=0nZx84Z2uL&_v=5.0&_k=Business,Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwideLocal%20Business,Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwideLocal%20News,Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwideNews,Nu%20Skin%20becomes%20first%20sensory%20certified%20company%20worldwide&_cv=&_ds=746826627~en-US~24~1200x1600~0~1~1~true~undefined~undefined~undefined~Linux%20x86_64~~2281715471~2386483247~0~1~Not%20Installed~Not%20Installed~24%7C1600%7C1200%7C1600%7C1200~3852541374~3888339597&_ca=9a7b4b941320deef326eb399925cf291dd1ebdad&_gcna=0.4e69637622743d49ec4fa3424343aee364a637fe91d99f3a2f403761a9a083fd.1642436042.1&_gcnb=1642436042.1&_gcno=0&_gcnt=4e69637622743d49ec4fa3424343aee364a637fe91d99f3a2f403761a9a083fd&_gcnz=https%3A%2F%2Fwww.heraldextra.com%2F&_nvstr=1&_rvstr=0&_pctr=1&_vctr=1&_ts=1642436042

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.31.163.11 , United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

chi-validate.onecount.net

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 01 Jan 2002 00:00:00 GMT
server: nginx
transfer-encoding: chunked
content-type: image/gif
cache-control: private, no-cache, must-revalidate, proxy-revalidate, max-age=0, post-check=0, pre-check=0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 8ms
8ms Image
image/gif 2600:9000:214f:6600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront)
age: 14169568
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: Ooc_KvRzu3P1XNbR72Uhh64JoR2V3SnPsI1j_rc6wh3TgVX40jvTOQ==

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 38ms
22ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6a8a2ab50c2fd2dd8ec4384246c59faeaa120adf37a54f8e33307c88bcd7352

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8619
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:14:02 GMT

POST
H2 200 v2kdrpgJajzE5d2JfdGG5I_v9Kmmdeox1LtRt1grosVGSgjLZx7ET5fBF7oGTEJPhTzuphSwY Show response
butterbulb.com/ 209 B
628 B 16ms
15ms Fetch
application/json 35.201.98.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://butterbulb.com/v2kdrpgJajzE5d2JfdGG5I_v9Kmmdeox1LtRt1grosVGSgjLZx7ET5fBF7oGTEJPhTzuphSwY

Requested by

Host: detectdiscovery.com
URL: https://detectdiscovery.com/85c187d4390a42d5cd2a4a54fa20d7a9f7ee1c4a6684bac7e5aef981d6eebac9f1b32c57768ecbcd8a9e854b53b61c856bf0b6ed53baef8aa778a61b70ed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.98.64 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

64.98.201.35.bc.googleusercontent.com

Software

Resource Hash

48c8da0ead81278172132cc139f5cc0be65db408c8d71e6e7924d52935c8b392

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.heraldextra.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Mon, 17 Jan 2022 16:14:02 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.heraldextra.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: fen-hoothoot-europe-west1-spot-dw7g
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 209
expires: Mon, 17 Jan 2022 16:14:01 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2DEC 0
0 44ms
44ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssMsSSLDmx0aqENW8OY9MGJPxGJ-8jI65VF9SbV7rV4Vgi7Grb52OQ3htPg_tbOlWvJ4bsc9r6UpGtq3CEdewmg1BY7E-JUEv9vPWlvn-g00EuormaG4uEYcWsv5klNIYWB4mPk44c1tOpNBzfRWxT_8VvR3yXEgC7dbQL77Gi0rmYYdMS2fZpDTLW86iOJqf5z2fyBVd4CPQPTxPrPqdKiYVRxYL1-DFaRxcufe_lHBQe4nVk5_B0hwfpSY2uJZWUra0QoupdiFTEKZ06xO8F49QqsmklgXqTQ_h9izsmXx1GNyyXiypScKw5MNa4ShQ&sai=AMfl-YQ5K9s0tCRQ9gk9h9ccC6WBf17vGUgnA3dUxLqQFPA5jOytvy_KHn1fwVW3x_Jeius4R-PXRRpb3CXGKiLyzAIqs56yFR2xxEJ-RR2U_NADOznAI1iFiicK7rxxR38&sig=Cg0ArKJSzN6Mkz9YgRK7EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 2DEC 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2DEC 121 KB
38 KB 53ms
15ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2DEC 0
0 16ms
16ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaStTf9uqCpIGJ4Mh7P-14PPECXduXEYFhs7BqWcFAzFx7FEtNnd09yj1WFod-oh3QTMV-fS
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 11314167604452702423
tpc.googlesyndication.com/simgad/ Frame 2DEC 32 KB
32 KB 8ms
8ms Image
image/gif 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11314167604452702423

