blog.hellofresh.com Open in urlscan Pro
104.155.100.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.link.hellofresh.com/?qs=ecb2044cf0a9c25bb5cd14fd38c76b2a1b2c9527f5a22b80b21a11b9d71633b56f36781e43b08c5db00756deb9d9...
Effective URL:
https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMar...
Submission: On November 22 via api (November 22nd 2021, 5:18:24 pm UTC) from SE — Scanned from GB

Summary HTTP 192 Redirects Links 62 Behaviour Indicators

Summary

This website contacted 58 IPs in 6 countries across 40 domains to perform 192 HTTP transactions. The main IP is 104.155.100.3, located in Brussels, Belgium and belongs to GOOGLE, US. The main domain is blog.hellofresh.com.
TLS certificate: Issued by R3 on October 10th 2021. Valid for: 3 months.

This is the only time blog.hellofresh.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	161.71.51.119 161.71.51.119	14340 (SALESFORCE) (SALESFORCE)
1 49	104.155.100.3 104.155.100.3	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
8	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
25	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	52.222.250.8 52.222.250.8	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	18.66.100.58 18.66.100.58	16509 (AMAZON-02) (AMAZON-02)
2	3.13.222.229 3.13.222.229	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::15	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c1b::9a	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1 3	142.250.74.198 142.250.74.198	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:fb:... 2a02:26f0:fb:599::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	143.204.207.37 143.204.207.37	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
3	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	34.120.253.250 34.120.253.250	15169 (GOOGLE) (GOOGLE)
1	54.86.138.233 54.86.138.233	14618 (AMAZON-AES) (AMAZON-AES)
2	18.66.139.41 18.66.139.41	16509 (AMAZON-02) (AMAZON-02)
1	52.218.61.240 52.218.61.240	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:215... 2600:9000:2156:be00:16:4ed5:12c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	34.120.20.123 34.120.20.123	15169 (GOOGLE) (GOOGLE)
7	2.16.186.123 2.16.186.123	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.18.234.190 2.18.234.190	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.215.205.165 18.215.205.165	14618 (AMAZON-AES) (AMAZON-AES)
1	75.101.244.20 75.101.244.20	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:828::200d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	52.205.167.202 52.205.167.202	14618 (AMAZON-AES) (AMAZON-AES)
2	34.98.72.95 34.98.72.95	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223d:bc00:9:7c30:be80:21	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3	35.186.226.184 35.186.226.184	15169 (GOOGLE) (GOOGLE)
2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	2a04:4e42:200... 2a04:4e42:200::396	54113 (FASTLY) (FASTLY)
6	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:225... 2600:9000:2250:b000:7:f1a3:af00:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	70.42.32.63 70.42.32.63	13789 (INTERNAP-...) (INTERNAP-BLK3)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	35.201.112.202 35.201.112.202	15169 (GOOGLE) (GOOGLE)
1	35.227.235.114 35.227.235.114	15169 (GOOGLE) (GOOGLE)
1	35.201.113.243 35.201.113.243	15169 (GOOGLE) (GOOGLE)
1 8	151.101.64.84 151.101.64.84	54113 (FASTLY) (FASTLY)
2	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1	34.107.191.194 34.107.191.194	15169 (GOOGLE) (GOOGLE)
6	34.117.4.53 34.117.4.53	15169 (GOOGLE) (GOOGLE)
1	34.102.193.48 34.102.193.48	15169 (GOOGLE) (GOOGLE)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
3	3.211.116.132 3.211.116.132	14618 (AMAZON-AES) (AMAZON-AES)
192	58

1 161.71.51.119 (London, United Kingdom) 1 redirects

ASN14340 (SALESFORCE, US)
PTR: click.link.hellofresh.com

click.link.hellofresh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 104.155.100.3 (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 3.100.155.104.bc.googleusercontent.com

blog.hellofresh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.250.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-250-8.fra60.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.100.58 (United States)

ASN16509 (AMAZON-02, US)

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.13.222.229 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-13-222-229.us-east-2.compute.amazonaws.com

collector-905.tvsquared.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::15 (United States)

ASN15169 (GOOGLE, US)

tms.hft.hellofresh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c1b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.74.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f6.1e100.net

9917901.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:fb:599::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.207.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-207-37.fra53.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.86.138.233 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-138-233.compute-1.amazonaws.com

track.securedvisit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.139.41 (United States)

ASN16509 (AMAZON-02, US)

azetbd4r.micpn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.218.61.240 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: s3-eu-west-1-r-w.amazonaws.com

web-chat-tag-cdn.s3.eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:be00:16:4ed5:12c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.mczbf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.20.123 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 123.20.120.34.bc.googleusercontent.com

hft.hellofresh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.16.186.123 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-123.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.234.190 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-190.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.215.205.165 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-215-205-165.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 75.101.244.20 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-75-101-244-20.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.72.95 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223d:bc00:9:7c30:be80:21 (United States)

ASN16509 (AMAZON-02, US)

d1n00d49gkbray.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

353676082.privacysandbox.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.226.184 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 184.226.186.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:b000:7:f1a3:af00:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.sjwoe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.63 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.112.202 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 202.112.201.35.bc.googleusercontent.com

data.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.235.114 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 114.235.227.35.bc.googleusercontent.com

page.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.113.243 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 243.113.201.35.bc.googleusercontent.com

view.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.64.84 (United States) 1 redirects

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.pinterest.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.191.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.191.107.34.bc.googleusercontent.com

ids.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.117.4.53 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 53.4.117.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
events.bouncex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.193.48 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 48.193.102.34.bc.googleusercontent.com

e.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.211.116.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-211-116-132.compute-1.amazonaws.com

tr2.smarterhq.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	hellofresh.com 2 redirects click.link.hellofresh.com blog.hellofresh.com tms.hft.hellofresh.com hft.hellofresh.com	3 MB
25	facebook.com www.facebook.com	14 KB
14	google.com 1 redirects apis.google.com www.google.com accounts.google.com analytics.google.com adservice.google.com	302 KB
7	tiktok.com analytics.tiktok.com	104 KB
7	doubleclick.net 2 redirects stats.g.doubleclick.net 9917901.fls.doubleclick.net googleads.g.doubleclick.net	4 KB
7	youtube.com www.youtube.com	127 KB
6	gstatic.com ssl.gstatic.com	6 KB
6	twitter.com platform.twitter.com syndication.twitter.com	150 KB
5	bounceexchange.com tag.bounceexchange.com assets.bounceexchange.com api.bounceexchange.com	163 KB
4	bouncex.net events.bouncex.net	494 B
4	pinterest.co.uk www.pinterest.co.uk	14 KB
4	pinterest.com 1 redirects ct.pinterest.com www.pinterest.com Failed	1 KB
4	google.co.uk www.google.co.uk adservice.google.co.uk	1 KB
4	googleadservices.com www.googleadservices.com 353676082.privacysandbox.googleadservices.com	30 KB
3	smarterhq.io tr2.smarterhq.io	996 B
3	cdnbasket.net data.cdnbasket.net page.cdnbasket.net view.cdnbasket.net	1 KB
3	snapchat.com tr.snapchat.com	857 B
3	outbrain.com amplify.outbrain.com tr.outbrain.com	4 KB
3	facebook.net connect.facebook.net	134 KB
3	googletagmanager.com www.googletagmanager.com	208 KB
2	cdnwidget.com ids.cdnwidget.com e.cdnwidget.com	303 B
2	yimg.com s.yimg.com	7 KB
2	mczbf.com www.mczbf.com	9 KB
2	micpn.com azetbd4r.micpn.com	17 KB
2	pinimg.com s.pinimg.com	19 KB
2	tvsquared.com collector-905.tvsquared.com	9 KB
2	parsely.com cdn.parsely.com p1.parsely.com	18 KB
2	cloudfront.net d1z2jf7jlzjs58.cloudfront.net d1n00d49gkbray.cloudfront.net	13 KB
2	wp.com stats.wp.com pixel.wp.com	3 KB
2	ampproject.org cdn.ampproject.org	90 KB
1	yahoo.com sp.analytics.yahoo.com	715 B
1	sjwoe.com www.sjwoe.com	414 B
1	reddit.com alb.reddit.com	125 B
1	postrelease.com jadserve.postrelease.com	427 B
1	quora.com q.quora.com	423 B
1	amazonaws.com web-chat-tag-cdn.s3.eu-west-1.amazonaws.com	138 KB
1	securedvisit.com track.securedvisit.com	24 KB
1	redditstatic.com www.redditstatic.com	8 KB
1	sc-static.net sc-static.net	7 KB
1	jquery.com code.jquery.com	30 KB
192	40

	Domain	Requested by
49	blog.hellofresh.com	1 redirects blog.hellofresh.com web-chat-tag-cdn.s3.eu-west-1.amazonaws.com
25	www.facebook.com	blog.hellofresh.com www.facebook.com
8	apis.google.com	blog.hellofresh.com apis.google.com www.youtube.com accounts.google.com
7	analytics.tiktok.com	blog.hellofresh.com analytics.tiktok.com
7	www.youtube.com	apis.google.com www.youtube.com
6	ssl.gstatic.com	accounts.google.com blog.hellofresh.com
4	events.bouncex.net
4	www.pinterest.co.uk	s.pinimg.com blog.hellofresh.com
4	platform.twitter.com	blog.hellofresh.com platform.twitter.com
3	tr2.smarterhq.io	d1n00d49gkbray.cloudfront.net
3	ct.pinterest.com	s.pinimg.com blog.hellofresh.com
3	tr.snapchat.com	sc-static.net blog.hellofresh.com
3	www.google.co.uk	blog.hellofresh.com
3	connect.facebook.net	blog.hellofresh.com connect.facebook.net
3	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
3	9917901.fls.doubleclick.net	1 redirects www.googletagmanager.com blog.hellofresh.com
3	www.google.com	1 redirects blog.hellofresh.com
3	www.googletagmanager.com	blog.hellofresh.com www.googletagmanager.com
2	api.bounceexchange.com	assets.bounceexchange.com
2	s.yimg.com	blog.hellofresh.com s.yimg.com
2	tr.outbrain.com	amplify.outbrain.com blog.hellofresh.com
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	syndication.twitter.com	platform.twitter.com blog.hellofresh.com
2	assets.bounceexchange.com	tag.bounceexchange.com assets.bounceexchange.com
2	www.mczbf.com	blog.hellofresh.com www.mczbf.com
2	azetbd4r.micpn.com	blog.hellofresh.com
2	s.pinimg.com	www.googletagmanager.com s.pinimg.com
2	stats.g.doubleclick.net	blog.hellofresh.com www.googletagmanager.com
2	collector-905.tvsquared.com	blog.hellofresh.com
2	cdn.ampproject.org	blog.hellofresh.com
1	sp.analytics.yahoo.com
1	e.cdnwidget.com
1	ids.cdnwidget.com	assets.bounceexchange.com
1	www.pinterest.com	blog.hellofresh.com
1	view.cdnbasket.net	assets.bounceexchange.com
1	page.cdnbasket.net	assets.bounceexchange.com
1	data.cdnbasket.net	assets.bounceexchange.com
1	adservice.google.co.uk	adservice.google.com
1	www.sjwoe.com	www.mczbf.com
1	adservice.google.com	9917901.fls.doubleclick.net
1	alb.reddit.com	blog.hellofresh.com
1	353676082.privacysandbox.googleadservices.com	blog.hellofresh.com
1	d1n00d49gkbray.cloudfront.net	tag.bounceexchange.com
1	p1.parsely.com	blog.hellofresh.com
1	analytics.google.com	www.googletagmanager.com
1	accounts.google.com	apis.google.com
1	jadserve.postrelease.com	blog.hellofresh.com
1	q.quora.com	blog.hellofresh.com
1	amplify.outbrain.com	blog.hellofresh.com
1	hft.hellofresh.com	blog.hellofresh.com
1	web-chat-tag-cdn.s3.eu-west-1.amazonaws.com	blog.hellofresh.com
1	track.securedvisit.com	blog.hellofresh.com
1	tag.bounceexchange.com	blog.hellofresh.com
1	www.redditstatic.com	www.googletagmanager.com
1	sc-static.net	www.googletagmanager.com
1	tms.hft.hellofresh.com	blog.hellofresh.com
1	cdn.parsely.com	d1z2jf7jlzjs58.cloudfront.net
1	pixel.wp.com	blog.hellofresh.com
1	d1z2jf7jlzjs58.cloudfront.net	blog.hellofresh.com
1	stats.wp.com	blog.hellofresh.com
1	code.jquery.com	blog.hellofresh.com
1	click.link.hellofresh.com	1 redirects
192	62

This site contains links to these domains. Also see Links.

Domain
www.hellofresh.com
www.facebook.com
twitter.com
pinterest.com
www.hellofreshgroup.com
www.hellofresh.at
www.hellofresh.com.au
www.hellofresh.be
www.hellofresh.ca
www.hellofresh.ch
www.hellofresh.de
www.hellofresh.co.uk
www.hellofresh.nl
www.instagram.com
www.pinterest.com
www.youtube.com

Subject Issuer	Validity	Valid
blog.hellofresh.com R3	`2021-10-10` - `2022-01-08`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-01` - `2021-11-30`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.parsely.com Amazon	`2021-07-05` - `2022-08-03`	a year	crt.sh
*.tvsquared.com Amazon	`2021-09-16` - `2022-10-14`	a year	crt.sh
tms.hft.hellofresh.com GTS CA 1D4	`2021-10-22` - `2022-01-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-08-05`	a year	crt.sh
sc-static.net DigiCert TLS RSA SHA256 2020 CA1	`2021-02-11` - `2022-02-15`	a year	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-05` - `2022-04-02`	6 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
tag.bounceexchange.com R3	`2021-09-24` - `2021-12-23`	3 months	crt.sh
securedvisit.com Amazon	`2020-12-31` - `2022-01-28`	a year	crt.sh
*.micpn.com Amazon	`2021-03-19` - `2022-04-17`	a year	crt.sh
*.s3-eu-west-1.amazonaws.com Amazon	`2021-03-26` - `2022-03-08`	a year	crt.sh
www.mczbf.com Amazon	`2021-07-20` - `2022-08-18`	a year	crt.sh
hft.hellofresh.at GTS CA 1D4	`2021-09-30` - `2021-12-29`	3 months	crt.sh
*.tiktok.com RapidSSL RSA CA 2018	`2019-11-14` - `2022-01-12`	2 years	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2021-05-25` - `2022-06-01`	a year	crt.sh
*.quora.com R3	`2021-11-14` - `2022-02-12`	3 months	crt.sh
*.postrelease.com Amazon	`2021-01-28` - `2022-02-25`	a year	crt.sh
accounts.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2021-10-25` - `2022-01-23`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.privacysandbox.googleadservices.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
tr.snapchat.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-19` - `2022-01-23`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-31` - `2022-10-30`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-05` - `2022-04-02`	6 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.sjwoe.com Amazon	`2021-02-12` - `2022-03-13`	a year	crt.sh
*.google.co.uk GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.cdnbasket.net Go Daddy Secure Certificate Authority - G2	`2021-09-27` - `2022-09-27`	a year	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-11-08` - `2021-12-29`	2 months	crt.sh
ids.cdnwidget.com R3	`2021-10-15` - `2022-01-13`	3 months	crt.sh
*.wunderkind.co R3	`2021-10-15` - `2022-01-13`	3 months	crt.sh
e.cdnwidget.com R3	`2021-11-15` - `2022-02-13`	3 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
smarterhq.io Amazon	`2021-10-20` - `2022-11-17`	a year	crt.sh

This page contains 14 frames:

Primary Page: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Frame ID: 102CCADC4C85CD232774ECFA08527DFB
Requests: 143 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Frame ID: 8CD73A9D1F71E56F28DD13CC0DD1A9BB
Requests: 23 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC-6yCTCOYLO2WAj1-Pc9VsQ&layout=default&count=default&origin=https%3A%2F%2Fblog.hellofresh.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__
Frame ID: 233B1C3BD43392DE1CE3404D7FBFABFB
Requests: 5 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fblog.hellofresh.com
Frame ID: B3EB6670FF742AC5395EF957095832C5
Requests: 2 HTTP requests in this frame

Frame: https://9917901.fls.doubleclick.net/activityi;dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons
Frame ID: D71F95E7B1462A5429F49C5C1A1422AB
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fblog.hellofresh.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__
Frame ID: 985DF7F950DD80DEC7DA04C014D5D4F5
Requests: 4 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=53a798a3-971f-49be-acce-0c085289e9f8
Frame ID: B1A40D73B5FDBDC183EC2B4FA19A8235
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons
Frame ID: 12E1A50D19ED535D6325F0F4D29F335D
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.co.uk/ddm/fls/i/dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons
Frame ID: FA2756464213CE9873F07D7570920F80
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Frame ID: 4A7241D6CE107284F6BAF5C9A51B9EB8
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC-6yCTCOYLO2WAj1-Pc9VsQ&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__
Frame ID: E52D8AA59B64331980D9C891F37BB083
Requests: 4 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html
Frame ID: 04A158EB5500158AFEA8B9082FF955C5
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 01F4EEFAC103F00D1FAD9CAE576BA216
Requests: 1 HTTP requests in this frame

Frame: https://www.pinterest.co.uk/ct.html
Frame ID: 98E3EC880C2A897F8266DDB83BFEE3A7
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HelloFresh Food Blog | Get Cooking | The Fresh Times

Page URL History Show full URLs

https://click.link.hellofresh.com/?qs=ecb2044cf0a9c25bb5cd14fd38c76b2a1b2c9527f5a22b80b21a11b9d71633b56f36781e... HTTP 302
http://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding... HTTP 301
https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding... Page URL

Page Statistics

192
Requests

99 %
HTTPS

43 %
IPv6

40
Domains

62
Subdomains

58
IPs

6
Countries

4462 kB
Transfer

8225 kB
Size

31
Cookies

62 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hellofresh.com/

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/plans/
Title: Our Plans

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/how-it-works/
Title: How It Works

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/recipes/
Title: Our Recipes

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/gift
Title: Gift Cards

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/customer/account/login?redirectedFromAccountArea=true
Title: Log In

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/app/
Title: Download out app

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com&t=The%20Fresh%20Times

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?text=The%20Fresh%20Times&url=https://blog.hellofresh.com

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com&media=https://blog.hellofresh.com/wp-content/uploads/2021/08/meals-for-moms-47-scaled.jpg&description=The%20Fresh%20Times

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com/hellofresh-joins-in-on-hunger-action-month/&t=HelloFresh%20Joins%20in%20on%20Hunger%20Action%20Month

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?&text=HelloFresh%20Joins%20in%20on%20Hunger%20Action%20Month&url=https://blog.hellofresh.com/hellofresh-joins-in-on-hunger-action-month/

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com/hellofresh-joins-in-on-hunger-action-month/&media=https://blog.hellofresh.com/wp-content/uploads/2021/08/meals-for-moms-47-scaled.jpg&description=HelloFresh%20Joins%20in%20on%20Hunger%20Action%20Month
Title: 2

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com/from-our-kitchen-chocolate-chip-cookies/&t=From%20Our%20Kitchen:%20Chocolate%20Chip%20Cookies

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?&text=From%20Our%20Kitchen:%20Chocolate%20Chip%20Cookies&url=https://blog.hellofresh.com/from-our-kitchen-chocolate-chip-cookies/

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com/from-our-kitchen-chocolate-chip-cookies/&media=https://blog.hellofresh.com/wp-content/uploads/2021/08/HF_ChocolateChipCookies_Blog_Shot01-scaled.jpg&description=From%20Our%20Kitchen:%20Chocolate%20Chip%20Cookies
Title: 2

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com/3-campfire-recipes/&t=3%20Genius%20Campfire%20Recipes%20To%20Make%20This%20Summer

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?&text=3%20Genius%20Campfire%20Recipes%20To%20Make%20This%20Summer&url=https://blog.hellofresh.com/3-campfire-recipes/

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com/3-campfire-recipes/&media=https://blog.hellofresh.com/wp-content/uploads/2021/08/721310071_HFOS_BlogPhotography_Campfire_Shot01_-scaled.jpg&description=3%20Genius%20Campfire%20Recipes%20To%20Make%20This%20Summer
Title: 9

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com/6-grilled-potato-recipes-for-summer/&t=6%20Super%20Simple%20Grilled%20Potato%20Recipes%20for%20Summer

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?&text=6%20Super%20Simple%20Grilled%20Potato%20Recipes%20for%20Summer&url=https://blog.hellofresh.com/6-grilled-potato-recipes-for-summer/

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com/6-grilled-potato-recipes-for-summer/&media=https://blog.hellofresh.com/wp-content/uploads/2021/08/721329389_HFOS_BlogPhotography_SummerPotatoes_Shot07-scaled.jpg&description=6%20Super%20Simple%20Grilled%20Potato%20Recipes%20for%20Summer
Title: 1

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com/smores-four-ways/&t=S%E2%80%99Mores%20Four%20Ways

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?&text=S%E2%80%99Mores%20Four%20Ways&url=https://blog.hellofresh.com/smores-four-ways/

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com/smores-four-ways/&media=https://blog.hellofresh.com/wp-content/uploads/2019/07/HF_Blog_Grilling-Box-Smores-Comp_2019-08_16-9.jpg&description=S%E2%80%99Mores%20Four%20Ways
Title: 7

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com/organize-your-spice-cabinet-in-a-few-simple-steps/&t=Organize%20Your%20Spice%20Cabinet%20In%20a%20Few%20Simple%20Steps

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?&text=Organize%20Your%20Spice%20Cabinet%20In%20a%20Few%20Simple%20Steps&url=https://blog.hellofresh.com/organize-your-spice-cabinet-in-a-few-simple-steps/

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com/organize-your-spice-cabinet-in-a-few-simple-steps/&media=https://blog.hellofresh.com/wp-content/uploads/2021/07/699000854_HFOS_BlogOrganizedPantry_2021-06_Shot01-scaled.jpg&description=Organize%20Your%20Spice%20Cabinet%20In%20a%20Few%20Simple%20Steps
Title: 3

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com/how-to-grow-your-own-herbs-indoors/&t=How%20to%20Grow%20Your%20Own%20Herbs%20Indoors

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?&text=How%20to%20Grow%20Your%20Own%20Herbs%20Indoors&url=https://blog.hellofresh.com/how-to-grow-your-own-herbs-indoors/

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com/how-to-grow-your-own-herbs-indoors/&media=https://blog.hellofresh.com/wp-content/uploads/2021/06/HFOS_BlogIndoorHerbs_Header_Shot01-scaled.jpg&description=How%20to%20Grow%20Your%20Own%20Herbs%20Indoors
Title: 3

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com/4-ways-to-cook-asparagus/&t=The%204%20Absolute%20Best%20Ways%20to%20Cook%20Asparagus%20According%20to%20Our%20Chefs

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?&text=The%204%20Absolute%20Best%20Ways%20to%20Cook%20Asparagus%20According%20to%20Our%20Chefs&url=https://blog.hellofresh.com/4-ways-to-cook-asparagus/

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com/4-ways-to-cook-asparagus/&media=https://blog.hellofresh.com/wp-content/uploads/2021/06/the-4-absolute-best-ways-to-cook.jpg&description=The%204%20Absolute%20Best%20Ways%20to%20Cook%20Asparagus%20According%20to%20Our%20Chefs
Title: 1

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com/perfect-burger-recipes/&t=National%20Burger%20Day%20Is%20a%20Very%20Important%20Holiday.%20Here%E2%80%99s%20How%20To%20Celebrate.

