www.travelbyus.org Open in urlscan Pro
50.87.237.60 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://travelbyus.org/
Effective URL:
https://www.travelbyus.org/
Submission: On October 11 via manual (October 11th 2022, 8:39:22 am UTC) from JO — Scanned from DE

Summary HTTP 219 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 33 IPs in 5 countries across 29 domains to perform 219 HTTP transactions. The main IP is 50.87.237.60, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is www.travelbyus.org.
TLS certificate: Issued by R3 on September 3rd 2022. Valid for: 3 months.

This is the only time www.travelbyus.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 44	50.87.237.60 50.87.237.60	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
4	151.139.128.11 151.139.128.11	20446 (STACKPATH...) (STACKPATH-CDN)
1	13.32.99.51 13.32.99.51	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223c:1c00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.122.76.243 3.122.76.243	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
13	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	184.73.100.94 184.73.100.94	14618 (AMAZON-AES) (AMAZON-AES)
20	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	35.174.112.146 35.174.112.146	14618 (AMAZON-AES) (AMAZON-AES)
1	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	107.20.140.231 107.20.140.231	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:a40d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.248.7.88 34.248.7.88	16509 (AMAZON-02) (AMAZON-02)
12	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1 40	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
3 7	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
2 3	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
1 1	3.123.239.111 3.123.239.111	16509 (AMAZON-02) (AMAZON-02)
12	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
3	34.98.67.61 34.98.67.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
4 4	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8101:25d:89fc:67d9:f1d7	16509 (AMAZON-02) (AMAZON-02)
219	33

44 50.87.237.60 (United States) 2 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2144.bluehost.com

travelbyus.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.travelbyus.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)

cdn.shareaholic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m9m6e2w5.stackpathcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-51.fra60.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:1c00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.122.76.243 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-76-243.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scontent.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.73.100.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-73-100-94.compute-1.amazonaws.com

www.shareaholic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.174.112.146 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-112-146.compute-1.amazonaws.com

analytics.shareaholic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.20.140.231 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-140-231.compute-1.amazonaws.com

partner.shareaholic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a40d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.248.7.88 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-7-88.eu-west-1.compute.amazonaws.com

api.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.123.239.111 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-239-111.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 216.58.212.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.67.61 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.19 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.138 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.18.126 (Shahr, Iran, Islamic Republic Of) 4 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.192.160.219 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8101:25d:89fc:67d9:f1d7 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 131 tpc.googlesyndication.com — Cisco Umbrella Rank: 170	773 KB
44	travelbyus.org 2 redirects travelbyus.org www.travelbyus.org	2 MB
34	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 static.doubleclick.net — Cisco Umbrella Rank: 402 cm.g.doubleclick.net — Cisco Umbrella Rank: 304	458 KB
19	gstatic.com fonts.gstatic.com www.gstatic.com	222 KB
11	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 611 scontent.xx.fbcdn.net — Cisco Umbrella Rank: 268	172 KB
9	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 136 www.google.com — Cisco Umbrella Rank: 19	2 KB
7	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 118	5 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 228	277 KB
4	casalemedia.com 4 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 703	4 KB
3	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 915	248 B
3	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 1482	478 B
3	quantserve.com 2 redirects cms.quantserve.com — Cisco Umbrella Rank: 1504	1 KB
3	viglink.com cdn.viglink.com — Cisco Umbrella Rank: 7883 api.viglink.com — Cisco Umbrella Rank: 14906	29 KB
3	stackpathcdn.com m9m6e2w5.stackpathcdn.com — Cisco Umbrella Rank: 31972	45 KB
3	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 6377 buttons-config.sharethis.com — Cisco Umbrella Rank: 7588 l.sharethis.com — Cisco Umbrella Rank: 6253	44 KB
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 2488	1 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 493	920 B
2	openx.net rtb.openx.net — Cisco Umbrella Rank: 2302	415 B
2	google.de adservice.google.de — Cisco Umbrella Rank: 5221	914 B
2	shareaholic.com analytics.shareaholic.com — Cisco Umbrella Rank: 29875 partner.shareaholic.com — Cisco Umbrella Rank: 34061	648 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 203	87 KB
2	google-analytics.com google-analytics.com — Cisco Umbrella Rank: 83 www.google-analytics.com — Cisco Umbrella Rank: 94	20 KB
2	shareaholic.net cdn.shareaholic.net — Cisco Umbrella Rank: 33399 www.shareaholic.net — Cisco Umbrella Rank: 29276	7 KB
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 2279	297 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 900	98 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 916	758 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1003	648 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 115	16 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
219	29