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f57bfdc4a5ae7b75e3f29fb96aa86f701b137627c376b8a2759367433b15d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 10:04:19 GMT
x-content-type-options: nosniff
age: 194983
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32967
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 18:14:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 15 Jan 2023 10:04:19 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2CBC 0
0 43ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssG1iA-817Hbxj_wcMBVyIuoqC0x1RrqbvUm9BweP5iIo4hluOsiRXlEskPStTdSEgJUU_ePWcTP5MidRDmCN-qoWGKFXS5ZKOXDahWO8cKaEqxCbR8_5-ScymopddRllasMSLP-hOLNOzOvzd29QqxTGLHAmGG7fhJPb3nfJhPoM-NCcy_fy93g18clq3W37bq5akJceR7HUKJ86bBX7wVCGgC_o3ElmT5xBcjUiyxlrBGbZB4Oqx-XXNvBbJkr9TQa0tWHhsKME_Et3BiU5desOZrQY9tOklNRlBQNb_Sxp6KNV3nvMIqVqFdAJlWmi8qUw&sai=AMfl-YQKN5Vl-rWTWDEQtGM5sTqVmEG9sOSM0dpKdyryWjf9B5FxfEkhwX-yPUvHCQE2KN_p36cy3mFFxXrYQieYxgj8xsqpHnCS8iu1naARokuRHt9koXHzKMEtjkBOGu0&sig=Cg0ArKJSzNdilFJbICxPEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 2CBC 2 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2CBC 121 KB
37 KB 89ms
55ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2CBC 0
0 14ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSv8cu5WkY8MeypzFSE6c-_Seh5iSugJyHmoDdCrNYCsZl54EDvSa0NWO6yj9xDQZ6uvZcx
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 2243237536795754934
tpc.googlesyndication.com/simgad/ Frame 2CBC 128 KB
128 KB 10ms
9ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2243237536795754934

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae5f15d7eb477a6103ca2f5ff673430d33cf1be71a241f8f1b92e9c6a232fe1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 10:04:19 GMT
x-content-type-options: nosniff
age: 194983
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130995
x-xss-protection: 0
last-modified: Mon, 03 Jan 2022 21:56:16 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 15 Jan 2023 10:04:19 GMT

GET
H3 200 container.html Show response
e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B782 6 KB
3 KB 28ms
7ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Jan 2022 16:14:01 GMT
expires: Tue, 17 Jan 2023 16:14:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E1B2 0
0 43ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssbl3Vu6lm3BLsUnlpS3QklWAqIxFNW7HkIGbr3LMsXv9kmPyVnzR6SfMabeF3qy0HQzj_Va1gTVaPWKd4RCHTQGp05dxsKwIwum7MOPN1SP7lFMQR2WqjTjILqbIwUpletFHvCuU2-LFjJpUp59G-pXkoNMUTVgLEWXwL6aKLPueQA9QIoGn9DWD0nb42VpeX5ZGamr3-6modr2HdbKNZywbvlGYh9M0Win6TOQQifgPJih2dUC5N_YlvsEP78EX95oSWhzwWpXa3eFxRzOVb0iULYehp1P0oqFWhnE0z0tzZONyJ46z5IDjxnij7tw2JrmT_AJyc&sai=AMfl-YQltSKARKyWkRk-GgpDU-HgSR_SWZiInaD_hiHlxOUCoYlYEcjj84RAkkOFBHj8isbjqyYR-C2Os_vyDg6G6yXoYZcxxowz6hNBUmTkag5KSijUV6gYQexWhYc5ePk&sig=Cg0ArKJSzIUPLi4HcRtMEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame E1B2 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E1B2 121 KB
37 KB 68ms
59ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E1B2 0
0 16ms
16ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQeaX7RSVmg30Tal4XXPoNH1_ll_WjLqMwoWk9gEprxtaJDSzHVi5kcwZCMr8h472FA1TTN
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 4603316293907694925
tpc.googlesyndication.com/simgad/ Frame E1B2 47 KB
47 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4603316293907694925

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5fc5e10e63bd68b052ff25dbd083a87bc83c272473d9a0edc7b1dd9f22cfc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 10:30:13 GMT
x-content-type-options: nosniff
age: 20629
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48524
x-xss-protection: 0
last-modified: Sat, 08 Jan 2022 18:34:14 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 10:30:13 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EE4F 0
0 44ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstTVnt5718kFE8qdGiNK7Vm47NyUoMyVhMflFr16KSKUFlmRH4RxQ5x7La_1I8s-HM6C5ZsW-FE-el0LP6Q6EraS7UHSzVhoYUKwUHefUSZaBnFrFqXwTx09r_W3XEOlv8nfmeLgesDmw8dMPanJj3C46B7o2QtwmbM-qigtN1NtdKJ0iDKaui9r4iP9qV3WVHT4eOYAqHxdepcYiq2DL1CyRfs6hPnCAdNKFRaxtsolg2ljOoOg2KWJDwL0foQkL3ZH4ljqj9JDQ0ZrGuQ6Pm8tKq4GQeEjgnH20UNjYF7Z6Zd1Yki2YsTXC9e0tYVXduc5Ko6cnv4&sai=AMfl-YR6Is37nqDhP077f5JInXPupyGTn0JE5hDAJ8asc9ZMnUyU-kSp4ypJ0p0tlFuqkkH-bIBlAdTmj-pL-DP9X72o5CIatFCa35GV-uPGG6rjsnYkfV5roo6_rGxL7iw&sig=Cg0ArKJSzMb5Nzib6d4aEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame EE4F 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EE4F 121 KB
37 KB 68ms
62ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
H3 200 17275204542934717056
tpc.googlesyndication.com/simgad/ Frame EE4F 29 KB
29 KB 10ms
9ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17275204542934717056