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?&text=National%20Burger%20Day%20Is%20a%20Very%20Important%20Holiday.%20Here%E2%80%99s%20How%20To%20Celebrate.&url=https://blog.hellofresh.com/perfect-burger-recipes/

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com/perfect-burger-recipes/&media=https://blog.hellofresh.com/wp-content/uploads/2021/06/HFOS_BlogPerfectBurger_Shot01-scaled.jpg&description=National%20Burger%20Day%20Is%20a%20Very%20Important%20Holiday.%20Here%E2%80%99s%20How%20To%20Celebrate.
Title: 1

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://blog.hellofresh.com/how-to-grill/&t=How%20to%20Grill%20(Almost)%20Everything

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?&text=How%20to%20Grill%20(Almost)%20Everything&url=https://blog.hellofresh.com/how-to-grill/

Search URL Search Domain Scan URL

URL: http://pinterest.com/pin/create/button/?url=https://blog.hellofresh.com/how-to-grill/&media=https://blog.hellofresh.com/wp-content/uploads/2017/06/HF170225_Extra_Shot_DE_Weber_American_Grill_Box_all_-58_low-e1498146232885.jpg&description=How%20to%20Grill%20(Almost)%20Everything
Title: 126

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/tasty/food-boxes/
Title: view our plans

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/gift/
Title: Gift Cards

Search URL Search Domain Scan URL

URL: http://www.hellofreshgroup.com/
Title: HelloFresh Group

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/jobs/
Title: Jobs

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/press/
Title: Press

Search URL Search Domain Scan URL

URL: https://www.hellofresh.at/
Title: Austria

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com.au/
Title: Australia

Search URL Search Domain Scan URL

URL: https://www.hellofresh.be/
Title: Belgium

Search URL Search Domain Scan URL

URL: https://www.hellofresh.ca/
Title: Canada

Search URL Search Domain Scan URL

URL: https://www.hellofresh.ch/
Title: Switzerland

Search URL Search Domain Scan URL

URL: https://www.hellofresh.de/
Title: Germany

Search URL Search Domain Scan URL

URL: https://www.hellofresh.co.uk/
Title: United Kingdom

Search URL Search Domain Scan URL

URL: https://www.hellofresh.nl/
Title: Netherlands

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/faq/
Title: FAQ

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/contact/
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.facebook.com/HelloFreshus/

Search URL Search Domain Scan URL

URL: https://twitter.com/HelloFresh

Search URL Search Domain Scan URL

URL: https://www.instagram.com/hellofresh/

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/hellofreshusa/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC-6yCTCOYLO2WAj1-Pc9VsQ

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/termsandconditions/
Title: Terms And Conditions

Search URL Search Domain Scan URL

URL: https://www.hellofresh.com/privacy/
Title: Privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.link.hellofresh.com/?qs=ecb2044cf0a9c25bb5cd14fd38c76b2a1b2c9527f5a22b80b21a11b9d71633b56f36781e43b08c5db00756deb9d98762147223d08672c41b4af708eebe4cf73d HTTP 302
http://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons HTTP 301
https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87

https://9917901.fls.doubleclick.net/activityi;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons HTTP 302
https://9917901.fls.doubleclick.net/activityi;dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons

Request Chain 130

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/353676082/?random=1569535300&cv=9&fst=1637601497263&num=1&value=0&label=52g2CL-m1P0CELLW0qgB&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&tiba=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&auid=1653176859.1637601497&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=2dCbYca4EeyWx_APvd6hiAg&sscte=1&crd=&eitems=ChEIgJztjAYQwJbu18rzyLGiARIdAAILfLAVKFdFsat9o4yVKQnLr8IRd0ytsHsogGU HTTP 302
https://www.google.com/pagead/1p-conversion/353676082/?random=1569535300&cv=9&fst=1637601497263&num=1&value=0&label=52g2CL-m1P0CELLW0qgB&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&tiba=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&auid=1653176859.1637601497&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=2dCbYca4EeyWx_APvd6hiAg&cid=CAQSKQCNIrLMRbexyXLyRbG9YbM1eEMldhNR8LjLDTcBcNEAxaBJJbqhZaOE&eitems=ChEIgJztjAYQwJbu18rzyLGiARIdAAILfLDwYmgPeo6G32TtOYsu8upLWP9rT1AziPM&random=1503447006&resp=GooglemKTybQhCsO HTTP 302
https://www.google.co.uk/pagead/1p-conversion/353676082/?random=1569535300&cv=9&fst=1637601497263&num=1&value=0&label=52g2CL-m1P0CELLW0qgB&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&tiba=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&auid=1653176859.1637601497&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=2dCbYca4EeyWx_APvd6hiAg&cid=CAQSKQCNIrLMRbexyXLyRbG9YbM1eEMldhNR8LjLDTcBcNEAxaBJJbqhZaOE&eitems=ChEIgJztjAYQwJbu18rzyLGiARIdAAILfLDwYmgPeo6G32TtOYsu8upLWP9rT1AziPM&random=1503447006&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAogIIkk0LBcP99j6lyfblDM2A41iDF9fmZxSfLxf0ivoY6zLNbWiSyoMHiAIeVrLC3VO5bGympq1D7YPiQFqDL

Request Chain 152

https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2617663505069&pd=%7B%22np%22%3A%22gtm%22%2C%22aem_enabled%22%3Afalse%2C%22gtm_aem_configs%22%3A%5B%5D%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%226ae4a9fc%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1637601497671 HTTP 302
https://www.pinterest.com/.well-known/attribution-reporting/trigger-attribution/redirect?trigger-data=0&priority=22 HTTP 0
https://www.pinterest.com/.well-known/attribution-reporting/trigger-attribution?trigger-data=0&priority=22

Request Chain 169

https://www.pinterest.com/ct.html HTTP 302
https://www.pinterest.co.uk/ct.html

192 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
blog.hellofresh.com/
Redirect Chain

https://click.link.hellofresh.com/?qs=ecb2044cf0a9c25bb5cd14fd38c76b2a1b2c9527f5a22b80b21a11b9d71633b56f36781e43b08c5db00756deb9d98762147223d08672c41b4af708eebe4cf73d
http://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons

96 KB
13 KB

85ms
31ms

Document
text/html

104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx / WP Engine
Resource Hash: 05e6072463e460e5b5d690a8c04e577f107e52897751e730872d122785b38872

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

server: nginx
date: Mon, 22 Nov 2021 17:18:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
link: <https://blog.hellofresh.com/wp-json/>; rel="https://api.w.org/"
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 12
x-cache-group: normal
content-encoding: br

Redirect headers

Server: nginx
Date: Mon, 22 Nov 2021 17:18:16 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Keep-Alive: timeout=20
Location: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons

GET
H2 200 sbi-styles.min.css
blog.hellofresh.com/wp-content/plugins/instagram-feed/css/ 16 KB
3 KB 26ms
25ms Stylesheet
text/css 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.1
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: df15236d4098113e3479fc540a9bd1046ca6029f5508098e9c4245a0e12fab05

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Tue, 11 May 2021 15:59:46 GMT
server: nginx
etag: W/"609aa9f2-41cd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 adsforwp-front.min.css
blog.hellofresh.com/wp-content/plugins/ads-for-wp/public/assets/css/ 1 KB
702 B 26ms
25ms Stylesheet
text/css 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/plugins/ads-for-wp/public/assets/css/adsforwp-front.min.css?ver=1.9.16.1
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: b72805902e02fb3e4dd61d116e8f34a240f5609bdfb0c699ffb950a418e5a162

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Thu, 22 Apr 2021 12:50:22 GMT
server: nginx
etag: W/"6081710e-4c0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 frontend-style.css
blog.hellofresh.com/wp-content/plugins/shortcodes-indep/css/ 10 KB
3 KB 26ms
25ms Stylesheet
text/css 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/plugins/shortcodes-indep/css/frontend-style.css?ver=5.8.2
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: c693fcb1b25a8491d16d54d3bb6027734476a8250a5d1c610e976c525aab0ba0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Mon, 21 Dec 2020 16:42:30 GMT
server: nginx
etag: W/"5fe0d076-2880"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wpProQuiz_front.min.css
blog.hellofresh.com/wp-content/plugins/wp-pro-quiz/css/ 11 KB
3 KB 27ms
25ms Stylesheet
text/css 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/plugins/wp-pro-quiz/css/wpProQuiz_front.min.css?ver=0.37
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 294494f66f4538628d463f30a44f13bf7808ae42d634e2381ee4a838b1cd7156

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Mon, 21 Dec 2020 16:42:28 GMT
server: nginx
etag: W/"5fe0d074-2ab4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 404 hellofreshbase.min.css
blog.hellofresh.com/wp-content/themes/ 0
0 27ms
25ms Stylesheet
text/html 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofreshbase.min.css?ver=5.8.2
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 404 hellofreshstyle.min.css
blog.hellofresh.com/wp-content/themes/ 0
0 27ms
26ms Stylesheet
text/html 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofreshstyle.min.css?ver=5.8.2
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 200 default.min.css
blog.hellofresh.com/wp-content/plugins/tablepress/css/ 5 KB
2 KB 27ms
26ms Stylesheet
text/css 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.13
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Fri, 19 Mar 2021 08:32:57 GMT
server: nginx
etag: W/"605461b9-13e4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.min.js Show response
blog.hellofresh.com/wp-includes/js/jquery/ 87 KB
31 KB 29ms
28ms Script
application/javascript 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: nginx
etag: W/"6048e0ac-15db1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-migrate.min.js Show response
blog.hellofresh.com/wp-includes/js/jquery/ 11 KB
4 KB 30ms
28ms Script
application/javascript 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
etag: W/"5fb4e3fe-2bd8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 172ms
51ms Script
application/javascript 2001:4de0:ac18::1:a:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: gzip
last-modified: Tue, 02 Mar 2021 17:27:20 GMT
server: nginx
etag: W/"603e7578-15d9d"
vary: Accept-Encoding
x-hw: 1637601496.dop019.ml1.t,1637601496.cds219.ml1.hn,1637601496.cds012.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 bundle.js Show response
blog.hellofresh.com/wp-content/themes/hellofresh/js/ 47 KB
14 KB 51ms
50ms Script
application/javascript 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/js/bundle.js?ver=5.8.2
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 07f0db5b960258437a21e817a5ff85ceb8fbc0bed210fc71b988fe02550616a9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Fri, 09 Jul 2021 10:00:03 GMT
server: nginx
etag: W/"60e81e23-bcc7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 base.min.css
blog.hellofresh.com/wp-content/themes/hellofresh/ 84 KB
15 KB 46ms
45ms Stylesheet
text/css 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: a154e59e6511ad6fc4acd960e13ef43395a0441f46826e05723ca03ba6f91203

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Tue, 20 Jul 2021 19:50:22 GMT
server: nginx
etag: W/"60f728fe-15095"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 style.min.css
blog.hellofresh.com/wp-content/themes/hellofresh/ 18 KB
5 KB 46ms
45ms Stylesheet
text/css 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/style.min.css
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: f8152c3844528f3dd86d971dc77819e61cffb0203a4f0e22ffbfa2a0d2978dcc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Thu, 06 May 2021 11:48:41 GMT
server: nginx
etag: W/"6093d799-4634"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 267 KB
69 KB 155ms
59ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dabda2f742e3dae9dd3fefa357afa5831a3695dbc362d29cfb7aca9e631e155

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 70220
x-xss-protection: 0
server: sffe
date: Mon, 22 Nov 2021 17:18:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "cd59525a8a19a729"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 22 Nov 2021 17:18:16 GMT

GET
H2 200 amp-script-0.1.js Show response
cdn.ampproject.org/v0/ 58 KB
21 KB 92ms
43ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-script-0.1.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0f41527ec768da3f52c4e9043a00b57e08ceaafabb992c1114bdf36a6122bfc

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20186
x-xss-protection: 0
server: sffe
date: Mon, 22 Nov 2021 17:18:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "67a726fd72d0671c"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 22 Nov 2021 17:18:16 GMT

GET
H2 200 logo_hf_new_100x91.png
blog.hellofresh.com/wp-content/themes/hellofresh/images/ 4 KB
5 KB 26ms
22ms Image
image/png 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/images/logo_hf_new_100x91.png
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 41b3d4dd3ef762aaeff7f975cfa7ace758219fcc26e483848d55713d1a6e4bef

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Thu, 01 Apr 2021 09:36:10 GMT
server: nginx
etag: "6065940a-113d"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 4413

GET
H2 200 HF_Global_Search.svg
blog.hellofresh.com/wp-content/themes/hellofresh/images/icons/ 603 B
574 B 28ms
24ms Image
image/svg+xml 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/images/icons/HF_Global_Search.svg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 99df51d06ea98fb68e503f819e66663928dbadd5def5dde0c7c75fdda9bc587e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Mon, 12 Jul 2021 10:58:03 GMT
server: nginx
etag: W/"60ec203b-25b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 HF_Global_Notification.svg
blog.hellofresh.com/wp-content/themes/hellofresh/images/icons/ 347 B
473 B 28ms
24ms Image
image/svg+xml 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/images/icons/HF_Global_Notification.svg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: c15c4f7421dc6e0c560932dbef05b71868332e6f4b0a5b0b17a3c60fa7aa518b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Mon, 12 Jul 2021 10:57:59 GMT
server: nginx
etag: W/"60ec2037-15b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 HelloFresh_Blog_Logo_522x111.png
blog.hellofresh.com/wp-content/uploads/2021/04/ 4 KB
4 KB 29ms
25ms Image
image/png 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/04/HelloFresh_Blog_Logo_522x111.png
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: b03c121ddec98e201c217f7319ddaaef811345a07c76700bf1a83d6328af5cc2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Mon, 12 Apr 2021 11:59:43 GMT
server: nginx
etag: "6074362f-f1a"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 3866

GET
H2 200 icon_arrow_right_white.png
blog.hellofresh.com/wp-content/themes/hellofresh/images/shared/icons/ 393 B
595 B 29ms
25ms Image
image/png 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/images/shared/icons/icon_arrow_right_white.png
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: ef19bb18745962b2ab6e01697052fc5013f9724e42a760e90a526bbff2e603f0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Thu, 01 Apr 2021 09:20:25 GMT
server: nginx
etag: "60659059-189"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 393

GET
H2 200 meals-for-moms-47-1536x1024.jpg
blog.hellofresh.com/wp-content/uploads/2021/08/ 326 KB
327 KB 30ms
26ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/08/meals-for-moms-47-1536x1024.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0acee3b3b1b8d349b7fbc7d53cf46ff3763b5521480bb7863ef6759ba4e14db9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Mon, 23 Aug 2021 21:02:06 GMT
server: nginx
etag: "61240cce-51964"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 334180

GET
H2 200 icon_slider_left.png
blog.hellofresh.com/wp-content/themes/hellofresh/images/icons/ 625 B
826 B 43ms
39ms Image
image/png 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/images/icons/icon_slider_left.png
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 77ee2a3fd8bcabe8c608b049dfa721e20bb0f19f31eb7b1010f90ff2b458cb98

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Thu, 01 Apr 2021 09:20:12 GMT
server: nginx
etag: "6065904c-271"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 625

GET
H2 200 icon_slider_right.png
blog.hellofresh.com/wp-content/themes/hellofresh/images/icons/ 629 B
830 B 43ms
39ms Image
image/png 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/images/icons/icon_slider_right.png
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: cd90b1617912a1b787050d3f3a26ca1185196d20ad15f182d74a80f5524b6cd1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Thu, 01 Apr 2021 09:20:12 GMT
server: nginx
etag: "6065904c-275"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 629

GET
H2 200 icon_search_white.png
blog.hellofresh.com/wp-content/themes/hellofresh/images/shared/icons/ 476 B
677 B 28ms
25ms Image
image/png 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/images/shared/icons/icon_search_white.png
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 979c84a37e845d041cb6229f53783d367176ee12b720553552cd3161e0262a8d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Thu, 01 Apr 2021 09:20:28 GMT
server: nginx
etag: "6065905c-1dc"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 476

GET
H2 200 HF_New_Packshot.jpg
blog.hellofresh.com/wp-content/uploads/2021/05/ 106 KB
106 KB 29ms
26ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/05/HF_New_Packshot.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 01bd9a81825652a9a7202cacca89efb981488316f3157728f5965323c6a0561d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Wed, 19 May 2021 08:59:43 GMT
server: nginx
etag: "60a4d37f-1a677"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 108151

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 210ms
49ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CF5) /
Resource Hash: 00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:18:16 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Oct 2021 18:33:56 GMT
Server: ECS (mil/6CF5)
Age: 70
Etag: "a709ab1b2c0d5d5e7c19895f6e1dcbfd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 29104

GET
H2 200 platform.js Show response
apis.google.com/js/ 52 KB
21 KB 128ms
56ms Script
application/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6f240289a734627895e80a5f88d3eb4750a6ad30f92c2b308f3b752b2aab26c2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pvzSoKLKsfZ8rR0RDpcbdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "f4cf049c4b030cf1eda98e73f6420757"
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-pvzSoKLKsfZ8rR0RDpcbdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires: Mon, 22 Nov 2021 17:18:16 GMT

GET
H2 200 cookie.js Show response
blog.hellofresh.com/wp-content/themes/hellofresh/js/ 3 KB
2 KB 28ms
25ms Script
application/javascript 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/js/cookie.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 96dccaa929e6a14f0f439d8597777a97b22720516942d36fc625ae11e85c3ada