	Domain	Requested by
42	www.travelbyus.org	www.travelbyus.org
40	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
20	pagead2.googlesyndication.com	www.travelbyus.org pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.gstatic.com www.googletagservices.com
19	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
12	cm.g.doubleclick.net	www.travelbyus.org googleads.g.doubleclick.net
12	www.gstatic.com	googleads.g.doubleclick.net
9	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
7	www.google.com	3 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
7	fonts.gstatic.com	fonts.googleapis.com
7	fonts.googleapis.com	www.travelbyus.org googleads.g.doubleclick.net
6	www.googletagservices.com	googleads.g.doubleclick.net
4	ssum-sec.casalemedia.com	4 redirects
3	image6.pubmatic.com	googleads.g.doubleclick.net
3	odr.mookie1.com	googleads.g.doubleclick.net
3	cms.quantserve.com	2 redirects googleads.g.doubleclick.net
3	static.doubleclick.net	googleads.g.doubleclick.net
3	m9m6e2w5.stackpathcdn.com	cdn.shareaholic.net
2	e.dlx.addthis.com	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	rtb.openx.net	googleads.g.doubleclick.net
2	scontent.xx.fbcdn.net	www.facebook.com
2	api.viglink.com	cdn.viglink.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	connect.facebook.net	www.travelbyus.org connect.facebook.net
2	travelbyus.org	2 redirects
1	ag.innovid.com	googleads.g.doubleclick.net
1	id.rlcdn.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	cdn.viglink.com	m9m6e2w5.stackpathcdn.com
1	partner.shareaholic.com	m9m6e2w5.stackpathcdn.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.facebook.com	connect.facebook.net
1	analytics.shareaholic.com	m9m6e2w5.stackpathcdn.com
1	www.google-analytics.com	google-analytics.com
1	www.shareaholic.net	cdn.shareaholic.net
1	google-analytics.com	www.travelbyus.org
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	platform-api.sharethis.com	www.travelbyus.org
1	cdn.shareaholic.net	www.travelbyus.org
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
219	42

This site contains links to these domains. Also see Links.