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afb68f877bf48ad869fb5df4fe8d3efb740f3bddbca610af78ec494dc8372f45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 08:05:32 GMT
x-content-type-options: nosniff
age: 202110
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30134
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 18:11:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 15 Jan 2023 08:05:32 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 35E8 13 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Jan 2022 15:44:51 GMT
expires: Tue, 17 Jan 2023 15:44:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1751
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F0E6 783 B
536 B 19ms
18ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d2fc77aeccceff4899d63a38fd59be87d0e6e6d25bfb73d25e1443cf02940a14

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2UPj9C0FMY1RaiFO8Tt96g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 17 Jan 2022 16:14:02 GMT
date: Mon, 17 Jan 2022 16:14:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-2UPj9C0FMY1RaiFO8Tt96g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2DEC 0
0 45ms
44ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst4jIWSNHI3Cn1e__zriR23TJEK0yeLDvUUJz3y767JMM4q8MlmQHIoVjo8CRO4xkgHraV01RGSjndT5R5X9eDQ2L-EaRWHefKJCRj4KjH1vrHSggWP2C7LCH_hu75pcnjpb5HjFsLKdP7u0mpqUXpbDQgN3vq7ShudUce7npYD6n_J-X3tr5syYbCD0jN29VRZwk0ofPPxWFB9SzVAc7S0Czi8aj77P68QAVrYlrl8j-UcUIuLGO3P_7K7NaO-WUOlWV2pGnVhLzdiNTORhNWv-PP_I7PkOwEG711S4lpdNnVDnoHiF3SxaeEOrlILiTiz&sai=AMfl-YSW7gwocPicXnJzd0wJYyYEAEsw-aD5pDoP9-RiO94FKkoYlJQ9j6kAmnhWLV9YTTC-R1oTaZtUhTWCe7aVAUd2zFj3oYXLEWSa1VocIFWLNQPt17W7u5bZkewi4c4&sig=Cg0ArKJSzGdeWUK-ynwZEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
DATA 200
OK truncated
/ Frame 2DEC 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b69d50ce18889436b8866ae8ae95983dce1469164cac8728efa383d67e60980a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ssrh.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame B782 84 KB
29 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/ssrh.js

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 16 Jan 2022 18:01:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79971
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30063
x-xss-protection: 0
server: cafe
etag: 16132151104434394549
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 17 Jan 2022 18:01:11 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F0E6 0
0 55ms
55ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=2113947086930528&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2CBC 0
0 74ms
74ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv4UZKokvY6KrE_PUkzdpZotVcjivkKzK62nwdBfLPIFZXr4513zccIOGDDhFnaXr_eNv_1A52qn7RPHhyTPgm_zNYPCDHZVr2QqNE7CZfZItNFE9e6K2xtqrtJfe6w3RpaFek0ED0AZ0i_dqmg4jOFpHgCs-BpEFwhVwl-pt5_KAA-y9I_Q9FFDaOZF3nRsrO78dPTynchQjmIEU1jBxvl_yksIhcMXY6FENrzr3BBtzBNN3XX_mGvzeg5hsk0fyR9pCJWgt8pynkvVFFLQG_ARWL7JhQfeSLjGgzfOpMe1uAzr6DL6MbFAIL-OcyZCZKtjjh9&sai=AMfl-YS27AW_Q01dXlnZMHOWkBjsC2J-4cCS7WqUAcZc7YDkU4aV0VACWC-kEzjlMolI6U7bQrnHrXzIjmqfzvb-YJDb9OY9WO7cXzy38wlMaCAzb-qvkSPnFJuEAXNw6S8&sig=Cg0ArKJSzMc6AJ6KM4zLEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
DATA 200
OK truncated
/ Frame 2CBC 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3f475feb9a755d488e4c74c4d4860afaaaa1c55223624e3f29cf38906494645