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Mon, 21 Dec 2020 16:42:27 GMT
server: nginx
etag: W/"5fe0d073-cb4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 app.js Show response
blog.hellofresh.com/wp-content/themes/hellofresh/js/ 4 KB
2 KB 28ms
26ms Script
application/javascript 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/js/app.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7bcaf2f09b6263996c650d935b363ad89d0f6285b0d0ddc30f4418016c449afb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Mon, 21 Dec 2020 16:42:27 GMT
server: nginx
etag: W/"5fe0d073-f3a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 ads-front.min.js Show response
blog.hellofresh.com/wp-content/plugins/ads-for-wp/public/assets/js/ 7 KB
3 KB 24ms
24ms Script
application/javascript 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/plugins/ads-for-wp/public/assets/js/ads-front.min.js?ver=1.9.16.1
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: a1a86586e73a2daff4b9bccc2eef0e09c34c1683c5487e710a7f10c742f6bce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Thu, 22 Apr 2021 12:50:22 GMT
server: nginx
etag: W/"6081710e-1dd6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 ads-frontend.min.js Show response
blog.hellofresh.com/wp-content/plugins/ads-for-wp/public/assets/js/ 1 KB
631 B 24ms
24ms Script
application/javascript 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/plugins/ads-for-wp/public/assets/js/ads-frontend.min.js?ver=1.9.16.1
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: dab5fc88424d51257fc91bb0cd946e4f61dec6af379c8c6659a4e4d231ff607b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Thu, 22 Apr 2021 12:50:22 GMT
server: nginx
etag: W/"6081710e-427"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wp-embed.min.js Show response
blog.hellofresh.com/wp-includes/js/ 1 KB
947 B 24ms
23ms Script
application/javascript 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-includes/js/wp-embed.min.js?ver=5.8.2
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
etag: W/"5ff5d754-592"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 sbi-scripts.min.js Show response
blog.hellofresh.com/wp-content/plugins/instagram-feed/js/ 25 KB
8 KB 25ms
24ms Script
application/javascript 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=2.9.1
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2717481d28d98b22e3277c45a2a0529b5044aef42d8f262ca7e11e73240c563d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Tue, 11 May 2021 15:59:46 GMT
server: nginx
etag: W/"609aa9f2-6571"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 e-202147.js Show response
stats.wp.com/ 9 KB
3 KB 61ms
18ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202147.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT lhr
date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 14 Nov 2022 00:13:52 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 257 KB
76 KB 146ms
74ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-DBTX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6c0fafce918fb220ee3332459f37b20ce4d705fe16908bc027308958506df366

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77888
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 22 Nov 2021 17:18:16 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 265 KB
71 KB 111ms
39ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KMWJG5K

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5a0d1630aa4ac37c7ba538cf3939659114530fadea02c3d39b331e5ac5acb518

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72686
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 22 Nov 2021 17:18:16 GMT

GET
H2 200 page.php Show response
www.facebook.com/plugins/ Frame 8CD7 15 KB
9 KB 287ms
179ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0b1eac7300aadf292d5148f6cb8cc5de2134b3dab660705293b9a9afe098078f

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 48orDfoQVbPtIUABJzRh5SZfDJZQYV404C1Fn9uNa+DyDne+xk7P8Ye39POhRJwkWaU0c98nGFDdbvJV5NESbQ==
date: Mon, 22 Nov 2021 17:18:16 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

GET
H2 200 HFBlog_Header_Left.png
blog.hellofresh.com/wp-content/uploads/2021/05/ 43 KB
43 KB 43ms
43ms Image
image/png 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/05/HFBlog_Header_Left.png
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 49529fbc705939cb6be69998dfdede76d26514c3ba61a6291d6996877a0f3ac4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Wed, 19 May 2021 08:59:39 GMT
server: nginx
etag: "60a4d37b-aacc"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 43724

GET
H2 200 HFBlog_Header_Right1.png
blog.hellofresh.com/wp-content/uploads/2021/07/ 37 KB
37 KB 43ms
43ms Image
image/png 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/07/HFBlog_Header_Right1.png
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 884c315239c4626d7054efba05bf344fb993da6ef2ea62c39cf84251c5ee3f28

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Tue, 20 Jul 2021 19:47:06 GMT
server: nginx
etag: "60f7283a-9295"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 37525

GET
H2 200 meals-for-moms-47-690x460.jpg
blog.hellofresh.com/wp-content/uploads/2021/08/ 118 KB
118 KB 42ms
42ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/08/meals-for-moms-47-690x460.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0678d939c9aea46c3f7a423a791dcb27e8c8fbcad3869a2ca3b59336450741b5

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Mon, 23 Aug 2021 21:02:08 GMT
server: nginx
etag: "61240cd0-1d633"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 120371

GET
H2 200 HF_ChocolateChipCookies_Blog_Shot01-690x388.jpg
blog.hellofresh.com/wp-content/uploads/2021/08/ 151 KB
151 KB 42ms
41ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/08/HF_ChocolateChipCookies_Blog_Shot01-690x388.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: bc0c2a453e8b861c2c99fc47181cc6f98dfef752409bb6f2b959969126ca6966

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Mon, 23 Aug 2021 15:37:21 GMT
server: nginx
etag: "6123c0b1-25be9"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 154601

GET
H2 200 721310071_HFOS_BlogPhotography_Campfire_Shot01_-690x389.jpg
blog.hellofresh.com/wp-content/uploads/2021/08/ 147 KB
147 KB 42ms
41ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/08/721310071_HFOS_BlogPhotography_Campfire_Shot01_-690x389.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 198f673d426c5f5ab9b973217e0e06b6fa1eda2707c4fa6fa3d067bac346fc5a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Mon, 16 Aug 2021 17:47:53 GMT
server: nginx
etag: "611aa4c9-24c16"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 150550

GET
H2 200 721329389_HFOS_BlogPhotography_SummerPotatoes_Shot07-690x388.jpg
blog.hellofresh.com/wp-content/uploads/2021/08/ 155 KB
156 KB 46ms
46ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/08/721329389_HFOS_BlogPhotography_SummerPotatoes_Shot07-690x388.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 79f256abd169c1a581692a2700ecf884fe830716c8989c3dc2d89bc3fc32b65d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Tue, 10 Aug 2021 15:56:27 GMT
server: nginx
etag: "6112a1ab-26d2a"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 159018

GET
H2 200 HF_Blog_Grilling-Box-Smores-Comp_2019-08_16-9-690x388.jpg
blog.hellofresh.com/wp-content/uploads/2019/07/ 33 KB
33 KB 46ms
46ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2019/07/HF_Blog_Grilling-Box-Smores-Comp_2019-08_16-9-690x388.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4945f050a159a66ebe10bf502988bcec4f944fd846e790d04c1d17c61bd8b68c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Mon, 12 Apr 2021 19:38:03 GMT
server: nginx
etag: "6074a19b-84ce"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 33998

GET
H2 200 699000854_HFOS_BlogOrganizedPantry_2021-06_Shot01-690x388.jpg
blog.hellofresh.com/wp-content/uploads/2021/07/ 114 KB
114 KB 46ms
46ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/07/699000854_HFOS_BlogOrganizedPantry_2021-06_Shot01-690x388.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5199e625183cd671fa41884c07a9ee8b320a0f882ec67d734a7b0d0f29ba97fc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Wed, 28 Jul 2021 14:45:05 GMT
server: nginx
etag: "61016d71-1c6d0"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 116432

GET
H2 200 HFOS_BlogIndoorHerbs_Header_Shot01-690x389.jpg
blog.hellofresh.com/wp-content/uploads/2021/06/ 120 KB
120 KB 52ms
52ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/06/HFOS_BlogIndoorHerbs_Header_Shot01-690x389.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 677457a7a6888e52549734300f4603e255f8725831df39b8a6935bb9708dcc9d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Thu, 01 Jul 2021 20:37:07 GMT
server: nginx
etag: "60de2773-1de19"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 122393

GET
H2 200 the-4-absolute-best-ways-to-cook-690x388.jpg
blog.hellofresh.com/wp-content/uploads/2021/06/ 48 KB
48 KB 52ms
52ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/06/the-4-absolute-best-ways-to-cook-690x388.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: ec7c07878f52ad73890557fa14ab0049f06be71ff1518bfbfb537743fc37f3e2

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Fri, 04 Jun 2021 13:46:29 GMT
server: nginx
etag: "60ba2eb5-c07d"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 49277

GET
H2 200 HFOS_BlogPerfectBurger_Shot01-690x388.jpg
blog.hellofresh.com/wp-content/uploads/2021/06/ 70 KB
70 KB 52ms
51ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/06/HFOS_BlogPerfectBurger_Shot01-690x388.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 06f1a5a8103b6ea0dba8412080462a13a199f2be81d1f7adcd5808c1fff39b9a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Thu, 03 Jun 2021 14:34:36 GMT
server: nginx
etag: "60b8e87c-116f0"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 71408

GET
H2 200 HF170225_Extra_Shot_DE_Weber_American_Grill_Box_all_-58_low-690x460.jpg
blog.hellofresh.com/wp-content/uploads/2017/06/ 106 KB
106 KB 52ms
51ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2017/06/HF170225_Extra_Shot_DE_Weber_American_Grill_Box_all_-58_low-690x460.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: e8a54936fbb2efbdbea053d91e83b80f58c45c5b761a2504f7798e0b9eafd64c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Mon, 21 Dec 2020 16:37:06 GMT
server: nginx
etag: "5fe0cf32-1a605"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 108037

GET
H2 200 icon-family.svg
blog.hellofresh.com/wp-content/themes/hellofresh/images/shared/icons/ 2 KB
1 KB 51ms
51ms Image
image/svg+xml 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/images/shared/icons/icon-family.svg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/style.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 251fd37b1ddfc981332472c35c53d88220a54dbbab82cb2468565a4ef58f3e0c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/wp-content/themes/hellofresh/style.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
last-modified: Mon, 05 Apr 2021 06:52:18 GMT
server: nginx
etag: W/"606ab3a2-695"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 HFBlog_BG_1920x10801.jpg
blog.hellofresh.com/wp-content/uploads/2021/06/ 275 KB
275 KB 54ms
53ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/06/HFBlog_BG_1920x10801.jpg
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9d311b6803fbdb039d669109e0c7dac9806863c09989fdeb5e514b7bbec8524f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Wed, 02 Jun 2021 15:51:39 GMT
server: nginx
etag: "60b7a90b-44a14"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 281108

GET
H2 200 SourceSansPro-Regular.otf
blog.hellofresh.com/wp-content/themes/hellofresh/fonts/ 124 KB
125 KB 54ms
53ms Font
application/octet-stream 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/fonts/SourceSansPro-Regular.otf
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2b92de018f47ad48c371f8ae1a5ace7c3031836c9b0144f34b81be9332cb5e5c

Request headers

Referer: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
Origin: https://blog.hellofresh.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Fri, 02 Apr 2021 08:13:18 GMT
server: nginx
etag: "6066d21e-1f1d8"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 127448

GET
H2 200 SourceSansPro-Bold.ttf
blog.hellofresh.com/wp-content/themes/hellofresh/fonts/ 145 KB
146 KB 54ms
53ms Font
application/octet-stream 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/fonts/SourceSansPro-Bold.ttf
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5635ab88dda8bbd76e60e076cf2403094f3c4397f4358a42e66153514d8ef01b

Request headers

Referer: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
Origin: https://blog.hellofresh.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Fri, 02 Apr 2021 08:13:17 GMT
server: nginx
etag: "6066d21d-245c4"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 148932

GET
H2 200 Glyphter-icon-layout.woff
blog.hellofresh.com/wp-content/themes/hellofresh/fonts/ 4 KB
4 KB 54ms
53ms Font
font/woff 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/fonts/Glyphter-icon-layout.woff
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 04fa21be028c52290c0cb1202a8c4953abdc4dc4fc3f8dc6fc7426183fee168a

Request headers

Referer: https://blog.hellofresh.com/wp-content/themes/hellofresh/base.min.css
Origin: https://blog.hellofresh.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
last-modified: Fri, 02 Apr 2021 08:13:12 GMT
server: nginx
etag: "6066d218-10e8"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 4328

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/ 930 B
1 KB 115ms
30ms Script
application/javascript 52.222.250.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.250.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-250-8.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 04:26:55 GMT
Via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront)
Age: 46281
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 930
Pragma: public
Last-Modified: Wed, 06 May 2020 20:19:48 GMT
Server: nginx
ETag: "5eb31be4-3a2"
Content-Type: application/javascript
Cache-Control: max-age=86400, public
X-Amz-Cf-Pop: FRA60-P3
Accept-Ranges: bytes
X-Amz-Cf-Id: OI0hUYfc5UFlk8qvKtsdISa13WpIW7DIIj6arBL7pW8zYIE-qUywPw==
Expires: Tue, 23 Nov 2021 04:26:55 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 18ms
17ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A9.7.1&blog=124804378&post=0&tz=-5&srv=blog.hellofresh.com&host=blog.hellofresh.com&ref=&fcp=650&rand=0.7924008612520592
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Nov 2021 17:18:16 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/ 123 KB
124 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c150a90d41710628105ad44fffa944fb9d1435ddf06471f7f9440483ea6c31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 08:46:09 GMT
x-content-type-options: nosniff
age: 462727
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125976
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Nov 2022 08:46:09 GMT

GET
H2 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/ 119 KB
41 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6234eaedb342e4e72f54a63e5889421e372d14c72f6aa7315b6e48c242685600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 16:55:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 519793
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41526
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Nov 2022 16:55:03 GMT

GET
H2 200 subscribe_embed Show response
www.youtube.com/ Frame 233B 2 KB
2 KB 123ms
54ms Document
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC-6yCTCOYLO2WAj1-Pc9VsQ&layout=default&count=default&origin=https%3A%2F%2Fblog.hellofresh.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

37ecbd3a069afeb7cfd847ee4b988fab6e4129ac68578e05103b17be8abf5947

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 22 Nov 2021 17:18:16 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 p.js Show response
cdn.parsely.com/keys/hellofresh.com/ 47 KB
18 KB 121ms
38ms Script
application/javascript 18.66.100.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/hellofresh.com/p.js
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.100.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b01e61628cb1a50e6b3ba2ae02293dd71f616b90282fd3576c8644439a5c7d91

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: public
date: Mon, 22 Nov 2021 09:46:44 GMT
content-encoding: gzip
last-modified: Tue, 16 Feb 2021 16:58:25 GMT
server: nginx
age: 27092
etag: W/"602bf9b1-bd2f"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 367a4718be97a49df7ac0500a986437b.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: iaLKLn0WB1rPYlY1sBFEY6SkIwF4FKbO3uXBc3HsECvvr8OXohMyTg==
expires: Tue, 23 Nov 2021 09:46:44 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 164 KB
60 KB 75ms
38ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-43NCVZT4H8&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMWJG5K

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5f851dd00ebe1d53f8e20d5be57e19fd76a925599d00747a7c832484f52e8e84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61902
x-xss-protection: 0
expires: Mon, 22 Nov 2021 17:18:16 GMT

GET
H/1.1 200
OK tv2track.js Show response
collector-905.tvsquared.com/ 20 KB
9 KB 430ms
110ms Script
application/javascript 3.13.222.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-905.tvsquared.com/tv2track.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.13.222.229 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-13-222-229.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: a463aa6666ce0abcabf8033013cfe881fdbfb570389aff471d400a45b3a496d4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:18:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Nov 2021 10:21:30 GMT
Server: nginx
ETag: "61977aaa-2133"
Content-Type: application/javascript
Cache-Control: max-age=600
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 8499
Expires: Mon, 22 Nov 2021 17:28:17 GMT

GET
H2 200 measurement
tms.hft.hellofresh.com/ 0
136 B 756ms
708ms Image
text/plain 2001:4860:4802:34::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tms.hft.hellofresh.com/measurement?v=1&tid=UA-27893453-9&cid=235567081.1637601496&_gid=339700340.1637601496&t=pageview&dt=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&dh=blog.hellofresh.com&dr=&de=UTF-8&jid=213435456&gjid=191522228&dl=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&dp=%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&sd=24-bit&sr=1600x1200&vp=1600x1200&ul=en-US&cd9=true&cd93=NAVIGATE&cd94=New&cd96=1&cd97=f927e821-d9ea-481a-a32c-00a463bd59ff&cd99=US&gjid=191522228&_gid=339700340.1637601496&z=1637601496956
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
via: 1.1 google

GET
H2 200 collect
stats.g.doubleclick.net/j/ 0
0 75ms
24ms Image
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&v=1&_r=3&_v=j91&tid=UA-27893453-9&cid=235567081.1637601496&jid=213435456&gjid=191522228&_gid=339700340.1637601496
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 412ms
339ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&v=1&_r=4&_v=j91&slf_rd=1&tid=UA-27893453-9&cid=235567081.1637601496&jid=213435456

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html Show response
platform.twitter.com/widgets/ Frame B3EB 319 KB
103 KB 49ms
49ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fblog.hellofresh.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CE7) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 409810
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Nov 2021 17:18:16 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Mon, 18 Oct 2021 18:32:00 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (mil/6CE7)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 104ms
70ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: NsnLtTAX+Fh4V/bJm/q7jVpyBLT9f5V9VEygTTRsziBHYN4I8hE1ku+oqkveEzmobo+p3W1u9qEo4G5xtwuqqQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 102ms
65ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: LRaFSJxc5m1UedBs6wDw7pylPD9V2iva+RUMm1ynZA6yu/G/9v4uJm3W5aoFh979B2Z75dNpqNaMjzaC4R5tVw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 102ms
64ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: X/1/itHTQgy/sgU/EO9z5zEdgVlUWgCfgHdmRl24bWPSNyS/NCoF6HUSzznjmxdKWRUB5R2e0qPk/vG/uLu4NQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 104ms
69ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: PkQHaHlDc1Vp6/vFNCbK6I8u+3egnRt7NsMMbajwOk4WGK7ouvHT4/agqzf1xFtmWSsxeTJ/sJvTfOT5wyt5wQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 89ms
63ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: ClAOx2AFpvsvmudUfPZ1kMRl9+mSiX02a6JSyuz3Bpdf0ZwsuuwTnTQl4szRna6NfHxb8TdFjJCWLmtpBm7RWA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 91ms
66ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: pLnA4ozGdiPyCcoFJpFfsUJV+YA7DNgA9xqNMIwJ2pvI5lYp4VQnOiUhTavFHRgLL70za1YksWpQfvWh9upRUw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 88ms
65ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: HJZtGyXoIu0+9lyb5n8lsUN5gW6hXOmm3NwFWKXOppGJfTnmUZ1sfZEfWEO9UfVG6ykpi3PXFmWYQfqo8DsFMQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 85ms
63ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: razaXN5I2W1TAl+8gBlJpZ+h77rSOMJ6R3wTuZNp2qIufPwsHKK5WacFWq69eAiSvAtrkU2KtX8VBnmeUl0KMg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 94ms
69ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: lfG7zoR7dlE25rTPyi2Vt1Gas/oN6bGTfpAWlZ+bhNIqvocrJYcBm5Pvl0pFSxA2GXcGmrDJ7vbdSwYXdd5COg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 107ms
87ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 1JjqqCC1O1SMwLIVwY4wscNYvwU2uWjm5fj7dLGNfnIueQkPcjPNAxXxZn3qaOxvgXPSi8M5BYl/D7NDZPutvg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 86ms
64ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: vvhEC96Tbhg5q2Hy6nB0Hna8pANkWp5YUd274AJQzm+diVOFEe+DZzATBdkpCAwwy2P8NRE/2eahbKwb9rhWSQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 84ms
63ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: l54UjXADjBVqf8GluDgIa5Hz+FJ1gT3pMxEvBqjI4AOqR/j4crY0wM0TYnMBboU9n4BQkrX+FAEBQEB12I+7PA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 82ms
66ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: ZWLvJDG0UYRll313mikkOtBCIQdcUn51Ag3er0F7iMN6sFKe8c9JjWYl0NEvfOY73G5lhW3dosLi45yCU9kGjw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 88ms
72ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: H8h7nD/LVM5Sq5iSGt2KN+sGr1vNAH1qwem/ZVN8FfMSeWI9r0vtcCQxPr81iwRTu2UCY09iQB5ObxVO1jCLUg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
41 B 71ms
61ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: BmeVmAVZLF2N7HPUUZBAAS/FvI9sxKA9cwPQwCkbbDU0C8rTxfrI6auKbR6dz9lBfeQwuYhHJXFmZssAz+yrIg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 87ms
71ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: raRW5mdRiWCp1qsgnJ1TZfXZZjW8lk/X8n97AXhj41ONYL9xTMAt3HJgRSb6AfLMoAz3eqI4YlkmQItj3l2pXA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 81ms
65ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: o/iaqWrPkDVyWGCWxYLAphnQ336OVGchBu/Yldrh0SjxvY0WZzH3fUrMDEUY7fpTGBq4h682+A6hwfI0PTbjlQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 81ms
65ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 9zmmcsrtA7mu7VhkL3tfL4lrWxjwsULvxv0IqjRqrYioaOkC0EuZDY9JcQPvGZR4M16Z39jhCKikGmhMT+5EAg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 82ms
67ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: kqty9Qux2RWPj1buhQwQZv+hiuksPN9uC9NKj0v3qZJiWsbowvXiRAYCxZeMs8I8AwS3INOzbF+Y4n5+cliFeQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 77ms
66ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: AXvo6anNsGv0qY49aUq8eUZYQv0E8uXL4FSr8QSjdqOInxMJM1MUw5LnBf7Jru+YZcaxl3jqEA+dtyzrdJvHgg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 8CD7 0
30 B 83ms
73ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: pew1hELz0iQNGxK6RS3Pszd5Q7jrGSUMy3f6NrlV8MsQsPQ5gAoimF32zt+/6HbI99oDvzI9+MV7ftQ7gyFBug==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

GET
H3

200

activityi;dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3... Show response
9917901.fls.doubleclick.net/ Frame D71F
Redirect Chain

https://9917901.fls.doubleclick.net/activityi;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F...
https://9917901.fls.doubleclick.net/activityi;dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=ht...