Domain
www.zeeclick.com

Subject Issuer	Validity	Valid
cpcontacts.travelbyus.org R3	`2022-09-03` - `2022-12-02`	3 months	crt.sh
cdn.shareaholic.net R3	`2022-09-08` - `2022-12-07`	3 months	crt.sh
sharethis.com Amazon	`2022-06-19` - `2023-07-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.stackpathcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-04` - `2023-05-31`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-07-20` - `2022-10-18`	3 months	crt.sh
*.shareaholic.net R3	`2022-09-19` - `2022-12-18`	3 months	crt.sh
shareaholic.com Amazon	`2022-06-01` - `2023-06-29`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.shareaholic.com R3	`2022-09-15` - `2022-12-14`	3 months	crt.sh
ssl1029306.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2022-06-01` - `2022-12-08`	6 months	crt.sh
viglink.com Amazon	`2021-11-13` - `2022-12-11`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://www.travelbyus.org/
Frame ID: 4F5B86E7A2B3B89DBAB170CC737255B1
Requests: 74 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20190131/zrt_lookup.html
Frame ID: 81A37FAE5B1E3AB2CDE7A540C243C7F1
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa2601afd4963%26domain%3Dwww.travelbyus.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.travelbyus.org%252Ff5ed0880af7b7%26relation%3Dparent.parent&color_scheme=light&container_width=280&header=true&href=https%3A%2F%2Fwww.facebook.com%2FTravelByUs.org&locale=en_GB&sdk=joey&show_border=true&show_faces=true&stream=false
Frame ID: 14388E06002CF7A974F569165B41CB6A
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&adk=1812271804&adf=3025194257&lmt=1665477554&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.travelbyus.org%2F&ea=0&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477553984&bpp=9&bdt=601&idt=149&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5380283916519&frm=20&pv=2&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=172
Frame ID: 3C0D2DAA2769C3BCBE3AC493807D55CE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1739562190&adf=721852255&pi=t.aa~a.356315161~rp.1&w=338&fwrn=4&fwrnh=100&lmt=1665477554&rafmt=1&to=qs&pwprc=9457725174&format=338x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477553993&bpp=2&bdt=609&idt=170&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=192&ady=57&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=svDUEFSzsz&p=https%3A//www.travelbyus.org&dtd=179
Frame ID: 3A6D91B63646E0F359F95E16AF0EB98A
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=54949582&pi=t.aa~a.312431347~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=2&bdt=1651&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280&nras=3&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1536&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=YVJYtTLhlj&p=https%3A//www.travelbyus.org&dtd=19
Frame ID: 332156CBC405CB68AFEF709D8300C8EC
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24
Frame ID: 68A26F381572B44893F41DE9B14ECDC9
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=3777123250&adf=3651570137&pi=t.aa~a.1508228134~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=1&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280%2C1200x280&nras=5&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3058&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=F9QhB8yvrA&p=https%3A//www.travelbyus.org&dtd=28
Frame ID: B5EF048E119A6C4996000D5AD53CB078
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1
Frame ID: 309A8ECF8EBAD712DA5B4D6DF44DFAB5
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1
Frame ID: C1E36416311E97BC27FF3DB5AB5F3D8B
Requests: 14 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E32D1F56082DBB429C324ED3B952F552
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 298B242973F57CB16F46D58CF0F22898
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 21A1206F8777E2DD5AF04995318ABC76
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html
Frame ID: 009984543AC567D6AEDC4AE0D40E60AB
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js
Frame ID: 089C23B8BC941F51050CA39DE8205F45
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F5FB401A1AA25E6991CD309296F20C7C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: FE2D2BCD04B4A448B567996910069333
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 47BFE4EBFE93893A7B469F0DFE52765A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9B495D4BFFABDADCD7372B4A5D908E96
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js
Frame ID: 5E74FAFB945228AD118FD03400BD1E66
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js
Frame ID: A8248907E1CB1ABC381F6C390836EB12
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js
Frame ID: 365D0BDEE958E7EBF1017B9967B819F9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A02BBAA9C7324BD8282F09F7E16E5C1B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 274E16BA4B30BEF690AA4FABA5436F31
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Submit Travel Guest Post - Travel News, Tips for Traveling - Travelbyus.org

Page URL History Show full URLs

http://travelbyus.org/ HTTP 301
https://travelbyus.org/ HTTP 301
https://www.travelbyus.org/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

VigLink (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:^[^/]*//[^/]*viglink\.com/api/|vglnk\.js)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

219
Requests

94 %
HTTPS

50 %
IPv6

29
Domains

42
Subdomains

33
IPs

5
Countries

3856 kB
Transfer

7386 kB
Size

24
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.zeeclick.com/
Title: ZeeClick

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://travelbyus.org/ HTTP 301
https://travelbyus.org/ HTTP 301
https://www.travelbyus.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 116

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 117

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 134

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 164

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL HTTP 301
https://tpc.googlesyndication.com/simgad/4091503581208051288

Request Chain 176

https://d.agkn.com/pixel/2175/?google_gid=CAESEPez7p72jGrRSACOCbcrmbw&google_cver=1&google_push=AZmPxg_FFMnHgkxMlLVPWmdvDbfB8rc95dcXlWIa4fBdfEskzZxp2_kTVuh9_xDLZeNs9cxsgK9l_7EY2g1ilXYRShG7bJAfBxk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AZmPxg_FFMnHgkxMlLVPWmdvDbfB8rc95dcXlWIa4fBdfEskzZxp2_kTVuh9_xDLZeNs9cxsgK9l_7EY2g1ilXYRShG7bJAfBxk&google_hm=Q0FFU0VQZXo3cDcyakdyUlNBQ09DYmNybWJ3

Request Chain 180

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEE_9X0kLVXQI7P2SbBsmTxI&google_cver=1&google_push=AZmPxg_3Mw-kE39OI9ic9C8wnpBf9DLnGrwqbj-1zk23HhONiRLBz67X9RcZfUi3_pvmX6f1bP-d1nnokUg6zRATpAKsw9ooew HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDkzWUMyWTUtMTQtMjAzQg==&google_push=AZmPxg_3Mw-kE39OI9ic9C8wnpBf9DLnGrwqbj-1zk23HhONiRLBz67X9RcZfUi3_pvmX6f1bP-d1nnokUg6zRATpAKsw9ooew