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E1B2 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssIYEGjeVuMdBZk6sjrvhJPXQ1Rb_svb3lVuoRJO48JT1TIJO7uaoi9DUH5QZ1ySCHMhN8IiwQRwtYOz9LYaH4rgpubm_79HTDXguxFfGqu0wdzZ4oz5wxy440NACWr_y7YHCUBOFCyqEcIsnd4lLWeDoFdNTtomOuOwcMQyrmHwGnylbEKVwjfpWp74gCTclFkZLkcqFs3LShxrlXwCZXvRN9-CrIVn0ItaFahr7Bc2xVEWGycNEH4o8XppXt3xQpaSh4_0HxL-eexRyI4wOu5M0hTppboxTZqaaRHz-TOa2_Vrody0ovwy6xWLLzfUhVAC0RGnl4jIA&sai=AMfl-YQRwXUAPGxv7L0Emfr2OgrG3hJREzT_jNHR090TbDsZBz5XlvSQr_e7h9yklAVkjvIZdN-UXHvs_XScvbla4u9GB4hQfWAaJ-_uevJyxgK3wU93eNFXTms5Ht1n48Y&sig=Cg0ArKJSzKMpPnrj3XCDEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
DATA 200
OK truncated
/ Frame E1B2 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf45be4687a978effdff5fdbb1a92c7caa044798d9765bbe73e0f86d13e33aba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EE4F 0
0 44ms
44ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJjrp_Aq7ytHGwNqPp9mDTEcqvP6HorUnKK3x4SvBR44vQvGqz3mPm5Li2vIUC5yDGIQgPiRx1S6uWQNEHupOmDDVNz257uFGBdVLvGMi6QvDAzIGPTtnHZFzLNtaSL9UvmkNVDEwLqlte5UqrmdVBW9ZeNQSwrkWm9lVinUMjHPKCjGpcJw6K-D09k7P_CrWCMf05BCeVa7IQcVunKMi9NQITTnyeWbB-u6rxZXclBOeseWBHreXBG59YVsR5KaeNYb9ZTNO_Wq26NoSm5iJ_496Y232-JsrhCsJKHy7W1f14QINz6fm7N3NAmmXFec2VV3EH8I6IHBA&sai=AMfl-YR573aBeewQHjz7LVU6PJ4G-srK0arXlqxUTXyJhCnvBcdSFBh24T6j2l8KhbfVtA7X5uCBRFHyx6pNcRsU1IDfz8t6fUZc42QVw2C6DIBTtaEi6YUigSm4I_Wfi6M&sig=Cg0ArKJSzB2ohFIQUUJdEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 Jan 2022 16:14:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
DATA 200
OK truncated
/ Frame EE4F 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0861c4e9ec791904d51176efc77acd56e879b5c6ae0f01b094a49b2735303ee9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js Show response
pagead2.googlesyndication.com/bg/ Frame 35E8 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qOjxjXcXCvgvcs-4P0zsCT9Wg6D8_9jxJtnS_OGjMvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 19:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 245650
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13349
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 19:59:52 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame B782 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite_fy2019.js

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:10:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 194
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:10:48 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame B782 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:11:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:11:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B782 121 KB
37 KB 73ms
58ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 17 Jan 2022 16:14:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame B782 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:06:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 459
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jan 2022 16:06:23 GMT

GET
H2 200 8007792049234475635_700648559148696719.jpeg
static.doubleclick.net/dynamic/5/344267999/ Frame B782 151 KB
151 KB 38ms
15ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/344267999/8007792049234475635_700648559148696719.jpeg

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c2fc8ddf1d2d2373f21d8f2f72734359815e93337497e68178cb04c839c8635

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 18:35:47 GMT
x-content-type-options: nosniff
age: 423495
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154437
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 15:15:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Jan 2023 18:35:47 GMT

GET
H2 200 9859383843424594417_195215402671690438.jpeg
static.doubleclick.net/dynamic/5/344267999/ Frame B782 137 KB
138 KB 42ms
19ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/344267999/9859383843424594417_195215402671690438.jpeg

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6062baeb31cb3c1240a045099c7dfb485fb1fd4aba3d4a217c780b4094dc09e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 13:47:16 GMT
x-content-type-options: nosniff
age: 268006
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140754
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 15:13:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jan 2023 13:47:16 GMT

GET
H2 200 316772283385150091_3990714744091869564.jpeg
static.doubleclick.net/dynamic/5/344267999/ Frame B782 99 KB
99 KB 32ms
9ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/344267999/316772283385150091_3990714744091869564.jpeg

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d930d2f0875de158000be054086f41ff08d30896f0749a9517a0c515a92d253

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 18:18:17 GMT
x-content-type-options: nosniff
age: 510945
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101039
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 15:15:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Jan 2023 18:18:17 GMT

GET
H3 200 4431040525798050197
tpc.googlesyndication.com/simgad/ Frame B782 15 KB
15 KB 8ms
8ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4431040525798050197