659 B
518 B

77ms
40ms

Document
text/html

142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9917901.fls.doubleclick.net/activityi;dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-DBTX

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f6.1e100.net

Software

cafe /

Resource Hash

078f60cf9ea93ef9cdd0e76a4d308ca584c4c9953f7755f9fe2b90d4bb88f32b

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 22 Nov 2021 17:18:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 493
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 22 Nov 2021 17:18:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://9917901.fls.doubleclick.net/activityi;dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
832 B 296ms
153ms Script
application/javascript 2a02:26f0:fb:599::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-DBTX
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:fb:599::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 909c959034304ea400b41eea4326c355e0e7c4c8cf76369f8430756362d11bef

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "95580b4fad0d5513b92f05a5be0d5a38"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
x-fallback: 21f0c68-95.100.153.103
accept-ranges: bytes
content-length: 583
access-control-expose-headers: X-CDN

GET
H2 200 scevent.min.js Show response
sc-static.net/ 18 KB
7 KB 110ms
46ms Script
application/javascript 143.204.207.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-DBTX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.207.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-207-37.fra53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 0cc2be64b24f8ae3f9951a81ce4964ea31e5663f5f739d7f34cf9dbaef8ae2c6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
server: CloudFront
x-amz-cf-pop: FRA53-C1
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 6816
via: 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
x-amz-cf-id: J2B1wlHp4Ef4220yo8o3ljJDEBBfCuDk6_LLmeGVXq70MtZjSy5c1Q==

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 156ms
49ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-DBTX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 04686da390f8eec3ccd75869fa71e22cad452cfcff6ffa31c979f599d64831d8

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Wed, 03 Nov 2021 15:08:58 GMT
server: snooserv
etag: "3fbf36d562f1d2a543a89683060265ed"
vary: Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-encoding: gzip
content-length: 7632

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
15 KB 121ms
42ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-DBTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14378
x-xss-protection: 0
server: cafe
etag: 684346926396516684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 22 Nov 2021 17:18:17 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 89ms
30ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: EqnIuYv45PFgpqE1hzes/hf0N54tj9R2O6d3i0g0qjZHFTF3tgjWCxb7hdnyZQyvdhh2rU0Qcg2zVBVR+vWOgA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 i.js Show response
tag.bounceexchange.com/3055/ 33 KB
10 KB 58ms
19ms Script
text/plain 34.120.253.250
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.bounceexchange.com/3055/i.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: fasthttp /
Resource Hash: d8d4458c2680a33783b728134ac6e229ade65b94d82857b1d04464f95a0a996b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:10 GMT
content-encoding: gzip
server: fasthttp
age: 7
etag: 07981e76a7c875
content-type: text/plain; charset=utf-8
via: 1.1 google
cache-control: public,max-age=60
x-region: us-central1
timing-allow-origin: *
alt-svc: clear
content-length: 9831
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://d1n00d49gkbray.cloudfront.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

GET
H2 200 sv.js Show response
track.securedvisit.com/js/ 59 KB
24 KB 360ms
171ms Script
application/javascript 54.86.138.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track.securedvisit.com/js/sv.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.138.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-86-138-233.compute-1.amazonaws.com
Software: nginx/1.20.1 /
Resource Hash: ea844e68b77179486e8847958d0395167e0d0a0a7e1927495a01f66ee28ded1b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
last-modified: Mon, 22 Nov 2021 17:18:17 GMT
server: nginx/1.20.1
etag: W/"a24fb0c2731fc914353e3d07a3f5c611"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: proxy-revalidate, no-cache, private, must-revalidate, max-age=0
expires: Mon, 22 Nov 2021 17:18:17 GMT

GET
H2 200 1.js Show response
azetbd4r.micpn.com/p/js/ 48 KB
16 KB 201ms
136ms Script
text/javascript 18.66.139.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://azetbd4r.micpn.com/p/js/1.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 95382bba03de2c298af35f13da95b917e724099246a82d5d9a43330ac76fbd26

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-amz-cf-pop: FRA60-P4
p3p: policyref="https://movableink.com/w3c/p3p.xml", CP="DEVa PSAa PSDa IVAa IVDa OUR IND DSP NON COR NAV UNI"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
cache-control: no-cache max-age=0
timing-allow-origin: https://blog.hellofresh.com
x-amz-cf-id: xeHTZpdqXr23KNZzl9BMgH_hc480WV7MuknE22mU09OwhWZEUvwREw==
x-uuid: 12e2ee35-eb4f-4f33-9ad6-fcf2410c24e7
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1 200
OK chat.js.gz Show response
web-chat-tag-cdn.s3.eu-west-1.amazonaws.com/Brie/ 486 KB
138 KB 145ms
53ms Script
text/javascript 52.218.61.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://web-chat-tag-cdn.s3.eu-west-1.amazonaws.com/Brie/chat.js.gz
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.61.240 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-eu-west-1-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 89653cd6b8d2b8645362bb1da785cc15f943a40a2e3dc6d2e761ddd739d0cf75

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:18:18 GMT
Content-Encoding: gzip
Last-Modified: Fri, 12 Nov 2021 17:56:03 GMT
Server: AmazonS3
x-amz-request-id: ZRRCDM4E03BZ7DGN
ETag: "77d3dd3816a7730f52daa1ffb634c382"
x-amz-version-id: bK1XRf9qEGOrWmWsMawxl6UNdiWnSx3n
x-amz-replication-status: FAILED
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 141176
x-amz-id-2: b1WsO6dBUSfJpUR3q5i17i/23aBncSuJEfHiGqfbfSdoyLZKqNv6aoBOPiwrapwqNHam3XjE6+A=

GET
H/1.1 200
OK tag.js Show response
www.mczbf.com/tags/11058/ 22 KB
9 KB 93ms
29ms Script
application/javascript 2600:9000:2156:be00:16:4ed5:12c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mczbf.com/tags/11058/tag.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:be00:16:4ed5:12c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: d29193f923df3f407d75ba6ec566423d1d5e0582ba68fc33880193d3967b670e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:09:53 GMT
Content-Encoding: gzip
Connection: keep-alive
Server: nginx
Age: 504
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=UTF-8
Via: 1.1 45de888accabe1a1cb5a389e8c9c1e07.cloudfront.net (CloudFront)
Cache-Control: max-age=1800
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: V9XO5_1w5voQ9k143nlIXpd-SIFAlUZk8m9MocK7jmJqr842RJaA0w==
X-Request-ID: 024b2516-4bb7-11ec-953c-511858ec60ee

GET
H2 200 itpcookies Show response
hft.hellofresh.com/function/ 28 B
465 B 66ms
27ms XHR
text/html 34.120.20.123
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://hft.hellofresh.com/function/itpcookies?domain=hellofresh.com
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.20.123 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 123.20.120.34.bc.googleusercontent.com
Software: Google Frontend / Express
Resource Hash: 18b57c5d9048240752a959a4b86e60a74cdb9822c66ee321cbfc8d515f64cd6b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
server: Google Frontend
access-control-allow-headers: Content-Type
x-powered-by: Express
etag: W/"1c-ltOjEfcT7/6E12sRTFE0QI7d7r4"
content-type: text/html; charset=utf-8
access-control-allow-origin: https://blog.hellofresh.com
x-cloud-trace-context: 418006e8ee5f48a50a1f12dc6aad1b80
cache-control: private
access-control-allow-credentials: true
function-execution-id: x6pewxx7rrzg
alt-svc: clear
content-length: 48
via: 1.1 google

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 117 KB
35 KB 254ms
189ms Script
application/javascript 2.16.186.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C09GJJ5OQ3DFKFN94O00&lib=ttq
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.123 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-123.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 0b850991db54c2e0c6a6b7a3c818d88205ced62b9f93665cca47f9cb2802b208

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-akamai-request-id: edd29378.2345c821
date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-64-122-111.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-16-186-119.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-parent-response-time: 159,2.16.186.119
server-timing: cdn-cache; desc=MISS, edge; dur=156, origin; dur=4, inner; dur=1
pragma: no-cache
server: nginx
x-tt-logid: 2021112217181701024524413809F15262
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 4,23.64.122.111
x-tt-trace-host: 01b7d9b932a5e257c6ac0dece02bd089ab898478f527475998c46ff99873f940ac5982ef9664a230ccc4d8496bea6cb919e611391fcc532d458d1ae8a7dec56cf40abdc92bf0b07643963898499238505b5c87121c66ed181a8a1c894bfd96890d7a9d370ca891b12b92f96a1c3f923f68
expires: Mon, 22 Nov 2021 17:18:17 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 117 KB
35 KB 233ms
199ms Script
application/javascript 2.16.186.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C17QSE3D7BBN20GTF5HG&lib=ttq
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.123 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-123.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 0b850991db54c2e0c6a6b7a3c818d88205ced62b9f93665cca47f9cb2802b208

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-akamai-request-id: a177a1df.2345c831
date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-64-122-117.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-16-186-119.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-parent-response-time: 164,2.16.186.119
server-timing: cdn-cache; desc=MISS, edge; dur=156, origin; dur=9, inner; dur=2
pragma: no-cache
server: nginx
x-tt-logid: 20211122171817010245019054063C87BB
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.64.122.117
x-tt-trace-host: 01b7d9b932a5e257c6ac0dece02bd089ab898478f527475998c46ff99873f940ac75dfdc4e6ba2b8653679fb786b1b2868342aa2391df2a8a6dc99e22632aaff3dd5a397f19a21418e76a1600d63820ab975f5cee8aa93a4d422b8436d8c6861746b1d46758af32777d7b0a624c691762a
expires: Mon, 22 Nov 2021 17:18:17 GMT

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 8 KB
3 KB 122ms
39ms Script
application/x-javascript 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 998d9415269d92557b561a936955f7590d5052865044a9191a528b5a36f3afc9

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:18:17 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Oct 2021 12:12:10 GMT
Server: AkamaiNetStorage
ETag: "973e2603f46b719eecf8139c22b897a0:1633349530.816673"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3150
Expires: Mon, 22 Nov 2021 17:38:17 GMT

GET
H3 200 activityi;register_conversion=1;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%...
9917901.fls.doubleclick.net/ 0
0 38ms
37ms Image
text/html 142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://9917901.fls.doubleclick.net/activityi;register_conversion=1;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons?
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.74.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s02-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/dd5aaa8aa97c4dc08b6e1a6667aa2cea/ 43 B
423 B 396ms
100ms Image
image/gif 18.215.205.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/dd5aaa8aa97c4dc08b6e1a6667aa2cea/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.215.205.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-215-205-165.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:18:17 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,ff7841654d2be0564a0e5c8f5ea7160b,10.0.0.101,11096,194.36.110.171,,129897888168,1,1637601497.684,0.001,,.,0,0,0.000,0.004,-,0,0,203,185,92,10,26847,,,,,,-,
Content-Type: image/gif

GET
H2 200 rt.gif
jadserve.postrelease.com/ 43 B
427 B 656ms
224ms Image
image/gif 75.101.244.20
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/rt.gif?ntv_tg=144a780f77e546d7bd251e3287e19b9e&ord=[cache_buster]
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.101.244.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-75-101-244-20.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H3 200 pMiBMeZjwe_.css
www.facebook.com/rsrc.php/v3/yV/l/0,cross/ Frame 8CD7 19 KB
5 KB 29ms
29ms Stylesheet
text/css 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yV/l/0,cross/pMiBMeZjwe_.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

38664dc57070f64aeaabe58fb52dfef1f1084679499b738b87ee3188383d7745

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FHelloFreshUS%2F&tabs&width=500&height=214&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=488262888035165
Origin: https://www.facebook.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 15:59:31 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: pVk0OPE6Z8T/6BIPDyLkdA==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
content-length: 4950
x-fb-rlafr: 0
x-fb-debug: WnoFlKJPY8hrYE10kK40PUj7UA8gzuozAJq7ROEqqCwhdh9PI1TW74aWPvsg0+7cMRskO6HqYpebZB25Gy93eQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Mon, 21 Nov 2022 15:59:31 GMT

GET
H2 200 postmessageRelay Show response
accounts.google.com/o/oauth2/ Frame 985D 565 B
857 B 108ms
40ms Document
text/html 2a00:1450:4001:828::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fblog.hellofresh.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f4ac9e1f05d8084f3043de0e0c3b234e3fb9838f19a98880fb24bcb8178a947d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KC6oi/tdy9yqRJe3uqQAZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 22 Nov 2021 17:18:17 GMT
content-security-policy: script-src 'report-sample' 'nonce-KC6oi/tdy9yqRJe3uqQAZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 204 collect
analytics.google.com/g/ 0
341 B 108ms
36ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-43NCVZT4H8&gtm=2oeba1&_p=783963431&sr=1600x1200&_gaz=1&ul=en-us&cid=1726167273.1637601497&_s=1&dl=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&dt=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&sid=1637601496&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymize_ip=true&up.shopCountryCode=US
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-43NCVZT4H8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.hellofresh.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.hellofresh.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 49ms
24ms Ping
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-43NCVZT4H8&cid=1726167273.1637601497&gtm=2oeba1&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-43NCVZT4H8&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.hellofresh.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.hellofresh.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
501 B 397ms
329ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-43NCVZT4H8&cid=1726167273.1637601497&gtm=2oeba1&aip=1&z=1162837274

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 www-subscribe-embed_split_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame 233B 38 KB
6 KB 67ms
30ms Stylesheet
text/css 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC-6yCTCOYLO2WAj1-Pc9VsQ&layout=default&count=default&origin=https%3A%2F%2Fblog.hellofresh.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC-6yCTCOYLO2WAj1-Pc9VsQ&layout=default&count=default&origin=https%3A%2F%2Fblog.hellofresh.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 23:30:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 496088
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6066
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 16 Nov 2022 23:30:09 GMT

GET
H3 200 www-subscribe-embed_v0.js Show response
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame 233B 252 KB
72 KB 71ms
34ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC-6yCTCOYLO2WAj1-Pc9VsQ&layout=default&count=default&origin=https%3A%2F%2Fblog.hellofresh.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 10:57:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 541231
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73785
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 21:45:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 16 Nov 2022 10:57:46 GMT

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 407ms
99ms Image
image/gif 52.205.167.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1637601497231&plid=98414808&idsite=hellofresh.com&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&sref=&sts=1637601497227&slts=0&title=HelloFresh+Food+Blog+%7C+Get+Cooking+%7C+The+Fresh+Times&date=Mon+Nov+22+2021+17%3A18%3A17+GMT%2B0000+(GMT)&action=pageview&pvid=46010150&u=pid%3D2dcb3ae69d3c1660f7492d497a44c35f
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-167-202.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:18:17 GMT
Cache-Control: no-cache
Last-Modified: Monday, 22-Nov-2021 17:18:17 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 ijs_all_modules_cjs_min_8a99d8213d5b571cebd592369200e02b.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 608 KB
149 KB 59ms
19ms Script
text/javascript 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_8a99d8213d5b571cebd592369200e02b.js
Requested by: Host: tag.bounceexchange.com
URL: https://tag.bounceexchange.com/3055/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f79519a05f5d679d5120e103ad39229be4de8a2511119abd7ad688e7089b89d1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 18 Nov 2021 19:25:01 GMT
content-encoding: gzip
age: 337996
x-guploader-uploadid: ADPycdtm-uhyuygv_ixxEMPjrbsuBLV4AfnlB-F0ftiKYI648c-uOW7VH3xQA6BOoYA5JQCN56xk-fMN9Zq38m9-U9c
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 151493
last-modified: Thu, 18 Nov 2021 19:24:58 GMT
server: UploadServer
etag: "0b9fe903a931c7f9af1e72f4b5673aa8"
vary: Accept-Encoding
x-goog-hash: crc32c=K1Xrsg==, md5=C5/pA6kxx/mvHnL0tWc6qA==
x-goog-generation: 1637263498387281
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 151493
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 18 Nov 2022 19:25:01 GMT

GET
H2 200 wknd_cartridge.js Show response
d1n00d49gkbray.cloudfront.net/wknd/ 31 KB
12 KB 157ms
54ms Script
application/javascript 2600:9000:223d:bc00:9:7c30:be80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1n00d49gkbray.cloudfront.net/wknd/wknd_cartridge.js
Requested by: Host: tag.bounceexchange.com
URL: https://tag.bounceexchange.com/3055/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:bc00:9:7c30:be80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3c14a85edcb2dff04be402803007f92c7efa1518b4aa5cf1d7227ccce4b388c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 21 Nov 2021 20:30:49 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 21:09:00 GMT
server: AmazonS3
age: 74849
etag: W/"d8abc287ac6c917e510af690050bbae2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: WRO8Odo4khzvVibDd6jJ8FKtNGyibPv_
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: WG3uSZ2bLDu9aqX__LVDWr_XUyMocIs2VYiIGcvm5eT6jPAvjH7eYA==

GET
H3 200 identity.js Show response
connect.facebook.net/signals/plugins/ 64 KB
20 KB 58ms
29ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.48

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 20661
x-xss-protection: 0
pragma: public
x-fb-debug: AlS4xe6fD8bzXazjK9w3twOsdRb1l6EUNTEFI+cnM4FgwhDliY14DPsUuJB55ps9BqO7ZmJoyOink+mIPEGgDQ==
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 1498076160522011 Show response
connect.facebook.net/signals/config/ 306 KB
87 KB 111ms
82ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1498076160522011?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4ebec9c533a5636014a6dae5b1b84da1dbb81e624beaabc5f0467e81f546951

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: BmTkXYf3j5jngGkZ3hznwloD3FL6FxCFuLSgwhxQJw0P7IgzVpPzwGmRGU4hxvvXhkJ1/lUoZ5QJZU2mWEeD2g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/353676082/ 2 KB
1 KB 79ms
40ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/353676082/?random=1637601497263&cv=9&fst=1637601497263&num=1&value=0&label=52g2CL-m1P0CELLW0qgB&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&tiba=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&auid=1653176859.1637601497&capi=1&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

c8155aafb05f86a0bb7908446dbefefcca0a66ac025abcc5b7ca8ae65c96c8b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1330
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
353676082.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/353676082/ 0
0 107ms
39ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://353676082.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/353676082/?random=1637601497263&cv=9&fst=1637601497263&num=1&fmt=3&value=0&label=52g2CL-m1P0CELLW0qgB&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&tiba=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&auid=1653176859.1637601497&capi=1&hn=www.googleadservices.com&bttype=purchase&async=1
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 is_enabled Show response
tr.snapchat.com/collector/ 46 B
313 B 60ms
20ms Fetch
application/json 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/collector/is_enabled?pids=53a798a3-971f-49be-acce-0c085289e9f8

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

0fc716bcc1f8668e100be543df63af646abd035fb62c9a918e81e01b87400329

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
via: 1.1 google
server: nginx/1.17.3
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46

GET
H2 200 settings Show response
syndication.twitter.com/ Frame B3EB 232 B
447 B 169ms
123ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=fbceb57b79ad5ab236e8b449b01c060934d559ac

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fblog.hellofresh.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-response-time: 106
date: Mon, 22 Nov 2021 17:18:16 GMT
content-encoding: gzip
last-modified: Mon, 22 Nov 2021 17:18:17 GMT
server: tsa_f
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 57e8a02205d121e49c450919a6cc60cde194d0c6830a05a669d5fda422f2b43c
content-length: 166

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame B1A4 0
241 B 58ms
19ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=53a798a3-971f-49be-acce-0c085289e9f8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/

Response headers

server: nginx/1.17.3
date: Mon, 22 Nov 2021 17:18:17 GMT
content-type: text/html
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 p
tr.snapchat.com/ 68 B
303 B 55ms
26ms Image
image/png 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.snapchat.com/p?pid=53a798a3-971f-49be-acce-0c085289e9f8&ev=PAGE_VIEW&pl=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&ts=1637601497323&rf=&v=1.5&if=false&bt=__LIVE__&intg=gtm&u_c1=0bcf6fd4-00d9-464b-9865-dd608a00b4bc&m_sl=1179&m_rd=1251&m_pi=646&m_ic=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
via: 1.1 google
server: nginx/1.17.3
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-transform
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68

GET
H3 200 subscribe_button_branded_lozenge.png
www.youtube.com/s/subscriptions/subscribe_embed/img/ Frame 233B 156 B
179 B 29ms
29ms Image
image/png 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube.com/s/subscriptions/subscribe_embed/img/subscribe_button_branded_lozenge.png