Request Chain 181

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGg6-wEONwjur6VCyrbvusI&google_cver=1&google_push=AZmPxg98ZyXaov7p8nPbkv1uHBh1N1UXBXuBB3JgJZk9loNJoXwiMardnR-liWQcyFuMIz7kYEQuWc806o3o808xXa1oUPaUMJQ HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEGg6-wEONwjur6VCyrbvusI&google_push=AZmPxg98ZyXaov7p8nPbkv1uHBh1N1UXBXuBB3JgJZk9loNJoXwiMardnR-liWQcyFuMIz7kYEQuWc806o3o808xXa1oUPaUMJQ&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGg6-wEONwjur6VCyrbvusI&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg98ZyXaov7p8nPbkv1uHBh1N1UXBXuBB3JgJZk9loNJoXwiMardnR-liWQcyFuMIz7kYEQuWc806o3o808xXa1oUPaUMJQ

Request Chain 186

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBvj5D7B7WBaAsTt-7YxlA4&google_cver=1&google_push=AZmPxg8thmiXKbGGSwlKw-5s0VxFarW0R4SvMN4Oh2DvDCU_86XSqDuHIO_fWZ6v-vMxWdw703c58StLryAnzkXlr1GsTkvbqwM HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg8thmiXKbGGSwlKw-5s0VxFarW0R4SvMN4Oh2DvDCU_86XSqDuHIO_fWZ6v-vMxWdw703c58StLryAnzkXlr1GsTkvbqwM&google_hm=x9FpPMN7GwNUoVWYGus0TQ

Request Chain 191

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFd-J-BY7c06hwIb3fiEfME&google_cver=1&google_push=AZmPxg9lfuGcz9U96MuYiVx1DOsbizSLzRB37Cv9uNDZfGmwBFu4gFbgFrazthaSNLieR_FPx7aBcs_iedwsyBFq7vRntAPu24nv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDkzWUMyWkctMTktMkRPWA==&google_push=AZmPxg9lfuGcz9U96MuYiVx1DOsbizSLzRB37Cv9uNDZfGmwBFu4gFbgFrazthaSNLieR_FPx7aBcs_iedwsyBFq7vRntAPu24nv

Request Chain 192

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMUEuzIHsKFATVeFWvDA9zU&google_cver=1&google_push=AZmPxg_KR7kNfg4bRIdsIzL2scCDt8B5mjHL_hu0s3vRhqr4aMHtpTQ5e9lMClWQh28BaoFSObjRSEm60y8mgqyHj7l9J3VTn3HU HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEMUEuzIHsKFATVeFWvDA9zU&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg_KR7kNfg4bRIdsIzL2scCDt8B5mjHL_hu0s3vRhqr4aMHtpTQ5e9lMClWQh28BaoFSObjRSEm60y8mgqyHj7l9J3VTn3HU

Request Chain 194

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEI0tiVXbQZAEhuXDbKgSpCE&google_cver=1&google_push=AZmPxg9nOTbZCFE4iumi5PKgL7HuLM4qIcH87Y9K6CrnN1_yYAw_R6IwlyKspja9Qulb9PsKJkBI21p23kEdgbjI-PUrLu5mckg HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg9nOTbZCFE4iumi5PKgL7HuLM4qIcH87Y9K6CrnN1_yYAw_R6IwlyKspja9Qulb9PsKJkBI21p23kEdgbjI-PUrLu5mckg&google_hm=x9FpPMN7GwNUoVWYGus0TQ

Request Chain 195

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg9v70n6A3-FmigZpox9rdXT4nVUU7_W2gqPOdXfBJiHV2w8M9KYl908tBhGz-xb1tni5QkFP10n5iTefizin7Vq8DoIi4I&google_gid=CAESEHfKc0kdkQhEagBBHYZFRNE&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg9v70n6A3-FmigZpox9rdXT4nVUU7_W2gqPOdXfBJiHV2w8M9KYl908tBhGz-xb1tni5QkFP10n5iTefizin7Vq8DoIi4I&google_gid=CAESEHfKc0kdkQhEagBBHYZFRNE&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMTEwODM5MTYwMDA1MTkzOTgwNjE0OA%3D%3D&google_push=AZmPxg9v70n6A3-FmigZpox9rdXT4nVUU7_W2gqPOdXfBJiHV2w8M9KYl908tBhGz-xb1tni5QkFP10n5iTefizin7Vq8DoIi4I