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1d7fbe6bec9bd03e502a969d897fe72fab54b4ea09152e633525a6ed39624ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 08:01:20 GMT
x-content-type-options: nosniff
age: 547962
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15165
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 10:25:59 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 11 Jan 2023 08:01:20 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B782 0
0 50ms
49ms Fetch
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CjG1ayZXlYfqYMoel3gP_nKbADeC08uxn3YimkP4I3JTH4I4JEAEg-cWcMGCVoq6CtAegAe_n75oDyAEJqQKah0FccymzPuACAKgDAcgDmwSqBMoCT9AQrKu8-lNCrP3m8Y486MvRLzXWqe5fZ-SQy2JIoixpSH5NYwGwnzAyOfULb6HQ2dGzT_kRipKrHic-rpMiuw-0p0E7zHftuNbJwlz9s9vYES1qHJx2G5NtgY8fm26hwekIMwEhVzINfp_De3TGmhTlfqsZrkhjqGxRbGBSHPhhtstpJ6jIymKNXilfja9wngdEwfe5yIYQZpcyxvDq45NxTh36h3k9H_IB3kMSV5rgzA3oZUNsMa6hIRQkUVd4LBSqvvd4FH8QqbJCsoyZ3e8IIamt4pn2TQYDyh1OCd36Z_Y_0W135Bq4NBoRMiWpXmzN9A0uDpn_MdZHCzX8Zh3ObncCzXyczrHGoyFOEetsyOofDfrN9yPEbFgw1egqZ0VskH4q8ltLWDyOpI6khYpbgfb0AOZ9BUyJ_zKqrNkzJR7ygPyhowVtwASD08u2nQHgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHwIeOYKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6a-G9gHAPIHBBDgqwfSCAkIiOGAcBABGB2ACgPICwHYEwyIFBPQFQGAFwGyFx4KHAgAEhRwdWItOTQwODczMjg3NTY1MDMzOBjhuQc&sigh=dueP30oxI2o&uach_m=[UACH]&template_id=494
Requested by: Host: www.heraldextra.com
URL: https://www.heraldextra.com/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E315 143 B
426 B 28ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Mon, 17 Jan 2022 16:02:43 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 679
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E315
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