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdb5ca36664e6906c51c4336873d7b45f29cb48c3b3188c853980813da650712

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 11:08:00 GMT
x-content-type-options: nosniff
last-modified: Fri, 18 Sep 2020 20:15:00 GMT
server: sffe
age: 540617
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 16 Nov 2022 11:08:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
125 B 258ms
155ms Image
image/gif 2a04:4e42:200::396
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1637601497340&id=t2_zl60f&event=PageVisit&m.itemCount=&m.value=&m.currency=&m.transactionId=&m.customEventName=&uuid=5cb22afa-dfea-49b9-81c6-339a112d6dbe&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_5b7866e3
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
via: 1.1 varnish
server: Varnish
accept-ranges: bytes
content-length: 42
retry-after: 0
content-type: image/gif

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/ Frame 233B 125 KB
41 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/cb=gapi.loaded_0

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47e867af65f2d1b9195a02f8253b1558dede4e962ba86192f5fbc84073e30d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 471550
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41872
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Nov 2022 06:19:07 GMT

GET
H2 200 796779910-postmessagerelay.js Show response
ssl.gstatic.com/accounts/o/ Frame 985D 10 KB
5 KB 96ms
29ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/796779910-postmessagerelay.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fblog.hellofresh.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04082cfaa14c7a04a29bf53810bda0de1aa03910090a4aeffb198f4e8bbf70d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 08:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292567
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4295
x-xss-protection: 0
last-modified: Mon, 15 Nov 2021 19:09:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
vary: Accept-Encoding
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 19 Nov 2022 08:02:10 GMT

GET
H3 200 rpc:shindig_random.js Show response
apis.google.com/js/ Frame 985D 13 KB
5 KB 105ms
104ms Script
application/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/rpc:shindig_random.js?onload=init

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4e54ee28a5547ad8b6c234e115d3ed0b321ab332d77b61f70623f1c372f30b7e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nT9VNdfh8dsMPZc4Pbl3rw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "6f449aa26cea2072179df60a69a77a57"
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-nT9VNdfh8dsMPZc4Pbl3rw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires: Mon, 22 Nov 2021 17:18:17 GMT

GET
H2 200 dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_sourc... Show response
adservice.google.com/ddm/fls/i/ Frame 12E1 661 B
965 B 140ms
70ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons

Requested by

Host: 9917901.fls.doubleclick.net
URL: https://9917901.fls.doubleclick.net/activityi;dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3778ce7fca48ad3d4453285ad5b6d6ca8df2eba1fe90c9af0da131d697441b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://9917901.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 22 Nov 2021 17:18:17 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 496
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 policy Show response
www.sjwoe.com/ 28 B
414 B 90ms
29ms XHR
application/json 2600:9000:2250:b000:7:f1a3:af00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sjwoe.com/policy
Requested by: Host: www.mczbf.com
URL: https://www.mczbf.com/tags/11058/tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:b000:7:f1a3:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4bfe3fd63b2ce813a2e3e1252146acf89e82d30222ca39161cf68086449cd64b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 11:07:58 GMT
via: 1.1 f49c99d2326b14738507e1c2ddcae1dc.cloudfront.net (CloudFront)
age: 22219
x-amzn-requestid: fc303b10-24a5-421e-98bb-dab7f8479ace
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=3600
x-amzn-trace-id: Root=1-619b7a0e-7325631802bd5ac9521af8ca;Sampled=0
x-amz-cf-pop: FRA60-P2
x-amz-apigw-id: JNACVEMkoAMFtcg=
content-length: 28
x-amz-cf-id: dP1gJz9DQBXbdtQ4qHX50jadLTqH983FPFLh3Hec5mXT2nXzot4pYQ==

GET
H3

200

/
www.google.co.uk/pagead/1p-conversion/353676082/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/353676082/?random=1569535300&cv=9&fst=1637601497263&num=1&value=0&label=52g2CL-m1P0CELLW0qgB&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&...
https://www.google.com/pagead/1p-conversion/353676082/?random=1569535300&cv=9&fst=1637601497263&num=1&value=0&label=52g2CL-m1P0CELLW0qgB&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_...
https://www.google.co.uk/pagead/1p-conversion/353676082/?random=1569535300&cv=9&fst=1637601497263&num=1&value=0&label=52g2CL-m1P0CELLW0qgB&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&...

42 B
64 B

89ms
50ms

Image
image/gif

2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-conversion/353676082/?random=1569535300&cv=9&fst=1637601497263&num=1&value=0&label=52g2CL-m1P0CELLW0qgB&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&tiba=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&auid=1653176859.1637601497&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=2dCbYca4EeyWx_APvd6hiAg&cid=CAQSKQCNIrLMRbexyXLyRbG9YbM1eEMldhNR8LjLDTcBcNEAxaBJJbqhZaOE&eitems=ChEIgJztjAYQwJbu18rzyLGiARIdAAILfLDwYmgPeo6G32TtOYsu8upLWP9rT1AziPM&random=1503447006&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAogIIkk0LBcP99j6lyfblDM2A41iDF9fmZxSfLxf0ivoY6zLNbWiSyoMHiAIeVrLC3VO5bGympq1D7YPiQFqDL

Requested by

Protocol

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.co.uk/pagead/1p-conversion/353676082/?random=1569535300&cv=9&fst=1637601497263&num=1&value=0&label=52g2CL-m1P0CELLW0qgB&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&tiba=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&auid=1653176859.1637601497&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=2dCbYca4EeyWx_APvd6hiAg&cid=CAQSKQCNIrLMRbexyXLyRbG9YbM1eEMldhNR8LjLDTcBcNEAxaBJJbqhZaOE&eitems=ChEIgJztjAYQwJbu18rzyLGiARIdAAILfLDwYmgPeo6G32TtOYsu8upLWP9rT1AziPM&random=1503447006&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAogIIkk0LBcP99j6lyfblDM2A41iDF9fmZxSfLxf0ivoY6zLNbWiSyoMHiAIeVrLC3VO5bGympq1D7YPiQFqDL
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.6ae4a9fc.js Show response
s.pinimg.com/ct/lib/ 54 KB
19 KB 174ms
174ms Script
application/javascript 2a02:26f0:fb:599::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.6ae4a9fc.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:fb:599::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 06def5f53a1116e6a7f4ecab814748f1b7d9a7fde199d96f80c233877f2c46a4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "9850391ff02e4a98b00efa3acfbbbb10"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
x-fallback: 21f0e36-95.100.153.103
accept-ranges: bytes
content-length: 18814
access-control-expose-headers: X-CDN

GET
H/1.1 200
OK tv2track.php
collector-905.tvsquared.com/ 42 B
276 B 112ms
112ms Image
image/gif 3.13.222.229
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collector-905.tvsquared.com/tv2track.php?action_name=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&idsite=TV-099045-1&rec=1&r=264701&h=17&m=18&s=17&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&_id=ba2cbc5364d30bf6&_idts=1637601497&_idvc=0&_idn=1&_viewts=&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=32
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.13.222.229 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-13-222-229.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:18:17 GMT
Server: nginx
Connection: keep-alive
Request-Id: b3976822-98b9-424e-9f2c-78455c5fe100
P3p: CP='OTI DSP COR NID STP UNI OTPa OUR'
Content-Length: 42
Content-Type: image/gif

POST
H2 404 token Show response
blog.hellofresh.com/gw/auth/ 38 KB
8 KB 187ms
187ms XHR
text/html 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.hellofresh.com/gw/auth/token?client_id=senf&grant_type=client_credentials&scope=public&locale=en-US&country=us
Requested by: Host: web-chat-tag-cdn.s3.eu-west-1.amazonaws.com
URL: https://web-chat-tag-cdn.s3.eu-west-1.amazonaws.com/Brie/chat.js.gz
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx / WP Engine
Resource Hash: 746c1ade2d2ba3ab043e1fb420dbeaf28728554cfb5b638a693f07958a2fd6bb

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: br
server: nginx
x-powered-by: WP Engine
vary: Accept-Encoding, Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://blog.hellofresh.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H/1.1 200
OK pageInfo
www.mczbf.com/11058/ 68 B
0 127ms
68ms Fetch
image/png 2600:9000:2156:be00:16:4ed5:12c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mczbf.com/11058/pageInfo
Requested by: Host: www.mczbf.com
URL: https://www.mczbf.com/tags/11058/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:be00:16:4ed5:12c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Referer: https://blog.hellofresh.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Mon, 22 Nov 2021 17:18:17 GMT
Via: 1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
Server: nginx
X-Amz-Cf-Pop: FRA50-C1
X-Cache: Miss from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: no-store
Connection: keep-alive
Content-Length: 68
X-Amz-Cf-Id: MWgR8RguXUr8Ax5g4h-Cf7DtnWo1DscnpGGCMc_RoDoIHQKQ9n9qlg==
X-Request-ID: 2ef1644c-4bb8-11ec-8cc3-5f07f09b25a5

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 29ms
29ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1498076160522011&ev=PageView&dl=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&rl=&if=false&ts=1637601497504&cd[subscription_id]=undefined&sw=1600&sh=1200&ud[external_id]=eb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c&v=2.9.48&r=stable&ec=0&o=62&fbp=fb.1.1637601497503.972464998&it=1637601497260&coo=false&exp=p1&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 22 Nov 2021 17:18:17 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/ Frame 985D 51 KB
18 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaf4e6412ae84f49997de84662d9e9dfd927c49ebdfd28ffc67ec072f3550288

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 20:09:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 508118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18237
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Nov 2022 20:09:39 GMT

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
239 B 364ms
85ms Script
application/javascript 70.42.32.63
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to

Full URL: https://tr.outbrain.com/cachedClickId?marketerId=00c7dd254fc1b60ba6a32cd12518f99866
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.63 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
X-TraceId: 307b95a416a41345f2dc2451d822740d
Content-Length: 56
Content-Type: application/javascript

GET
H/1.1 200
OK unifiedPixel
tr.outbrain.com/ 43 B
256 B 363ms
89ms Image
image/gif 70.42.32.63
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.outbrain.com/unifiedPixel?marketerId=00c7dd254fc1b60ba6a32cd12518f99866&obApiVersion=1.1&obtpVersion=1.5.2&name=PAGE_VIEW&dl=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&optOut=false&bust=019147349340773956
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.63 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:18:17 GMT
Cache-Control: no-cache
X-TraceId: aa53e700749218c466cfcb65aca489ec
content-encoding: gzip
Content-Length: 60
Content-Type: image/gif;

GET
H/1.1 200
OK button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js Show response
platform.twitter.com/js/ 7 KB
3 KB 49ms
49ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CF5) /
Resource Hash: 186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 17:18:17 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Oct 2021 18:31:51 GMT
Server: ECS (mil/6CF5)
Age: 409809
Etag: "e8090d17c9828f5a217bebb39dd3e689+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2294

GET
H3 200 cb=gapi.loaded_2 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=gapi_iframes_style_bubble/exm=auth,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/ 28 KB
9 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=gapi_iframes_style_bubble/exm=auth,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/cb=gapi.loaded_2

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d76d39d051a4de7b92b84002000cb998c45d1456aaaac56178c781dcb9cf2c30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 15:55:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 436953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9533
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Nov 2022 15:55:44 GMT

GET
H2 200 identify.js Show response
analytics.tiktok.com/i18n/pixel/ 114 KB
31 KB 187ms
186ms Script
application/javascript 2.16.186.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/identify.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C09GJJ5OQ3DFKFN94O00&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.123 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-123.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-akamai-request-id: f75e9ee.2345cb9f
date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-64-122-127.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-16-186-119.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-parent-response-time: 158,2.16.186.119
server-timing: cdn-cache; desc=MISS, edge; dur=153, origin; dur=5, inner; dur=3
pragma: no-cache
server: nginx
x-tt-logid: 20211122171817010251058182083CB212
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 5,23.64.122.127
x-tt-trace-host: 01b7d9b932a5e257c6ac0dece02bd089ab898478f527475998c46ff99873f940ac84e5e86a64073b1f8670de1bed1587d662fd6243406d2c32c804e5e3e936c330f8754da466b758f151e6af94d3241e47e456753f7b0dbf57304aa86e8170b6047b34148995af4066224205f5075b9a54
expires: Mon, 22 Nov 2021 17:18:17 GMT

GET
H2 200 config.js Show response
analytics.tiktok.com/i18n/pixel/ 709 B
1 KB 192ms
192ms Script
application/javascript 2.16.186.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/config.js?sdkid=C09GJJ5OQ3DFKFN94O00&hostname=blog.hellofresh.com
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C09GJJ5OQ3DFKFN94O00&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.123 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-123.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 3da1891882eef177db88ceeb43536093319d35e3f4f90043c06333caa7d04e61

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-akamai-request-id: 25cea14d.2345cc2f
date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-64-122-135.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-16-186-119.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-parent-response-time: 161,2.16.186.119
server-timing: cdn-cache; desc=MISS, edge; dur=154, origin; dur=8, inner; dur=3
content-length: 324
pragma: no-cache
server: nginx
x-tt-logid: 20211122171817010245130131073C9FDA
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 8,23.64.122.135
x-tt-trace-host: 01b7d9b932a5e257c6ac0dece02bd089ab898478f527475998c46ff99873f940acfba2d15bf5d0ea2dfdd609f116582f943b4517461e6d2f104c044517db244130b2e30128dc16bc7cf19108732309f17e4e90a880b988ddf288a063660435ffb009c122814fbb424003712b45dbab3b53
expires: Mon, 22 Nov 2021 17:18:17 GMT

GET
H2 200 config.js Show response
analytics.tiktok.com/i18n/pixel/ 698 B
1 KB 191ms
191ms Script
application/javascript 2.16.186.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/config.js?sdkid=C17QSE3D7BBN20GTF5HG&hostname=blog.hellofresh.com
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C09GJJ5OQ3DFKFN94O00&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.123 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-123.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 03acce15541b856dcf4395f1c0bdcff32328527cb9686ff413b7b7eb4ca1ecdf

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-akamai-request-id: 544765b3.2345cc32
date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-64-122-140.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-16-186-119.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-parent-response-time: 159,2.16.186.119
server-timing: cdn-cache; desc=MISS, edge; dur=153, origin; dur=8, inner; dur=4
content-length: 318
pragma: no-cache
server: nginx
x-tt-logid: 2021112217181701024514110727D8A12F
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 8,23.64.122.140
x-tt-trace-host: 01b7d9b932a5e257c6ac0dece02bd089ab898478f527475998c46ff99873f940acd41955c78522bf683f11e1c7765481fb6e0aa1f1cc69f88d16a85d9d1957a06f6c3aaadcd635d39400aedb237e9c4bb21833c42343a9f820d5507731677cc1f165a46bec92ee70ff9722dcefa13401f3
expires: Mon, 22 Nov 2021 17:18:17 GMT

GET
H2 200 dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_sourc... Show response
adservice.google.co.uk/ddm/fls/i/ Frame FA27 194 B
870 B 140ms
73ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/ddm/fls/i/dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMiTlfy8rPQCFVU4GwodXZwCSA;src=9917901;type=ros;cat=us_ros;ord=1569283785401;gtm=2wgba1;auiddc=1653176859.1637601497;u5=%2F;u6=ros;ps=1;~oref=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 22 Nov 2021 17:18:17 GMT
expires: Mon, 22 Nov 2021 17:18:17 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 track.gif
azetbd4r.micpn.com/p/cp/-1/ 42 B
621 B 190ms
190ms Image
image/gif 18.66.139.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://azetbd4r.micpn.com/p/cp/-1/track.gif?t=1637601497615&mi_u=anon-1637601497614-7225494218&mi_cid=6571&page_title=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&event_type=pageview&cdate=1637601497614&ck=false&anon=true
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-cache: Miss from cloudfront
content-type: image/gif
access-control-allow-origin: https://app.movableink.com
access-control-expose-headers: X-Error
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
content-length: 42
x-amz-cf-id: C8v8zYOv_s97SeiiiAOXp61ej168xc_hscewMaIZGGP7TpzU11ygBg==
x-uuid: f82bdfdc-6baf-4f4e-ab8e-f42e4269783d

GET
H/1.1 200
OK / Show response
data.cdnbasket.net/ 57 B
406 B 360ms
106ms XHR
application/json 35.201.112.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_8a99d8213d5b571cebd592369200e02b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.201.112.202 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 202.112.201.35.bc.googleusercontent.com
Software: /
Resource Hash: 5a14c8618da40239f696eb554c5d0d3bd974bf10a9513da02d56080f608f738d

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Nov 2021 17:18:17 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
page.cdnbasket.net/ 57 B
406 B 818ms
108ms XHR
application/json 35.227.235.114
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://page.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_8a99d8213d5b571cebd592369200e02b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.227.235.114 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 114.235.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 5850c33fcffcf8e021d2ee631642da8ed76cc09c9f996804bb9cdb7f72726558

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Nov 2021 17:18:18 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
view.cdnbasket.net/ 57 B
406 B 838ms
106ms XHR
application/json 35.201.113.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://view.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_8a99d8213d5b571cebd592369200e02b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.201.113.243 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.113.201.35.bc.googleusercontent.com
Software: /
Resource Hash: 51a6e976953212fdb46132c6a5778f28f4522cafbb2593e46e6627a23d1375ec

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Nov 2021 17:18:18 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H2 200 local_storage_frame16.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame 4A72 2 KB
1 KB 19ms
18ms Document
text/html 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_8a99d8213d5b571cebd592369200e02b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/

Response headers

x-guploader-uploadid: ADPycdvdzudwDbaIR3gwYaikhtS1Txnp16oI0Nv1GWfUafeptZ0MHRycTBmVzs0CLBMHjLdfzFclcBFc5F5dP37MJvM
date: Wed, 17 Nov 2021 01:49:24 GMT
expires: Thu, 17 Nov 2022 01:49:24 GMT
last-modified: Mon, 25 Oct 2021 14:15:20 GMT
etag: "a292f6ab7772a1b30b3346788c37fd6d"
x-goog-generation: 1635171319898846
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1055
content-type: text/html; charset=UTF-8
content-encoding: gzip
x-goog-hash: crc32c=LzcDzg== md5=opL2q3dyobMLM0Z4jDf9bQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1055
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
server: UploadServer
age: 487733
cache-control: public,max-age=31536000
alt-svc: clear

GET
H2 200 / Show response
ct.pinterest.com/user/ 509 B
748 B 82ms
34ms XHR
application/json 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2617663505069&pd=%7B%22np%22%3A%22gtm%22%2C%22aem_enabled%22%3Afalse%2C%22gtm_aem_configs%22%3A%5B%5D%7D&cb=1637601497669
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6ae4a9fc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 07d37037fac00adaab8d3068112bf139d2249facc615e9fc6674ce90f103f48c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
referrer-policy: origin
x-cdn: fastly
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.hellofresh.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
pin-unauth: dWlkPVlqZGtaak01TldZdE4yVTRZUzAwTlRVNExXRXpOell0WkdZd1l6RXpZamRpTnpOaQ
x-pinterest-rid: 6657175431007118
x-envoy-upstream-service-time: 2
access-control-allow-credentials: true
content-length: 364
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
91 B 35ms
35ms Image
image/gif 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2617663505069&pd=%7B%22np%22%3A%22gtm%22%2C%22aem_enabled%22%3Afalse%2C%22gtm_aem_configs%22%3A%5B%5D%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%226ae4a9fc%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1637601497670
Requested by: Host: blog.hellofresh.com
URL: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 2
x-pinterest-rid: 1765492969019525
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET

trigger-attribution
www.pinterest.com/.well-known/attribution-reporting/
Redirect Chain

https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2617663505069&pd=%7B%22np%22%3A%22gtm%22%2C%22aem_enabled%22%3Afalse%2C%22gtm_aem_configs%22%3A%5B%5D%7D&ad=%7B%22loc%...
https://www.pinterest.com/.well-known/attribution-reporting/trigger-attribution/redirect?trigger-data=0&priority=22
https://www.pinterest.com/.well-known/attribution-reporting/trigger-attribution?trigger-data=0&priority=22

0
0

GET
H3 200 subscribe_embed Show response
www.youtube.com/ Frame E52D 601 B
288 B 58ms
58ms Document
text/html 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC-6yCTCOYLO2WAj1-Pc9VsQ&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/cb=gapi.loaded_0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dc4bf7d19c478a0508332a2303ea212bf99e31407fcbf09236aec4a1ba2aa834

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 22 Nov 2021 17:18:17 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 border_3.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 43 B
65 B 72ms
34ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/border_3.gif

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 05:44:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 473603
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/gif
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 17 Nov 2022 05:44:54 GMT

GET
H3 200 spacer.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 43 B
65 B 70ms
33ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/spacer.gif

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 11:23:48 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 539669
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/gif
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 16 Nov 2022 11:23:48 GMT