81ms
65ms

Document
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
URL: https://e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 Jan 2022 16:14:02 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 Jan 2022 16:14:02 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 Jan 2022 16:14:02 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 35E8 0
9 B 8ms
7ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?XtR4pg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 16:14:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
DATA 200
OK truncated
/ Frame B782 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3ce5aef7cb77d10b0fdef3e9ed79babdd61b37fcef66691999c1e217918377dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=2113947086930528&bg=!YWKlYibNAAaocxMpqHM7ACkAdvg8WkTnkp2IPLgVOIZtqbnwJs-Jdq-6sab2fAm1tzRHSOp4u14JWwIAAABQUgAAAARoAQcKAIg09jQJ7RlDt5Z0-SQJwFmJE3o2qx4y3aWefVz-OFgaZufp_e3v4GfAHw8XCP36uRFLAOMrktcjzmNrtkcmJwEccGzivV_0rxn5XIsCeyN_gPrjzwtF7aftPfceCNp_j-D5CAorg45TsBX7Jdp43t9eKIV8lF8a2HewSkFAlrl0aLomFQxTXpQmmQLSb3rDE1Sn72vv1fVEIByzE6Y4fjuvkMnHECf3K7EGgNcaq0PIy0hM_DZVHdXkrpx8Oa8sUVGzaN4zrEAdS8_zt_Dp8cRheidFqmLIdf25t7591YTLvejUMvu825fOyQ6RNsab9AhdF2DiaD8Gaqv1SIRON4w9Wz8_I17cr3uly3K-Xhi41o8F-iRbKEdDWIOlUoRIM6CI2eB9M3_IdwIlbZsgsRbJyO5ruKNOa_gRxfQv_G9jq2HxCJsONopXcQk97cE_i6uqbpZUMak_08sOAwZCVW-hXt-PXJfBJi0ni2XEXwqqOdNMJqThjDH0Xqo6nbjf7DhgO_wE340zyL1MxiYs6V1vdhqraiOfZYYME07tQ6Nt8w6I42LFU9ixptkRsNNsJxiYaYGki70T0AB4MUXxtqDzDebHu33mVpA4YMk-A1uAHwH3lYr2ziD1ci83gfC2eoeoyR0Sk8bqjP0vHO5v2_t7dTkiJLDO2AGJBwMyFSSUx8fcAeTuoOF6foWPhDkKjrMWigGEh2zWOmh_22HMMCEVVu8DFYmC6k8lM7jeOjKTdkalOk_9pEdsnp4ERYBnAKfRBD7AVTSMQX4WmM0nQxZDMcto25YbMuX-XddjphhS5D-VX73Xj1COtzNsVQmFiBxutAAdg905Vy5r0sjfwHABfo8hrKDOpx8XslqiM61dxOxfQ5d0qebtOAaX01PONX-_Yqu9UCIpYXJKkA-auHZPSBBcIwVm-aKlmlFR4ocfudVf9AFhgYNMWCdbJv-fT9DhrWih9clPaHOIrL7BWNHE_SMbYGOw_rVlRA97Trg7XZez0fnzrKZLwow9Ux6EGBbIESe5d2uxrnL4LLk6Tk42ZyEDpLk0jjBVtO5smEPc7KhFXWPwOCu_NmcoU-zpkFZ1JLekDPWigIB3g8d_m90mrTEDXrdUA2Rw2RZIM4Hh9re-AOrbUDpsjE_qBh0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2DEC 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuGiTIuHybfaFgTMD947yWwR6xtHdlcaINlbHT3BQQCQHOMorwJpY8jRirXA0AEInIYhE6Ydh0JzQjQEbNDSBs-84c9Sl-dyCdvpxXr_pxPk2nIDzqD&sig=Cg0ArKJSzH4VkqsNHnXTEAE&id=lidar2&mcvt=1000&p=141,436,231,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=1409385974&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642436042498&rpt=105&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E1B2 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssQEPJzpJS9n7ILXagVpivaKtnNdNMBLRkh6AGbkeaaz3LdJK6TnpOXqZBSrrHjs6l1rvQ2BPIxIiPw5-z4gbMwTCSHno0FHwbeYjyKoTl_kUIjuWU4&sig=Cg0ArKJSzAT3kolFkIMQEAE&id=lidar2&mcvt=1000&p=968,1170,1218,1470&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220112&bin=7&avms=nio&bs=1600,1200&mc=0.93&app=0&itpl=3&adk=1942493593&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642436042530&rpt=117&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2CBC 42 B
64 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssnZVg_kqpn1xM_8syWuxJyUhMFDF0R1Q4ydQvFiDO50AbrNZStCuDc1IzzmBq70TomYPnXRSjuv5yCJ9FGc7TxrMeMnfe3foX_iLz0AbKHHofBoZ9W&sig=Cg0ArKJSzPo6JV29LuT9EAE&id=lidar2&mcvt=1002&p=307,1170,907,1470&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20220112&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=3131396195&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642436042507&rpt=129&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.heraldextra.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Jan 2022 16:14:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1230917285278013&correlator=958368863625294&output=ldjh&impl=fifs&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220117&iu_parts=1032081%2CDHPU_Top_728x90%2CDHPU_Right_300x600%2CDHPU_Bottom_728x90%2CDHPU_Article_300x250%2CDHPU_Article2_300x250%2CDHPU_Middle_300x250%2CDHPU_Middle2_300x250%2CDHPU_FloatBar_1x1%2CDHPU_PAW_1x1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=970x250%7C728x90%7C452x250%2C300x600%2C970x250%7C728x90%7C452x250%2C300x250%2C300x250%2C300x250%2C300x250%2C1x1%2C1x1&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=SiteID%3DDHPU%26MSection%3DBusiness%26SubSection%3DBusiness%26amznbid%3D0%26amznp%3D0&cookie_enabled=1&bc=31&abxe=1&lmt=1642436040&dt=1642436040556&dlt=1642436039235&idt=1165&frm=20&biw=1600&bih=1200&oid=2&adxs=315%2C1170%2C315%2C-9%2C-9%2C1170%2C1170%2C800%2C800&adys=141%2C207%2C4533%2C-9%2C-9%2C868%2C1137%2C141%2C84&adks=1409385974%2C3131396195%2C2709727305%2C2112290363%2C2787689133%2C1942493593%2C409150159%2C2600185601%2C3918076839&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fwww.heraldextra.com%2Fnews%2Flocal%2F2021%2Fdec%2F15%2Fnu-skin-become-first-sensory-certified-company-worldwide%2F&vis=1&scr_x=0&scr_y=0&psz=1600x0%7C359x661%7C1600x62%7C0x-1%7C0x-1%7C360x4324%7C360x4324%7C1600x4717%7C1600x4717&msz=970x0%7C300x600%7C970x0%7C0x-1%7C0x-1%7C300x250%7C300x250%7C1600x0%7C1600x0&ga_vid=2125727322.1642436040&ga_sid=1642436041&ga_hid=835053204&ga_fc=true&fws=0%2C0%2C0%2C2%2C2%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&btvi=0%7C0%7C1%7C-1%7C-1%7C0%7C0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Domain: butterbulb.com
URL: https://butterbulb.com/v2qvsEcQISNfOaR9g0Sy-RgfboG5uf9qczXgyMqSm0FODpBJ-8mK7a3UIGhOscfFtrKfPnE3e

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
validate.onecount.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: gbrvbugnhhasi6t5t67ck58vu7
.heraldextra.com/	1970-01-20 17:45:08	Name: _ga Value: GA1.2.2125727322.1642436040
.heraldextra.com/	1970-01-20 00:15:22	Name: _gid Value: GA1.2.90434243.1642436040
.heraldextra.com/	1970-01-20 00:13:56	Name: _gat_gtag_UA_92804485_1 Value: 1
www.heraldextra.com/	1969-12-31 23:59:59	Name: oc-js-session Value: gbrvbugnhhasi6t5t67ck58vu7
on-reg.onecount.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: gbrvbugnhhasi6t5t67ck58vu7
.onecount.net/	1970-01-23 15:53:32	Name: __ocgt Value: 4e69637622743d49ec4fa3424343aee364a637fe91d99f3a2f403761a9a083fd
.onecount.net/	1970-01-23 15:53:32	Name: __ocgt-243 Value: 4e69637622743d49ec4fa3424343aee364a637fe91d99f3a2f403761a9a083fd
on-reg.onecount.net/	1969-12-31 23:59:59	Name: SERVERID Value: chi-felb-chi-web05-cl01
.heraldextra.com/	1970-01-23 15:53:32	Name: __tempcookie Value: 4e69637622743d49ec4fa3424343aee364a637fe91d99f3a2f403761a9a083fd
.heraldextra.com/	1970-01-23 15:53:32	Name: realReferer Value: https%3A%2F%2Fwww.heraldextra.com%2F
.heraldextra.com/	1970-01-23 15:49:56	Name: _gcna Value: 0.4e69637622743d49ec4fa3424343aee364a637fe91d99f3a2f403761a9a083fd.1642436042.1
.heraldextra.com/	1970-01-20 00:13:57	Name: _gcnb Value: 1642436042.1
.heraldextra.com/	1970-01-20 00:13:57	Name: _gcnz Value: https%253A%252F%252Fwww.heraldextra.com%252F
.heraldextra.com/	1970-01-20 09:35:32	Name: __gads Value: ID=49655152d8f325a5-22c2ecc820cd00f1:T=1642436041:S=ALNI_Ma5zuCGphWeJ7OyXSuzSm4gb_og2Q
.heraldextra.com/	1970-01-21 02:30:44	Name: _awl Value: 2.1642436042.0.5-8475d931f5e60d892f907b4095c0bea9-6763652d6575726f70652d7765737431-0
.doubleclick.net/	1970-01-20 09:35:32	Name: IDE Value: AHWqTUneW0go64Yw5FCskIc3AzHyJJj9OYKUw5qrgOKGbUgR6NLLAp-lbe4GKNZicQs
.doubleclick.net/	1970-01-20 00:13:59	Name: DSID Value: NO_DATA

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://validate.onecount.net/js/all.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://validate.onecount.net/js/all.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://validate.onecount.net/js/all.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://validate.onecount.net/js/all.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://validate.onecount.net/onecount/automation/a.php?__cuuid=9a7b4b941320deef326eb399925cf291dd1ebdad&ocid=&tid=&domain=www.heraldextra.com&section=/news/local/2021/dec/15/nu-skin-become-first-sensory-certified-company-worldwide/, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