GET
H3 200 bubbleSprite_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 318 B
341 B 68ms
34ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 05:32:36 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 474341
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 318
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 17 Nov 2022 05:32:36 GMT

GET
H3 200 bubbleDropR_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 116 B
139 B 66ms
32ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 20:12:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 507923
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 16 Nov 2022 20:12:54 GMT

GET
H3 200 bubbleDropB_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 117 B
140 B 67ms
34ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 16:04:39 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 436418
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 17 Nov 2022 16:04:39 GMT

GET
H/1.1 200
OK follow_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html Show response
platform.twitter.com/widgets/ Frame 04A1 36 KB
14 KB 49ms
49ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CF5) /
Resource Hash: 97fea9dcfcea4baf6f72f7228a1a50560a67c9e3d1a82582d9d41f11085631f6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 409802
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Nov 2021 17:18:17 GMT
Etag: "c645eaa597e9d4a92f2a306087a45087+gzip"
Last-Modified: Mon, 18 Oct 2021 18:31:53 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (mil/6CF5)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 13629

POST
H2 204 / Show response
ct.pinterest.com/md/ 0
198 B 67ms
28ms XHR
text/plain 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/md/
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6ae4a9fc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.hellofresh.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:17 GMT
referrer-policy: origin
x-cdn: fastly
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 1
x-pinterest-rid: 3228488899603669
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 www-subscribe-embed-card_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame E52D 9 KB
2 KB 30ms
29ms Stylesheet
text/css 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed-card_v0.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC-6yCTCOYLO2WAj1-Pc9VsQ&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC-6yCTCOYLO2WAj1-Pc9VsQ&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 05:51:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 473237
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2447
x-xss-protection: 0
last-modified: Wed, 25 Nov 2020 01:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 17 Nov 2022 05:51:00 GMT

GET
H3 200 www-subscribe-embed-card_v0.js Show response
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame E52D 149 KB
44 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC-6yCTCOYLO2WAj1-Pc9VsQ&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.7Qaqnm_1sO0.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ%2Fm%3D__features__
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 11:01:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 454614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44975
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 21:45:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 17 Nov 2022 11:01:23 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
738 B 199ms
199ms Ping
application/octet-stream 2.16.186.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C09GJJ5OQ3DFKFN94O00&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.123 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-123.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.hellofresh.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: edd2b29c.2345cf07
date: Mon, 22 Nov 2021 17:18:17 GMT
x-cache-remote: TCP_MISS from a23-64-122-111.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
upstream-caught: 1637601497858622
x-cache: TCP_MISS from a2-16-186-119.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-parent-response-time: 170,2.16.186.119
server-timing: cdn-cache; desc=MISS, edge; dur=153, origin; dur=17, inner; dur=12
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202111221718170102510581821C3BFA55
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 17,23.64.122.111
x-tt-trace-host: 01b7d9b932a5e257c6ac0dece02bd089ab898478f527475998c46ff99873f940ac5982ef9664a230ccc4d8496bea6cb919e611391fcc532d458d1ae8a7dec56cf464c00794f331b94c1413072af9232938a10e94b7a78d0a75951b8d789e118b845ea81c3faad3f81d188661b54794e9e9
expires: Mon, 22 Nov 2021 17:18:17 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
737 B 243ms
243ms Ping
application/octet-stream 2.16.186.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C09GJJ5OQ3DFKFN94O00&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.123 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-123.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.hellofresh.com/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 792f0a89.2345cf0c
date: Mon, 22 Nov 2021 17:18:17 GMT
x-cache-remote: TCP_MISS from a23-64-122-118.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
upstream-caught: 1637601497857518
x-cache: TCP_MISS from a2-16-186-119.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-parent-response-time: 212,2.16.186.119
server-timing: cdn-cache; desc=MISS, edge; dur=149, origin; dur=63, inner; dur=60
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2021112217181701024524413800F1276A
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 63,23.64.122.118
x-tt-trace-host: 01b7d9b932a5e257c6ac0dece02bd089ab898478f527475998c46ff99873f940ac350a19136c47bd6a0ffef89f688ac09dec04483f6443705e441eb21516d60c3f144ba5d569c68ba2d708cda9b102660fd089e6c78f71ac80911735394d6b2c5f8a916b8283e090a972f8017a3f55bc61
expires: Mon, 22 Nov 2021 17:18:17 GMT

GET
DATA 200
OK truncated
/ Frame 04A1 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/ Frame E52D 125 KB
41 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/cb=gapi.loaded_0

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47e867af65f2d1b9195a02f8253b1558dede4e962ba86192f5fbc84073e30d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 06:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 471550
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41872
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Nov 2022 06:19:07 GMT

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
357 B 131ms
130ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.hellofresh.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Awithcount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1637601497928%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22f001879%3A1634581029404%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 113
pragma: no-cache
last-modified: Mon, 22 Nov 2021 17:18:17 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 57e8a02205d121e49c450919a6cc60cde194d0c6830a05a669d5fda422f2b43c
x-transaction: 0f94f338ec8432c4
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 01F4 0
15 B 29ms
29ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://blog.hellofresh.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://blog.hellofresh.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Mon, 22 Nov 2021 17:18:18 GMT

GET
H2

200

ct.html Show response
www.pinterest.co.uk/ Frame 98E3
Redirect Chain

https://www.pinterest.com/ct.html
https://www.pinterest.co.uk/ct.html

413 B
4 KB

197ms
195ms

Document
text/html

151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pinterest.co.uk/ct.html

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.6ae4a9fc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7e53755f1f85a35049cd4ff8d6278516aa79538f50d78070e26f873c4cb23454

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' blob: data: .pinimg.com .pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net .adyen.com .adyenpayments.com; img-src * data: blob:; script-src 'nonce-09410b72183fe9ed73af0403c12e2897' 'strict-dynamic' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' .pinimg.com .pinterest.com accounts.google.com .facebook.com .dropboxapi.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com .cedexis.com .cedexis-radar.net blob: .tvpixel.com api.pinadmin.com .live-video.net; media-src 'self' .pinimg.com blob: data: .live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' .google.com .pinimg.com .pinterest.com .pinterdev.com .facebook.com content.googleapis.com .adyen.com .youtube.com .ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net .fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-co-uk.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1782922709573360; frame-ancestors *
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/

Response headers

x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-ua-compatible: IE=edge
expect-ct: max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/"
p3p: CP="This is not a P3P policy. See https://www.pinterest.com/_/_/help/articles/pinterest-and-p3p for more info."
content-security-policy: default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-09410b72183fe9ed73af0403c12e2897' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-co-uk.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1782922709573360; frame-ancestors *
content-security-policy-report-only: script-src 'nonce-09410b72183fe9ed73af0403c12e2897' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
link: <https://i.pinimg.com>; rel=preconnect; crossorigin=anonymous, <https://s.pinimg.com>; rel=preconnect; crossorigin=anonymous, <https://v.pinimg.com>; rel=preconnect; crossorigin=anonymous
x-envoy-upstream-service-time: 97
content-encoding: gzip
referrer-policy: origin
x-pinterest-rid: 1782922709573360
date: Mon, 22 Nov 2021 17:18:18 GMT
vary: User-Agent, Accept-Encoding
x-cdn: fastly
pinterest-generated-by: coreapp-webapp-prod-0a03cd9d
pinterest-version: 6eab8f3

Redirect headers

x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-ua-compatible: IE=edge
expect-ct: max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/"
location: https://www.pinterest.co.uk/ct.html
x-envoy-upstream-service-time: 109
content-encoding: gzip
referrer-policy: origin
x-pinterest-rid: 2202172729558014
date: Mon, 22 Nov 2021 17:18:18 GMT
vary: User-Agent, Accept-Encoding
x-cdn: fastly
pinterest-generated-by: coreapp-webapp-prod-0a03c7e5
pinterest-version: 6eab8f3

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
14 KB 43ms
42ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-DBTX

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14378
x-xss-protection: 0
server: cafe
etag: 684346926396516684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 22 Nov 2021 17:18:18 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 15 KB
6 KB 100ms
34ms Script
application/javascript 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

759d6f0c1292d86d24d7abe7ad9a2cd1d86df0041260f98186ccfa26c7daab62

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Mon, 22 Nov 2021 17:17:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 5652
x-amz-id-2: WGWsywv5cwwy0A8gp/aWX2xSd02Yc5DgnzxhH5LKFlV27W/wexxxDnfA/g8YtvLp0OqHxU+XiVw=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Sat, 10 Dec 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Thu, 04 Nov 2021 15:26:13 GMT
server: ATS
etag: "146f99405588b7446958a732612c901d-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: K2R2G8BAWJVEG9BM
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
x-amz-version-id: pCmRUUjnQE9zqMEfVdrNnyYpaPAyW8Do
accept-ranges: bytes
content-type: application/javascript

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1002989030/ 3 KB
1 KB 84ms
47ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1002989030/?random=1637601498167&cv=9&fst=1637601498167&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&tiba=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2ddda3f26cc7bf10f3d8c5091d66b63f1d77729d3f9e1c5e98651affc0e5684

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1134
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 10021239.json Show response
s.yimg.com/wi/config/ 2 B
485 B 487ms
422ms XHR
application/json 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10021239.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: VDZCPRH1Q9F0B29Y
x-amz-id-2: yzelX2Qe2XRS2ngmKUGfPJEoCzvfl6t49LbVQ1yUziTmG0Omco/v7zub6NtarBG3iCnxFHEwXBE=
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
content-length: 22

GET
H3 200 /
www.google.com/pagead/1p-user-list/1002989030/ 42 B
64 B 49ms
49ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1002989030/?random=1637601498167&cv=9&fst=1637600400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&frm=0&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&tiba=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&async=1&fmt=3&is_vtc=1&random=1595482760&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.co.uk/pagead/1p-user-list/1002989030/ 42 B
64 B 43ms
43ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/1002989030/?random=1637601498167&cv=9&fst=1637600400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&frm=0&url=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&tiba=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&async=1&fmt=3&is_vtc=1&random=1595482760&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 c Show response
ids.cdnwidget.com/ 31 B
203 B 161ms
121ms XHR
application/json 34.107.191.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=d295a143e3b5686c80593dc432671247&SCH1=&GCS1=043135244&GCS2=MzZmYzBkOGYtZTgzMi00OGIxLWIyYzAtMTRlYjZjOWRjMDlmLmxvY2Fs&pe=false&wsid=3055&varID=0123&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A3055%2C%22loadID%22%3A%222gEID8gKa7Fe6bG%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A11%2C%22IDStageStart%22%3A11%2C%22netComplete%22%3A197%2C%22obsReqdata%22%3A376%2C%22obsReqpage%22%3A835%2C%22obsReqview%22%3A854%2C%22IDStagePrefire%22%3A855%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Atrue%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A0%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%7D
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_8a99d8213d5b571cebd592369200e02b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.191.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.191.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 6627c5ab36fa407f18fc9b6987e359eccef005ae6d35b370d2142b7daa770324

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: https://blog.hellofresh.com
date: Mon, 22 Nov 2021 17:18:18 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 204 /
www.pinterest.co.uk/_/_/csp_report/ Frame 98E3 0
3 KB 130ms
129ms Other
text/plain 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pinterest.co.uk/_/_/csp_report/?rid=1782922709573360

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' blob: data: .pinimg.com .pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net .adyen.com .adyenpayments.com; img-src * data: blob:; script-src 'nonce-e3d13a9478db6bb309124f019f500653' 'strict-dynamic' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' .pinimg.com .pinterest.com accounts.google.com .facebook.com .dropboxapi.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com .cedexis.com .cedexis-radar.net blob: .tvpixel.com api.pinadmin.com .live-video.net; media-src 'self' .pinimg.com blob: data: .live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' .google.com .pinimg.com .pinterest.com .pinterdev.com .facebook.com content.googleapis.com .adyen.com .youtube.com .ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net .fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-co-uk.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=6394630101419853; frame-ancestors 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.pinterest.co.uk/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
pinterest-generated-by: coreapp-webapp-prod-0a03994c
x-cdn: fastly
content-security-policy-report-only: script-src 'nonce-e3d13a9478db6bb309124f019f500653' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly
x-envoy-upstream-service-time: 29
x-pinterest-rid: 6394630101419853
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: origin
x-frame-options: SAMEORIGIN
date: Mon, 22 Nov 2021 17:18:18 GMT
expect-ct: max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/"
vary: User-Agent, Accept-Encoding
pinterest-version: 6eab8f3
content-security-policy: default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-e3d13a9478db6bb309124f019f500653' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-co-uk.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=6394630101419853; frame-ancestors 'self'
timing-allow-origin: https://www.pinterest.co.uk

POST
H2 204 /
www.pinterest.co.uk/_/_/csp_report/ Frame 98E3 0
3 KB 132ms
131ms Other
text/plain 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pinterest.co.uk/_/_/csp_report/?reportonly

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' blob: data: .pinimg.com .pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net .adyen.com .adyenpayments.com; img-src * data: blob:; script-src 'nonce-9bbf9b0d816d4c85d6d2053e36a0eff6' 'strict-dynamic' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' .pinimg.com .pinterest.com accounts.google.com .facebook.com .dropboxapi.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com .cedexis.com .cedexis-radar.net blob: .tvpixel.com api.pinadmin.com .live-video.net; media-src 'self' .pinimg.com blob: data: .live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' .google.com .pinimg.com .pinterest.com .pinterdev.com .facebook.com content.googleapis.com .adyen.com .youtube.com .ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net .fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-co-uk.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=4288691877172856; frame-ancestors 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.pinterest.co.uk/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
pinterest-generated-by: coreapp-webapp-prod-0a011044
x-cdn: fastly
content-security-policy-report-only: script-src 'nonce-9bbf9b0d816d4c85d6d2053e36a0eff6' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly
x-envoy-upstream-service-time: 30
x-pinterest-rid: 4288691877172856
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: origin
x-frame-options: SAMEORIGIN
date: Mon, 22 Nov 2021 17:18:18 GMT
expect-ct: max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/"
vary: User-Agent, Accept-Encoding
pinterest-version: 6eab8f3
content-security-policy: default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-9bbf9b0d816d4c85d6d2053e36a0eff6' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-co-uk.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=4288691877172856; frame-ancestors 'self'
timing-allow-origin: https://www.pinterest.co.uk

POST
H2 204 /
www.pinterest.co.uk/_/_/csp_report/ Frame 98E3 0
3 KB 134ms
134ms Other
text/plain 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pinterest.co.uk/_/_/csp_report/?reportonly

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' blob: data: .pinimg.com .pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net .adyen.com .adyenpayments.com; img-src * data: blob:; script-src 'nonce-a242c2082ac4256b9badd557741a86b5' 'strict-dynamic' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' .pinimg.com .pinterest.com accounts.google.com .facebook.com .dropboxapi.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com .cedexis.com .cedexis-radar.net blob: .tvpixel.com api.pinadmin.com .live-video.net; media-src 'self' .pinimg.com blob: data: .live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' .google.com .pinimg.com .pinterest.com .pinterdev.com .facebook.com content.googleapis.com .adyen.com .youtube.com .ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net .fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-co-uk.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1440962539595057; frame-ancestors 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.pinterest.co.uk/
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
pinterest-generated-by: coreapp-webapp-prod-0a039a73
x-cdn: fastly
content-security-policy-report-only: script-src 'nonce-a242c2082ac4256b9badd557741a86b5' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly , script-src 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'; default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; frame-src *; img-src * data: blob:; connect-src *; worker-src * blob:; report-uri /_/_/csp_report/?reportonly
x-envoy-upstream-service-time: 33
x-pinterest-rid: 1440962539595057
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
referrer-policy: origin
x-frame-options: SAMEORIGIN
date: Mon, 22 Nov 2021 17:18:18 GMT
expect-ct: max-age=86400, report-uri="https://www.pinterest.com/_/_/expect_ct_report/"
vary: User-Agent, Accept-Encoding
pinterest-version: 6eab8f3
content-security-policy: default-src 'self' 'unsafe-inline' blob: data: *.pinimg.com *.pinterest.com accounts.google.com fonts.gstatic.com fonts.googleapis.com use.typekit.net *.adyen.com *.adyenpayments.com; img-src * data: blob:; script-src 'nonce-a242c2082ac4256b9badd557741a86b5' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline' blob:; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.tvpixel.com api.pinadmin.com *.live-video.net; media-src 'self' *.pinimg.com blob: data: *.live-video.net; object-src 'self'; form-action 'self'; frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com content.googleapis.com *.adyen.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call www.recaptcha.net www-pinterest-co-uk.cdn.ampproject.org; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1440962539595057; frame-ancestors 'self'
timing-allow-origin: https://www.pinterest.co.uk

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 2 KB
2 KB 89ms
48ms Script
text/javascript 34.117.4.53
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYBmAdkIAZ8AWATgA5CBWJzYALxCgswHcBTAEY5UwfgH1UAEyjEKLTACd+OEABs4aDAUoUAHvgBMFHspj9FyxVGwBDNWtQIA5uLiK1UABbBgABxwAUmIAQUDDADFwiME1EGcAOi9+BxAYZRwvBKQQAFto4IjNXPFVdyR+YIARWxRUADdKw0Ji8Vz+KVQ4fOIq-lzbVDVwluASpFtcv0HnBGqcexUzC3TUfgQpAFoMQRBbRU6XcXwcYABZfnsAYS8QVArxAAkIs-2Aa35gUvc-RVQcJqEHB+fgwaojVo5BBiaHzEBIVD2SRQnCYer-UTiHIgN5rKCBUgAIXChjUfhJwTChkMPn8QUMTFC4SYkWZkVi8SSKTi6RUWRy+QZrIZxCKY1KIHKTUZNTqjTZoxK7U63WZvX6g2GQsVWMm01QszVVQWaiWoJWf3WWx2ewOTlcJ3OlzUNzuD2er0UHy+OB+fwBCuBoKNCshGBhwCNqgRSPuGHphnCVxJigpTOpFMMyep-D0aZCRDIlGIhlo5EI+AJVWwIBxeIJxOp9XzDZJ-EainEcWczg6kjmGdCMHsAazJN9glyojEUnE8dETUTQ5HTWzhncaixkr8GHzw7Uo7XaXMqcHIX3h5JfjUtgQ-d1ikjZ4vq5JoGASM6OByiCfS-PK5JiSP47neORSIulIvkB1LAIotQfLOIG7s+gFjtSAK2KoCBIjgbxwHuaFrtet7iDh7SEQer4YfhlGXtSZIttStIBJSAD0bEcokySpLymTZHkbGFK0ZSKBU1S1Gg8rNK0ypdD0fQDEMELihMUwzHMvQmmaJ6rFa2wILs+yHA6pwXNctz3BIHrvJ83yKL8-yAkGYK9Cp4zhuskZafCiKbnGCAJjBhhfj+0JtCoCy9nR1GGIIejiHBBq9p2uZiIoOGbpJ6ADv+0HoYYOC5Dgc5+F8TgxcFIKdrseaoVRwUIN0ggWHOMDiLVKiVaQVTBVIzgRKgiinAAMnsUj5nBcCVD1aL7DgADa3a9rOTgALqwCuc3DQt7atctfbrZtVHbYtE5Tr4fbzmIG0vqdC0blucCgbdW31PNC3HhYr0ne9O0kXeTgPsAP0AvdoWSuF2XvTOoP8Pd76fv8YUg8dYN-YtyFgSAEFwwj8FIIhT0vWj8MYwtmHYbh+F4+TANkZM-C0x9eFwMzO0TMg3J9u0uQtYo7OLdDEi8-zgsLRMj7iLm-zADg4tkhtLFBKEHFcVyvEZPygnCeKonib0wvuRFKoKRqykyapeoafMiw4Msih6RsBlGXaRyOuZLqWe6Ly2T6fpOSMLngpbHnQl5cIxv5KLg8jkNfO0OBRUzpP3fFiV-D2rVpRYmXiNlGDi0VJUgGV-bi89zjwRBUhfZ2yjQ7YsOp+TCAgPUkpIMkqUdlX-DrG1J7i9VHUgHo4tNXzrVpKPegqLTEEwA9HjE4XLeL59MBD+voILfTQOS6jd31BviObhDv4L7vWNbrjO9L3BCF9ljV9L-T5Ep8fG+s6-C0X+Fidk6-3TklLOqU9DpTzgXBAv9i6lXKjA++e9Wq1V-pPfmbVZ7z1TtiXEEhQAgC7PsXsqdBB+G4JgT45CFoACJD40IADR0KbvwZwIBFAAE9GF0OSITSUwBuG3HaNw34OM4AoBoWtTAZU8A1imI4W8DwYA3mcDYeoXhbBQCAA
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_8a99d8213d5b571cebd592369200e02b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.4.53 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 53.4.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 5d23aea324f805ba409736226926f83c8d3511dc45983c4180d22bbe6f7e56bd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:18 GMT
content-encoding: gzip
last-modified: Mon, 22 Nov 2021 17:18:18 GMT
server: istio-envoy
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 27
content-type: text/javascript;charset=UTF-8
alt-svc: clear
via: 1.1 google
expires: 0

GET
H2 204 cjs-logger
e.cdnwidget.com/ 0
100 B 157ms
119ms Image
image/png 34.102.193.48
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.cdnwidget.com/cjs-logger?source=ID%20generation%20error&severity=Warning&error=Country%2520not%2520allowed&cookieID=&deviceID=&BXWID=3055&warpspeed=2%5EHIykD&loadID=2gEID8gKa7Fe6bG&version=1.5.9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.193.48 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 48.193.102.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:18 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/png

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
715 B 109ms
33ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Mon%2C%2022%20Nov%202021%2017%3A18%3A18%20GMT&n=0&b=HelloFresh%20Food%20Blog%20%7C%20Get%20Cooking%20%7C%20The%20Fresh%20Times&.yp=10021239&f=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&enc=UTF-8&yv=1.10.2&tagmgr=gtm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:18 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Mon, 22 Nov 2021 17:18:18 GMT

GET
H2 200 visit
events.bouncex.net/track.gif/ 42 B
105 B 165ms
104ms Image
image/gif 34.117.4.53
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLoATlUWRnVVDWL6NgBlFAAzFCQQJ3pXd1UAMlAIGCQEGuQepBwO8ChoCj4eNFN0BFgkUhw0yEhTYWpm4xp6Oi26G1ICNEY0hHICGp6wNMZ47N3aLblaWEgsgH0wAjn43OaAERQ8UgIGAv2oqhe7xyvBAsCyjz+CCyKDIuwhrze8RQWWmIDQmARYBQljAPT6SAuICwvAAtARMDYCPUYZg0G9JGBIHgEMT0gQQD83j5aHh6lFIB85qYGog0WBTL0EWjIZj6ZAsJBCQR4iBiW8BfSwMMutBLgRSC8QPTdDhJKpmMxjaMzRbgfSAJ62nSOzqjeLwSDZYD1XX7BBgHCUFzaagHNAYXj6gnUajyTYpuqkWUpkI0agIUFIN5xhNJvNpvOZ7Op6ihFNgWA2LJQdWJw1QXKpuTp6hVzu5lNzUiq2Cmenl7uV4nVgfUc7kic9vvl2t5iwoTBJzH1TU5ycZ6f91cpmFgW6wbBvQHA4OtxdTrNHuvUQOQPWn8-Ye8Hx8r5-nsdN1uXh+33XtDz-PNIFQRIEETADxz3JcIJzY9qEQFBPkwPUwAiWBv3A39UOfddN2wnICOXYi81w-CkIfGc0KxTAfnIOC3hyLIbGQSiUJrZ9rxBBAOKRbikF4oj+LzLEkAlBBdHASA1i7ZDJNnUhTAIpYVmEfcHj2ONjlOA4LnDa5bnhHYnhVT5vmiOQASBISaHRKE4NheEHKRFFSBclUsRxFF8XkP4iRJMlkEpak6QZJkkBZNkOS5HlSD5AVhOFUUkHFSUkGlcBclUeVFQcvyMVubANRCz4dT1A1MGU2cPy+S8cjAIkMAkxjnxsXQ3mgvEMCLeT1SQbDh0ExCVIYp8aKyMA3gIUwJR4LrZsHUw0FQED+Bqck3h6QTbzgtbIJTTACGAL54hOYbCy2hAsEWvaePon9urXZA3kZXRTuo864TE57voIXRwz+1MXD+J0YFuAgIipSNozzYB72RqGmrQWgQCQTkAiZXhF2g2BcmfGpgF3FS7Vce1JHUPIAA5Z1AQmkOplxafphmXGYah6dYNCUAIRcBefDStOWVZHnTbZ9Nl-ZDiMs5TKuG47nWHZ1msjFbKQH4ESOsFXJEmE4QRbzUQ142AtxYKtdC4lwwiikGmi+lGWZSZ2U5bleTSflBUysUEAlBs8plI3ipqJUrf8tUqvtmrdWHerGsFxru1FlHTFRtmmoI1mpJTcS3prIvqHiCnF3ZznGdnCBC7TGlJFnNB4hLlTqBbtDLJUrOTxARuwMkOQ8nWSRJAKUo8hn6g8noCp-tjKu2dUGnmDpuu0LSeI3khaEPIt3y8+33fIV1n5DerqNofgZAZmwaAbEyIRkBwdJMhyNo79QDBH8LCA9IcAFCKCUMo6h6Df0QL-DU0B1yQBqAQJAWQcAqH4EIKQjof4PxgCBUAPxIDugVDgECuFAymDaP6Tk2RkDQDSJhCqhZWw4EdBgAg0BPzQXdMBBAOAYgKDaGwjhLUuE8LkHwhQAAlQRCB2GcKQO6civCACqmAOys2YA4Vk-AsgyPYT0NAVpMA4B8HkPRHCoCenxnwek5ixycmJDwnAABROm5iKrAkwBqJxzjlHmIMUYpROBrH8EwG0LIBAQIsLaAIWwXQECDxwHIZgC8YaJJrhvLmPM+Z5EdHg9K6TR7j0nqUVQM8x7z0gdMDAoAEACHSW0RAABHEmLEEm8GifEcIGpgRtTfDiW0a8OaZMZhzSBXSqTYBQKYISuMjE4DfGgOQbR8k-BIY0r4eteGxJsG0HBOAf5AA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.4.53 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 53.4.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:18 GMT
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 83
timing-allow-origin: *
alt-svc: clear
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 pageview
events.bouncex.net/track.gif/ 42 B
176 B 163ms
103ms Image
image/gif 34.117.4.53
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1NARugPZgB02E6LAZqhIWxsAxswC29MjWS4xAfULM0wiGQAiIYbhhRVVAGwz5YiABMYyCaTUQxIGOmqHZc4SDGgYYAHbrCIdAF+HghUPjhvUwBaZm8GZhBUc28wOQBGQlwAWQgAgGFsZhgVOQAJGizEgGsIXAU0YFQYQj19QmAIHnUnI1dY3AhvXD9mYRgAuWLYwgAyUEhYBERhZEzxKETxpgFMYgB2ACFqKhYwSFNJ3yoqMkprngCW4+o84+hQuVPzy+eKY4f0E9ri9joRkAwxDB8GY5NMoXobn97o8ESDrmh0H1kMBYr87lQAUCblRXtdmDwQqg8f8Uc8ScdgOgQN5Lq5EsNgUiCbTgfTruZCKJkEM5JptBsBqZqcjAai+VRcMxcBMBUKhtLubK6aSqEKcSzRKZUVzCXKdbhUJoahc9bjOfjTdrQblFN4JoQqsgNY7eTrGcy5G6TN6ecSdR6vfaaVrfcc3N4VNwYSYxAxQiGY2HjmKdBA5Cm01SozKiWjdey5BAAB7NXAkYua0vy9DADV4AgkJF0WhMVgcLi8fiCETiSSkaQuRTKVTWHO6HouEzmSzqWz2RwGXpuDz2Hx+AJBTqhcKDaKxeKJZKpDLZXLoApFErlSqoGp1MGoRrNVrtTrdTcuKIQyDMM1iKGMExTN49ZZvyzRqnUJiEP4kAZk2OoMFWcgWl4kCoJWVYDKgbqYjmdqIg6oZloQYiELCwB1DAVwUdG6HHNiYCWkapjkpScj8HOICSmhZrHN4zBQEowicPh7yoJxECDLCFLpg2PqwVQHT4fEVYiU61zeJYhbKXIOkCHpwJ7GoczgNAcBIKIzBVHAhAwAAXhAmAAJx7AALDMYjMEamAAAwzPAEAMK5AwwKYmCkCFACsiUzLA0WxZgaT6KQez6CFaS+V5AAcewhVQhVhUasAqBlaSkF5VCJWkaRefobVeR1VBeclNkLPZtUzC0ACOyCDDVcVpDMwjoBE+AwEhyoeJl2W5flhUlX5U0zSBIDALmqCubEmDKmApAzFVxSeaYg1KKgKiYBFDAzLZQyYKsoRAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.4.53 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 53.4.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:18 GMT
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 83
timing-allow-origin: *
alt-svc: clear
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 cmp
events.bouncex.net/track.gif/ 42 B
105 B 165ms
105ms Image
image/gif 34.117.4.53
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/cmp?wklz=MYewdgzgpmAuBcsCWBbKBlWBDFAHAvAIwBsAzAOzEAMhALAJyUCs9AZKJDAgBZYQDC4aHHxgQAUgBMVYHlYoQAEyj4qrAO5QARhCSwoSRflJUmTVgDcku5EZIVqdegA5yVSQzXKrwA3dL0kkyEhPTE4fSRkvRmrLhYAOZQVlDqhkSs0ACOAK4wvumS7AA2SFzIaBDYeERklDQMrvRqwKVcWLhIFlAATrrg+NgJpKzeSL74ipkgOT0TmlqsiVz4OdA9QA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.4.53 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 53.4.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:18 GMT
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 83
timing-allow-origin: *
alt-svc: clear
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 reloadCampaigns.js Show response
api.bounceexchange.com/bounce/ 3 KB
1 KB 60ms
59ms Script
text/javascript 34.117.4.53
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/reloadCampaigns.js?wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYBmAdkIAZ8BWCi0i6zYALxCgswHcBTAIxypgPAPqoAJlGKMmAJx44QAGzhoMBShQAe+AEx1M8mD1nzZUbAEMlS1AgDmIuLKVQAFsGAAHHAFJiAIK+ugBiwSF8SiD2AHRuPDYgMPI4bjFIIAC24f4hqpkiis5IPP4AIpYoqABupbqE+SKZPOKocNnEZTyZlqhKwQ3ABUiWmV699gjlONYKRibJqDwI4gC0GHwglrKtDiL4OMAAsjzWAMJuIKglIgASIUfbANY8wIXOXrKoOHWEOF48GDlAaNDIIYTg6YgJCoaxiME4TDVb5CEQZEBPJZQXykABCwV0Si8BP8QV0ug83j8umogWC1FC9NCkWicQSUWSCjSGWyNMZNOIeSGhRAxTqtIqVVqTMGBWarXa9M63V6-T5srRo3GqEmSrKMyUc0BCy+yzWGy2OzsjgOx1OSguVxu90eshebxwHy+Pxl-0BeploIwEOAesUMLh1ww1N0wTOBNkJLp5JJunj5J4WiTASIZEoxF0AE5yIR8DiytgQBisTj8eTqtnawSeLVZCIovZ7C0xFMU4EYNYfWmCZ6+JkhMJxCJo0I6rH+4O6undM4lGjRV4MI3yQOlEPY8PyUljIm+2TdLv93GCV4lJYED3NbJQ2eCZe59fyaBgHDWjgMogL7zue76psuAGbg+GTiB+yYXouYEEsAsiVC8U4QVur47ghKaHroPyWIoCBwjgTxwNmoF4be94iMRzTbvBe4fnhpHkVhjFXnhRIMZSPikgA9PxLKxPEiScqk6RZPxuSNEUsglOUlRoNK9SNPKbQdF0PR9CCwojGMExTJ0BpGieixmusCCbNsuw2ocJznJc1yiC6zyvO8sifN8vx+kCnS6cMwbLKGxnQrCa5RggMafrof4AeCTQKDMXYMZRB7LnwWgiMhOpdm2mbCLIxFrkp6C9sBb44elI6ZDg05eG8dipVVMUAm2mxZuxaUxQg7R8CY04wCIHUKM1TEkqQZQxeI9ghKgsiHAAMls4jZshcBLm+1RAaSubkFQAAshYABwxciq1nntlD4Edx0MLoR0UDFlggNmT1ccS7G8dStJkgyYR8hEHZsmJKTclkTIA7SQoFHJCkCpKyniqpwrqYqCMqjp6qglqhlhrMODzLI5krJZ1lWnstoOQ6TnOg8bkel63m+gCQII4GelBZCCPhuF8LRoh5KEW9Z1eA2l3TQxF3VeSp4VbhMu6Eg23Zldh0nTFgjS6Siv2Egcs62WeG8sB73Lq02twfgxCFjS+D4IWhBO4WLtFtQ1CC4SKuXSQ+03RreFuEgThDGjzTaWqwFG8uQch7VoryacUqwTm5ZItsOAANodl2U52AAurAi7pwtmctgNOfdgXRdMSXWejuOnjdjOwiF++deZ6u65wJBbfF9UGeZ8eJh97XA+l9RD52E+wCjz8HdxaKCWlQPk5zzwHffr+3zxbPNfz+PWcYVBIAwevm8oUgaHd73+8b4fmcEURJFkefD+T7Row8G-g+sT-pcjGQOybs4d+qyH-lnFeohQEjzvh3EYz4RCZm+MAHAEDs5eELt9ASQlgaiQ5GDSSmRpKClkgnBSnQoEBUSgqTSmM1Qan0tqXUxkCZExJuaKylpbL7HsvaR0zk7j0zdO5T0nlvQ+VZsCFGgVwTBShBGCKCIF47yXm8ZoOBkrfzgQ-TK2UvidgGgVEwxURClQwOgnAtV6qNQQOgnu9gUIwXEMPNs8gV6WDXjoweCAQDVFFEgeI+VWyOJ4MsQaJ5C43WCBQEI8g6gUGpoid+A0OroN6pkMBg1hogC0Aoc+6JMSiFACAds2wuxwL4F4DgmBXjVMzgAIgQcABpAAaJpnieD2BALIAAnm0pp8Qr6ihae0y4zQBmfFPnAFADT86YAangSsYxbD3huDAO89gLDVDcJYGpYsJAEEMEoYAvSARQF8f4mZQSkEhPiQ+Vxxy6I8CgOPWEkQeBAA
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/ijs_all_modules_cjs_min_8a99d8213d5b571cebd592369200e02b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.4.53 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 53.4.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: a73ffdc45ceea6f4bdc3af40d557679dfb6057924e8ae2a08da149392b1295ed

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:20 GMT
content-encoding: gzip
last-modified: Mon, 22 Nov 2021 17:18:20 GMT
server: istio-envoy
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 38
content-type: text/javascript;charset=UTF-8
alt-svc: clear
via: 1.1 google
expires: 0

GET
H2 200 reloadcampaigns
events.bouncex.net/track.gif/ 42 B
108 B 103ms
103ms Image
image/gif 34.117.4.53
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events.bouncex.net/track.gif/reloadcampaigns?wklz=E4UwNg9ghgJgxlAtgBygSwOYDsDOAuOAVxwBcJEA3KYNKAIzBBwF4BSAdgCFWAmHyDBhAwA+miy8erAMwBBSQDMoYHCEm8AwpJAUQwEQKGjx6uYuWr1PLXxyE6iNCRLCREXE7V8Z8vkpVeUtaShMBgInAQhMjupr48-pbewXwQCgp6ceYBVjY8yGBQWGLFCMAkWX4WgZqSMGg4kYRYJCJQcCRoVC4wlQnVuZJkJMoi9Y1RLX2JNSk8TTGlEDA1ZlU5yXkkwO0A1q4Lsd5r-RtBeapQOO6jOLuE0wObkgVFIlhIq-Ezg7b3j2danwEFg4OBGKJECBEHRMsdvk9zpJ2p1dCIoTC4VITj9nsDqK0QAAPBokHAApJIvhgZB9AAWzmQ5LWADFeCyGBAMAA6OngtKgHB07mRRDsmQswgkRAia6hMEyAAiKK6XgAbFKZVD6oQxdJFdD0GBeBrpREkKhMBJ9ThlExQBlgAoaCAsDAALTuOjQYD1LAYEQARlIAFkQMoNHSIGgwSIABIskPUfatOzAZA0JJqnDIEAKJUmzURdwuKY2iBwWjhGPucl4njjJotdFMW1CCmzPJ0IkibaYIT6YkuYAfcIqo7YhGAuY4RA4NzIVomeHZSlAnjRDA7FYwNKOkSgFXdYQd348LAQChROB8we6YBbkCutzpLE+SSBgAsvAADCzQF4P5hhYZ65vo3pEqe9ZYLqsL6GkIgQUwUFSOwioAGSgJAsAICg6DYPgHxQswVA0PQjCYeA0DwBa+G4HgJAAJ65swF5XoQN56CIOh6I+z57no6GIMsIDMD+6EAO4gHQOCeGgMDMNIP4AKzKehFANE48nMIGarSOwao-l+ACcAAc7A-jwn7GeJKwaWC2mBtIxk8MpgaBsZapecZPk8MZqnoagQgaSAEmOehqgAI6EK6DkKdI6FwGAaCus4aBQqQFo6XpBlGcpP4-hZpmJclqVQMgqrALJ7jMCMGAJXZMaiTAEVRMAYLMFJdDoVAQgtMwxB6EAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.4.53 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 53.4.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:20 GMT
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 82
timing-allow-origin: *
alt-svc: clear
content-length: 42
expires: Tue, 01 Jan 2001 00:00:00 GMT

GET
H2 200 SmarterHandler.ashx Show response
tr2.smarterhq.io/app1/ 297 B
419 B 305ms
101ms Script
text/javascript 3.211.116.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tr2.smarterhq.io/app1/SmarterHandler.ashx?r=1496750825&i=rh8z44s117-1&cb=_smtr.postprocess&cu=true&utc=0&pt=5&href=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&hostn=blog.hellofresh.com&pathn=%2F
Requested by: Host: d1n00d49gkbray.cloudfront.net
URL: https://d1n00d49gkbray.cloudfront.net/wknd/wknd_cartridge.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.116.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-116-132.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 79c9a9d3eb26b2c426bdba2cbb83766dd05c649cbf00534fdf7f6211cf79cbcc

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:21 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 297
content-type: text/javascript

GET
H2 200 SmarterHandler.ashx Show response
tr2.smarterhq.io/app1/ 297 B
418 B 101ms
101ms Script
text/javascript 3.211.116.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tr2.smarterhq.io/app1/SmarterHandler.ashx?r=1059134028&i=rh8z44s117-1&cb=_smtr.postprocess&utc=0&pt=5&href=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons&hostn=blog.hellofresh.com&pathn=%2F&modalc=637731983019003800^017d48a7-e2cc-4b25-bb1d-81134b8a2b71^017d48a7-e2cc-4f57-b85e-ca775e8e9f19^0^194.36.110.171
Requested by: Host: d1n00d49gkbray.cloudfront.net
URL: https://d1n00d49gkbray.cloudfront.net/wknd/wknd_cartridge.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.116.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-116-132.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 3c90194bd8100db270b00f746b233927aeff9508433da15d27ad0c2cf21ab1cf

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:22 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 297
content-type: text/javascript

GET
H2 200 smtr1x1.gif
tr2.smarterhq.io/app1/ 43 B
159 B 102ms
101ms Image
image/gif 3.211.116.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr2.smarterhq.io/app1/smtr1x1.gif?r=968472544&action=campaign&i=rh8z44s117-1&modalc=637731983019003800%5E017d48a7-e2cc-4b25-bb1d-81134b8a2b71%5E017d48a7-e2cc-4f57-b85e-ca775e8e9f19%5E0%5E194.36.110.171&pageId=0HMDDO5CH70T2%3A00008DD3&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&utm_medium=email&utm_source=active&utm_content=social_icons&href=https%3A%2F%2Fblog.hellofresh.com%2F%3Futm_source%3Dactive%26utm_medium%3Demail%26utm_campaign%3Dsalesreferfriend-onboarding_1stMealChoice_HFMarket_surprise%26spef%3D%26utm_content%3Dsocial_icons
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.116.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-116-132.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 17:18:22 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 43
content-type: image/gif

GET
H2 200 HF_ChocolateChipCookies_Blog_Shot01-1536x864.jpg
blog.hellofresh.com/wp-content/uploads/2021/08/ 546 KB
547 KB 25ms
24ms Image
image/jpeg 104.155.100.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.hellofresh.com/wp-content/uploads/2021/08/HF_ChocolateChipCookies_Blog_Shot01-1536x864.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.155.100.3 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS: 3.100.155.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: b8dc6dfb662c82264523127c79880833884f479e9048217fe21b13a8093e14f1

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:18:23 GMT
last-modified: Mon, 23 Aug 2021 15:37:19 GMT
server: nginx
etag: "6123c0af-888e8"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 559336

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.pinterest.com
URL: https://www.pinterest.com/.well-known/attribution-reporting/trigger-attribution?trigger-data=0&priority=22