25d885a63e82cae0be7b73d4d0f9a172.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
butterbulb.com
c.amazon-adsystem.com
cdn-images.mailchimp.com
cdn.jsdelivr.net
click.icptrack.com
detectdiscovery.com
e88b400f76cb031a3896359ead3d88af.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ogden_images.s3.amazonaws.com
on-reg.onecount.net
pagead2.googlesyndication.com
s3.amazonaws.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
static.doubleclick.net
stats.g.doubleclick.net
tpc.googlesyndication.com
validate.onecount.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.heraldextra.com
butterbulb.com
securepubads.g.doubleclick.net
142.250.186.130
2600:9000:214f:6600:8:48e:53c0:93a1
2606:4700::6810:5714
2a00:1450:4001:801::2002
2a00:1450:4001:802::2001
2a00:1450:4001:803::200e
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::200a
2a00:1450:4001:812::2004
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2003
2a00:1450:4001:830::2006
2a00:1450:4001:831::2002
2a00:1450:400c:c06::9c
35.190.62.199
35.201.98.64
50.31.163.11
50.31.163.12
52.216.226.176
54.231.130.0
54.80.167.200
65.9.63.91
65.9.71.173
99.86.7.54
006b81f771a994272a7234e5386394477169eabd626a105a6b63c88d4017340b
043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0861c4e9ec791904d51176efc77acd56e879b5c6ae0f01b094a49b2735303ee9
1118028f6efb56ef44a489c471c961d4651ed5b8ec57bad974b267ee9aadd395
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1d376489c78a57ab22ae9aacfec24b47e8f3a2ba8731f7112fe21902baf83c40
1d930d2f0875de158000be054086f41ff08d30896f0749a9517a0c515a92d253
2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb
27b806f24e1c325299f76d347e315341092625023bc76301a2b2c15fed67ea11
2aa38f9689f47b8c0620ba023e4f88b244bd1645532d526a77e308bce3e4292d
37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c
3ce5aef7cb77d10b0fdef3e9ed79babdd61b37fcef66691999c1e217918377dc
40110f7498faa8c9394743de0ac8ec779c19c6085ae35dd954e52d6bb26a17a0
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
48c8da0ead81278172132cc139f5cc0be65db408c8d71e6e7924d52935c8b392
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d502c6302ccc823a3667d1af7f30e174f1843ad5d8b6e44996ffd81e1747beb
5f0829677311730166f61ee211e27a13d0439f716f3c454ad9a1d0cda31fc1fa
6062baeb31cb3c1240a045099c7dfb485fb1fd4aba3d4a217c780b4094dc09e8
613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6b99808b168cb2ef8d11818bbd8148d9e7d6658bc655ce4497e420c4802ad039
6d57f608a733bc3af253e3b75bda92c747c351b01cbcbb4ee3ce18f4a04df155
6d8d13adeda783683e5c5d96519581ed9ffa1b74ac4c0309fe8790409a4e59ff
6d971119a046fb86eeec343e50c680c36a72eb2df85521c8f343dc9678924398
722210b715ecf92d8ac18dcb76fee5f651a2ac73f040c5b38b772d8d519976d6
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
79c6ee01469a33f1b8b7a125e65cb8c8d82340312c331ca7f9db94e12bf47d36
7a537efc2ae5b8c92d1106ff5c3a0142d9119c440044e007438abb2074235015
7fcb39e632e5b859e385dc26327ce2e389d71410ac13b019c42d0e3155025cd8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79
8c2fc8ddf1d2d2373f21d8f2f72734359815e93337497e68178cb04c839c8635
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8f57bfdc4a5ae7b75e3f29fb96aa86f701b137627c376b8a2759367433b15d2a
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
9923331472ad320c13a702429890f59e3972d79e65cf51aec2141e63b522b462
9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff
9ce077008495bf3b42de08f6e6a63ab802693be717238b211d51864b7afa5c3c
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6f36fa8e2fe4a6a07456cfeaca03da4b09e7ab4d8ce52558e50b35f3a98d8d3
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8e8f18d77170af82f72cfb83f4cec093f5683a0fcffd8f126d9d2fce1a332f2
ae5f15d7eb477a6103ca2f5ff673430d33cf1be71a241f8f1b92e9c6a232fe1d
afb68f877bf48ad869fb5df4fe8d3efb740f3bddbca610af78ec494dc8372f45
b15aceb04dbf5604df5617cfe984f48479cb131c1df02825d1c24e9f35d01857
b69d50ce18889436b8866ae8ae95983dce1469164cac8728efa383d67e60980a
bb5fc5e10e63bd68b052ff25dbd083a87bc83c272473d9a0edc7b1dd9f22cfc6
bf45be4687a978effdff5fdbb1a92c7caa044798d9765bbe73e0f86d13e33aba
bff25bb684e20763177fc1204c049d141b44fdcbcbf6b1f7f3599bb1862b8100
c32feb0b2794d622e7fcd8fe31922ec811d1aff3265d1b438f4d8ce093549750
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c59ecf34c8e169eb2c385296530f952be5ced6af24abbe7f2d47b89e520be544
d1d7fbe6bec9bd03e502a969d897fe72fab54b4ea09152e633525a6ed39624ce
d2fc77aeccceff4899d63a38fd59be87d0e6e6d25bfb73d25e1443cf02940a14
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f475feb9a755d488e4c74c4d4860afaaaa1c55223624e3f29cf38906494645
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
eb66a3807316801bcea37697d7af86a86345dfe48f335e7f804f73df1a85fc5e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6a8a2ab50c2fd2dd8ec4384246c59faeaa120adf37a54f8e33307c88bcd7352
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8dd5d260a5dc3c4d883eddc0f204ab1383d00aa9ac46cebfd577d8ae5868b41
f941571253bef66a69dd036e27e5b3afb06a8c8f67474645b75810df89a7dce4
f9add41b34d28dd25695af28d7d87aaf8e4e3612aaa5b0d5d58d2df7bc000a6c
fd9b21475370627e77a6988f76c0bf93a005f9e66c4f2e9fd62e5c2de5976dc9

www.heraldextra.com Open in urlscan Pro 99.86.7.54 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

153 Requests

96 %HTTPS

61 %IPv6

19 Domains

30 Subdomains

27 IPs

3 Countries

2913 kBTransfer

5413 kBSize

18 Cookies

11 Outgoing links

Page URL History

Redirected requests

153 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.heraldextra.com Open in urlscan Pro
99.86.7.54 Public Scan

Screenshot
Live screenshot

Full Image

153
Requests

96 %
HTTPS

61 %
IPv6

19
Domains

30
Subdomains

27
IPs

3
Countries

2913 kB
Transfer

5413 kB
Size

18
Cookies

153 HTTP transactions
1 data transactions