Verdicts & Comments Add Verdict or Comment

153 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-19 22:54:47	Name: X-AB Value: 0d6e407936704bd380072f5891d28b0e
.google.com/	1970-01-20 03:16:52	Name: NID Value: 511=bS_IEJJjgSbeHHgbkQQKz0bnJpk1KOqe3i1y1HrUH8M_ULXy38t6qhVHKN5ZcdNCMiEyj3UrVDkvZGE7m_WUtYC-ECNMKi0s3kUfiIiuYUyXqKR2fx7R_Dh3C-_7-yYX-5msFybMi08rQbQyTReNdCxUAO7-k6_fvRAYKa9WFcQ
.hellofresh.com/	1970-01-20 08:20:01	Name: _HFtr Value: 235567081.1637601496
.hellofresh.com/	1970-01-19 22:54:47	Name: _HFtr_gid Value: 339700340.1637601496
.hellofresh.com/	1970-01-19 22:53:21	Name: _HFtr_gat Value: 1
.hellofresh.com/	1970-01-20 00:19:45	Name: hf_cookie_permissions Value: ,C0004,C0001,C0002,C0003,
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: UgCJeZXcZWE
.hellofresh.com/	1970-01-20 01:02:57	Name: _gcl_au Value: 1.1.1653176859.1637601497
.hellofresh.com/	1970-01-19 22:54:47	Name: _safari_api_poll Value: true
.hellofresh.com/	1970-01-20 16:24:33	Name: hf_measurement_ga_43NCVZT4H8 Value: GS1.1.1637601496.1.0.1637601496.60
.hellofresh.com/	1970-01-20 16:24:33	Name: hf_measurement_ga Value: GA1.1.1726167273.1637601497
.hellofresh.com/	1970-01-19 22:53:23	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://blog.hellofresh.com/?utm_source=active&utm_medium=email&utm_campaign=salesreferfriend-onboarding_1stMealChoice_HFMarket_surprise&spef=&utm_content=social_icons%22%2C%22sref%22:%22%22%2C%22sts%22:1637601497227%2C%22slts%22:0}
.hellofresh.com/	1970-01-20 08:22:45	Name: _parsely_visitor Value: {%22id%22:%22pid=2dcb3ae69d3c1660f7492d497a44c35f%22%2C%22session_count%22:1%2C%22last_session_ts%22:1637601497227}
.hellofresh.com/	1970-01-20 08:23:08	Name: _scid Value: 0bcf6fd4-00d9-464b-9865-dd608a00b4bc
.hellofresh.com/	1970-01-20 01:02:57	Name: _rdt_uuid Value: 1637601497339.5cb22afa-dfea-49b9-81c6-339a112d6dbe
.doubleclick.net/	1970-01-20 08:14:57	Name: IDE Value: AHWqTUlQkot7SwCzq8R0xknQzNXiPIXWLrw5VMcKQDmAu2s1rBPGUW-odUwQy5t6
.snapchat.com/	1970-01-20 08:14:57	Name: sc_at Value: v2\|H4sIAAAAAAAAAAXBgQ0AIAgDsItIBorIOU78guNtt3o4SPHjkFk3hWFPbJOmB6zKbl0jFnRmND4+JU0sMgAAAA==
blog.hellofresh.com/	1970-01-20 16:24:33	Name: _tq_id.TV-099045-1.afbe Value: ba2cbc5364d30bf6.1637601497.0.1637601497..
.hellofresh.com/	1970-01-20 08:22:09	Name: cjConsent Value: MHxZfDB8Tnww
blog.hellofresh.com/	1970-01-20 07:38:57	Name: _mibhv Value: anon-1637601497614-7225494218_6571
blog.hellofresh.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: bf57ccb2d9fe1167d1160aeef8f44171
.hellofresh.com/	1970-01-20 01:02:57	Name: _fbp Value: fb.1.1637601497380.7319336803
.blog.hellofresh.com/	1970-01-20 07:38:57	Name: _pin_unauth Value: dWlkPVlqZGtaak01TldZdE4yVTRZUzAwTlRVNExXRXpOell0WkdZd1l6RXpZamRpTnpOaQ
.ct.pinterest.com/	1970-01-20 07:38:57	Name: _pinterest_ct_ua Value: "TWc9PSZyY0pFbi9ZODhrYmY5R0htS3V5NlNUZWI2MVRUUUhQUWZ1WVNSUmhtZVhqYTZqOVdHaWUxeEJvRzA5QUw3djNZekduQWcyRGpQekQwYVVuVG5hY3NxNEhEMHU5aWtvTHpTdlVCcHlxSllGdz0mOTBhbE91MGhxYmFRUUcySVRxLzF4VjZzM2kwPQ=="
azetbd4r.micpn.com/	1970-01-20 07:38:57	Name: _mibhv Value: anon-1637601497614-7225494218_6571
blog.hellofresh.com/	1970-01-19 22:53:21	Name: outbrain_cid_fetch Value: true
.postrelease.com/	1970-01-20 07:38:57	Name: opt_out Value: 1
www.pinterest.co.uk/	1970-01-20 07:31:45	Name: _pinterest_sess Value: TWc9PSZaU1JEbVBMMXUrK2tMQm81UlFFdGxjUForWTVGMUJBdE8vZmcxZWVJUGlkTXBsUU9sS2xPUmNkczNGcHc2dE9tTFJZR2J4ZkhSbnBDMmp4NjljNFFIZVBNdFhaQkNTUXkrdVhZWW5tdU04ZlZ2eHozQXlEL216VnVjcFBSQndkOSZSSWZPQXN0V2VkOEtVbzZDWFVNUDZhVm9wTjg9
.bounceexchange.com/	1970-01-19 22:53:23	Name: bounceClientVisit3055c Value: %7B%22vid%22%3A1637601498702490%2C%22did%22%3A%22139251196669992955%22%7D
.yahoo.com/	1970-01-20 07:39:19	Name: A3 Value: d=AQABBNrQm2ECEMrb3TM0FWggm5uz1kRKrR4FEgEBAQEinWGlYQAAAAAA_eMAAA&S=AQAAAtA9QKYwinn5vwtTlecrzDA
.hellofresh.com/	1970-01-20 16:24:33	Name: shq Value: 637731983020044120%5E017d48a7-e2cc-4b25-bb1d-81134b8a2b71%5E017d48a7-e2cc-4f57-b85e-ca775e8e9f19%5E0%5E194.36.110.171

210 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://blog.hellofresh.com/wp-content/themes/hellofreshbase.min.css?ver=5.8.2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://blog.hellofresh.com/wp-content/themes/hellofreshstyle.min.css?ver=5.8.2 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
other	warning	URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 22) Message: Unrecognized feature: 'conversion-measurement'.
network	error	URL: https://blog.hellofresh.com/gw/auth/token?client_id=senf&grant_type=client_credentials&scope=public&locale=en-US&country=us Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'nonce-09410b72183fe9ed73af0403c12e2897' 'strict-dynamic' 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'report-sample' 'self' .pinterest.com .pinimg.com .google.com connect.facebook.net .google-analytics.com .facebook.com .googleadservices.com .doubleclick.net .googletagmanager.com .adyen.com .adyenpayments.com cdn.ampproject.org .cdn.ampproject.org radar.cedexis.com .cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'unsafe-inline'".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

353676082.privacysandbox.googleadservices.com
9917901.fls.doubleclick.net
accounts.google.com
adservice.google.co.uk
adservice.google.com
alb.reddit.com
amplify.outbrain.com
analytics.google.com
analytics.tiktok.com
api.bounceexchange.com
apis.google.com
assets.bounceexchange.com
azetbd4r.micpn.com
blog.hellofresh.com
cdn.ampproject.org
cdn.parsely.com
click.link.hellofresh.com
code.jquery.com
collector-905.tvsquared.com
connect.facebook.net
ct.pinterest.com
d1n00d49gkbray.cloudfront.net
d1z2jf7jlzjs58.cloudfront.net
data.cdnbasket.net
e.cdnwidget.com
events.bouncex.net
googleads.g.doubleclick.net
hft.hellofresh.com
ids.cdnwidget.com
jadserve.postrelease.com
p1.parsely.com
page.cdnbasket.net
pixel.wp.com
platform.twitter.com
q.quora.com
s.pinimg.com
s.yimg.com
sc-static.net
sp.analytics.yahoo.com
ssl.gstatic.com
stats.g.doubleclick.net
stats.wp.com
syndication.twitter.com
tag.bounceexchange.com
tms.hft.hellofresh.com
tr.outbrain.com
tr.snapchat.com
tr2.smarterhq.io
track.securedvisit.com
view.cdnbasket.net
web-chat-tag-cdn.s3.eu-west-1.amazonaws.com
www.facebook.com
www.google.co.uk
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.mczbf.com
www.pinterest.co.uk
www.pinterest.com
www.redditstatic.com
www.sjwoe.com
www.youtube.com
www.pinterest.com
104.155.100.3
104.244.42.200
142.250.181.226
142.250.185.98
142.250.74.198
143.204.207.37
151.101.64.84
161.71.51.119
18.215.205.165
18.66.100.58
18.66.139.41
192.0.76.3
2.16.186.123
2.18.234.190
2001:4860:4802:34::15
2001:4de0:ac18::1:a:1a
212.82.100.181
2600:9000:2156:be00:16:4ed5:12c0:93a1
2600:9000:223d:bc00:9:7c30:be80:21
2600:9000:2250:b000:7:f1a3:af00:93a1
2606:2800:234:59:254c:406:2366:268c
2a00:1288:80:800::7000
2a00:1450:4001:801::2002
2a00:1450:4001:802::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:810::200e
2a00:1450:4001:811::2003
2a00:1450:4001:827::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::2008
2a00:1450:4001:828::200d
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2001
2a00:1450:4001:831::2003
2a00:1450:400c:c1b::9a
2a02:26f0:fb:599::1931
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a04:4e42:200::396
2a04:4e42:600::396
3.13.222.229
3.211.116.132
34.102.193.48
34.107.191.194
34.117.4.53
34.120.20.123
34.120.253.250
34.98.72.95
35.186.226.184
35.201.112.202
35.201.113.243
35.227.235.114
52.205.167.202
52.218.61.240
52.222.250.8
54.86.138.233
70.42.32.63
75.101.244.20
00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d
01bd9a81825652a9a7202cacca89efb981488316f3157728f5965323c6a0561d
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03acce15541b856dcf4395f1c0bdcff32328527cb9686ff413b7b7eb4ca1ecdf
04082cfaa14c7a04a29bf53810bda0de1aa03910090a4aeffb198f4e8bbf70d2
04686da390f8eec3ccd75869fa71e22cad452cfcff6ffa31c979f599d64831d8
04fa21be028c52290c0cb1202a8c4953abdc4dc4fc3f8dc6fc7426183fee168a
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05e6072463e460e5b5d690a8c04e577f107e52897751e730872d122785b38872
0678d939c9aea46c3f7a423a791dcb27e8c8fbcad3869a2ca3b59336450741b5
06def5f53a1116e6a7f4ecab814748f1b7d9a7fde199d96f80c233877f2c46a4
06f1a5a8103b6ea0dba8412080462a13a199f2be81d1f7adcd5808c1fff39b9a
078f60cf9ea93ef9cdd0e76a4d308ca584c4c9953f7755f9fe2b90d4bb88f32b
07d37037fac00adaab8d3068112bf139d2249facc615e9fc6674ce90f103f48c
07f0db5b960258437a21e817a5ff85ceb8fbc0bed210fc71b988fe02550616a9
0acee3b3b1b8d349b7fbc7d53cf46ff3763b5521480bb7863ef6759ba4e14db9
0b1eac7300aadf292d5148f6cb8cc5de2134b3dab660705293b9a9afe098078f
0b850991db54c2e0c6a6b7a3c818d88205ced62b9f93665cca47f9cb2802b208
0cc2be64b24f8ae3f9951a81ce4964ea31e5663f5f739d7f34cf9dbaef8ae2c6
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fc716bcc1f8668e100be543df63af646abd035fb62c9a918e81e01b87400329
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6
186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66
18b57c5d9048240752a959a4b86e60a74cdb9822c66ee321cbfc8d515f64cd6b
198f673d426c5f5ab9b973217e0e06b6fa1eda2707c4fa6fa3d067bac346fc5a
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
251fd37b1ddfc981332472c35c53d88220a54dbbab82cb2468565a4ef58f3e0c
2717481d28d98b22e3277c45a2a0529b5044aef42d8f262ca7e11e73240c563d
294494f66f4538628d463f30a44f13bf7808ae42d634e2381ee4a838b1cd7156
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2b92de018f47ad48c371f8ae1a5ace7c3031836c9b0144f34b81be9332cb5e5c
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2
3778ce7fca48ad3d4453285ad5b6d6ca8df2eba1fe90c9af0da131d697441b7f
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
37ecbd3a069afeb7cfd847ee4b988fab6e4129ac68578e05103b17be8abf5947
38664dc57070f64aeaabe58fb52dfef1f1084679499b738b87ee3188383d7745
3c90194bd8100db270b00f746b233927aeff9508433da15d27ad0c2cf21ab1cf
3da1891882eef177db88ceeb43536093319d35e3f4f90043c06333caa7d04e61
41b3d4dd3ef762aaeff7f975cfa7ace758219fcc26e483848d55713d1a6e4bef
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47e867af65f2d1b9195a02f8253b1558dede4e962ba86192f5fbc84073e30d8d
4945f050a159a66ebe10bf502988bcec4f944fd846e790d04c1d17c61bd8b68c
49529fbc705939cb6be69998dfdede76d26514c3ba61a6291d6996877a0f3ac4
4bfe3fd63b2ce813a2e3e1252146acf89e82d30222ca39161cf68086449cd64b
4e54ee28a5547ad8b6c234e115d3ed0b321ab332d77b61f70623f1c372f30b7e
5199e625183cd671fa41884c07a9ee8b320a0f882ec67d734a7b0d0f29ba97fc
51a6e976953212fdb46132c6a5778f28f4522cafbb2593e46e6627a23d1375ec
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5635ab88dda8bbd76e60e076cf2403094f3c4397f4358a42e66153514d8ef01b
5850c33fcffcf8e021d2ee631642da8ed76cc09c9f996804bb9cdb7f72726558
5a0d1630aa4ac37c7ba538cf3939659114530fadea02c3d39b331e5ac5acb518
5a14c8618da40239f696eb554c5d0d3bd974bf10a9513da02d56080f608f738d
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d23aea324f805ba409736226926f83c8d3511dc45983c4180d22bbe6f7e56bd
5f851dd00ebe1d53f8e20d5be57e19fd76a925599d00747a7c832484f52e8e84
6234eaedb342e4e72f54a63e5889421e372d14c72f6aa7315b6e48c242685600
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de
6627c5ab36fa407f18fc9b6987e359eccef005ae6d35b370d2142b7daa770324
677457a7a6888e52549734300f4603e255f8725831df39b8a6935bb9708dcc9d
6c0fafce918fb220ee3332459f37b20ce4d705fe16908bc027308958506df366
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
6f240289a734627895e80a5f88d3eb4750a6ad30f92c2b308f3b752b2aab26c2
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
746c1ade2d2ba3ab043e1fb420dbeaf28728554cfb5b638a693f07958a2fd6bb
759d6f0c1292d86d24d7abe7ad9a2cd1d86df0041260f98186ccfa26c7daab62
77ee2a3fd8bcabe8c608b049dfa721e20bb0f19f31eb7b1010f90ff2b458cb98
79c9a9d3eb26b2c426bdba2cbb83766dd05c649cbf00534fdf7f6211cf79cbcc
79f256abd169c1a581692a2700ecf884fe830716c8989c3dc2d89bc3fc32b65d
7bcaf2f09b6263996c650d935b363ad89d0f6285b0d0ddc30f4418016c449afb
7c150a90d41710628105ad44fffa944fb9d1435ddf06471f7f9440483ea6c31e
7dabda2f742e3dae9dd3fefa357afa5831a3695dbc362d29cfb7aca9e631e155
7e53755f1f85a35049cd4ff8d6278516aa79538f50d78070e26f873c4cb23454
884c315239c4626d7054efba05bf344fb993da6ef2ea62c39cf84251c5ee3f28
89653cd6b8d2b8645362bb1da785cc15f943a40a2e3dc6d2e761ddd739d0cf75
909c959034304ea400b41eea4326c355e0e7c4c8cf76369f8430756362d11bef
9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438
95382bba03de2c298af35f13da95b917e724099246a82d5d9a43330ac76fbd26
96dccaa929e6a14f0f439d8597777a97b22720516942d36fc625ae11e85c3ada
979c84a37e845d041cb6229f53783d367176ee12b720553552cd3161e0262a8d
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828
97fea9dcfcea4baf6f72f7228a1a50560a67c9e3d1a82582d9d41f11085631f6
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
998d9415269d92557b561a936955f7590d5052865044a9191a528b5a36f3afc9
99df51d06ea98fb68e503f819e66663928dbadd5def5dde0c7c75fdda9bc587e
9d311b6803fbdb039d669109e0c7dac9806863c09989fdeb5e514b7bbec8524f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0f41527ec768da3f52c4e9043a00b57e08ceaafabb992c1114bdf36a6122bfc
a154e59e6511ad6fc4acd960e13ef43395a0441f46826e05723ca03ba6f91203
a1a86586e73a2daff4b9bccc2eef0e09c34c1683c5487e710a7f10c742f6bce0
a463aa6666ce0abcabf8033013cfe881fdbfb570389aff471d400a45b3a496d4
a73ffdc45ceea6f4bdc3af40d557679dfb6057924e8ae2a08da149392b1295ed
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b01e61628cb1a50e6b3ba2ae02293dd71f616b90282fd3576c8644439a5c7d91
b03c121ddec98e201c217f7319ddaaef811345a07c76700bf1a83d6328af5cc2
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0
b72805902e02fb3e4dd61d116e8f34a240f5609bdfb0c699ffb950a418e5a162
b8dc6dfb662c82264523127c79880833884f479e9048217fe21b13a8093e14f1
bc0c2a453e8b861c2c99fc47181cc6f98dfef752409bb6f2b959969126ca6966
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c15c4f7421dc6e0c560932dbef05b71868332e6f4b0a5b0b17a3c60fa7aa518b
c4ebec9c533a5636014a6dae5b1b84da1dbb81e624beaabc5f0467e81f546951
c693fcb1b25a8491d16d54d3bb6027734476a8250a5d1c610e976c525aab0ba0
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c8155aafb05f86a0bb7908446dbefefcca0a66ac025abcc5b7ca8ae65c96c8b5
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
cd90b1617912a1b787050d3f3a26ca1185196d20ad15f182d74a80f5524b6cd1
cdb5ca36664e6906c51c4336873d7b45f29cb48c3b3188c853980813da650712
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d29193f923df3f407d75ba6ec566423d1d5e0582ba68fc33880193d3967b670e
d2ddda3f26cc7bf10f3d8c5091d66b63f1d77729d3f9e1c5e98651affc0e5684
d76d39d051a4de7b92b84002000cb998c45d1456aaaac56178c781dcb9cf2c30
d8d4458c2680a33783b728134ac6e229ade65b94d82857b1d04464f95a0a996b
dab5fc88424d51257fc91bb0cd946e4f61dec6af379c8c6659a4e4d231ff607b
dc4bf7d19c478a0508332a2303ea212bf99e31407fcbf09236aec4a1ba2aa834
ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1
df15236d4098113e3479fc540a9bd1046ca6029f5508098e9c4245a0e12fab05
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c14a85edcb2dff04be402803007f92c7efa1518b4aa5cf1d7227ccce4b388c
e8a54936fbb2efbdbea053d91e83b80f58c45c5b761a2504f7798e0b9eafd64c
ea844e68b77179486e8847958d0395167e0d0a0a7e1927495a01f66ee28ded1b
eaf4e6412ae84f49997de84662d9e9dfd927c49ebdfd28ffc67ec072f3550288
ec7c07878f52ad73890557fa14ab0049f06be71ff1518bfbfb537743fc37f3e2
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef19bb18745962b2ab6e01697052fc5013f9724e42a760e90a526bbff2e603f0
f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4ac9e1f05d8084f3043de0e0c3b234e3fb9838f19a98880fb24bcb8178a947d
f79519a05f5d679d5120e103ad39229be4de8a2511119abd7ad688e7089b89d1
f8152c3844528f3dd86d971dc77819e61cffb0203a4f0e22ffbfa2a0d2978dcc
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2

blog.hellofresh.com Open in urlscan Pro 104.155.100.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

192 Requests

99 %HTTPS

43 %IPv6

40 Domains

62 Subdomains

58 IPs

6 Countries

4462 kBTransfer

8225 kBSize

31 Cookies

62 Outgoing links

Page URL History

Redirected requests

192 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.hellofresh.com Open in urlscan Pro
104.155.100.3 Public Scan

Screenshot
Live screenshot

Full Image

192
Requests

99 %
HTTPS

43 %
IPv6

40
Domains

62
Subdomains

58
IPs

6
Countries

4462 kB
Transfer

8225 kB
Size

31
Cookies

192 HTTP transactions
1 data transactions