Request Chain 198

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJD0pNGo48K3TZHo1N43aIU&google_cver=1&google_push=AZmPxg9WRDjtljXR5aqGmELYW0HdX4TF0q4D0Ncu6rmoB7zY8E2uYtTUvWc95E_p0xligGvvkbTBA6e7IArPdqkuO9VDEQIgDA HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJD0pNGo48K3TZHo1N43aIU&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg9WRDjtljXR5aqGmELYW0HdX4TF0q4D0Ncu6rmoB7zY8E2uYtTUvWc95E_p0xligGvvkbTBA6e7IArPdqkuO9VDEQIgDA

219 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.travelbyus.org/
Redirect Chain

http://travelbyus.org/
https://travelbyus.org/
https://www.travelbyus.org/

53 KB
16 KB

1032ms
479ms

Document
text/html

50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: e8364100f848675f4baf850e36f62407e681d563534c6c212e9852e32875a512

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 16518
content-type: text/html; charset=UTF-8
date: Tue, 11 Oct 2022 08:39:12 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
link: <https://www.travelbyus.org/wp-json/>; rel="https://api.w.org/"
referrer-policy: no-referrer-when-downgrade
server: Apache
vary: Accept-Encoding
x-server-cache: false

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 11 Oct 2022 08:39:11 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
location: https://www.travelbyus.org/
referrer-policy: no-referrer-when-downgrade
server: Apache
x-redirect-by: WordPress
x-server-cache: false

GET
H2 200 shareaholic.js Show response
cdn.shareaholic.net/assets/pub/ 10 KB
5 KB 39ms
10ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 53c311faa86a6220eedcc8ca4329e87c2b28f84a47f0b41f9c04937790ae93ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
last-modified: Mon, 03 Oct 2022 22:06:54 GMT
server: nginx
x-amz-request-id: K87N5EG892W3A30P
etag: "c3860fcea29c634ad082b216015eaa52"
x-hw: 1665477553.cds165.fr8.hn,1665477553.cds285.fr8.c
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=1200, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
content-length: 4286
x-amz-id-2: SRsVLrZJkEYb+K+U6HYZEII1FkjnMJ9k8qD0boJ9jURJLeILCiFoXghtpoeObRaXGloUbVlJ3QA=

GET
H2 200 style.min.css
www.travelbyus.org/wp-includes/css/dist/block-library/ 53 KB
10 KB 427ms
423ms Stylesheet
text/css 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-includes/css/dist/block-library/style.min.css?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 15 Sep 2020 05:16:29 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 10450

GET
H2 200 style.css
www.travelbyus.org/wp-content/themes/asteria-lite/ 38 KB
12 KB 426ms
422ms Stylesheet
text/css 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/style.css?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: aa6e97fd276690e8d93d1f41c9e1e84239991606ffef007c8e7f629c9342f04b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:27 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 12673

GET
H2 200 fancybox.css
www.travelbyus.org/wp-content/themes/asteria-lite/css/ 9 KB
2 KB 162ms
159ms Stylesheet
text/css 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/css/fancybox.css?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: b11c92bffb3352451105557f7e8a0a0400784e694868f9f31686abcb8cf44a61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:27 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 2056

GET
H2 200 yanone_kaffeesatz.css
www.travelbyus.org/wp-content/themes/asteria-lite/fonts/ 1 KB
558 B 161ms
158ms Stylesheet
text/css 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/yanone_kaffeesatz.css?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 009b278e570d00e6e01fab77d1ab77c7d3e3db56f37df4f12be3553795365383

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:23 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 524

GET
H2 200 opensans-light.css
www.travelbyus.org/wp-content/themes/asteria-lite/fonts/ 617 B
254 B 162ms
159ms Stylesheet
text/css 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/opensans-light.css?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 40a756ab79660a4c284c427c7a096c2d295c3d5f3d4197880d7a9bc6b5a0337c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:23 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 221

GET
H2 200 font-awesome.css
www.travelbyus.org/wp-content/themes/asteria-lite/fonts/ 25 KB
5 KB 159ms
157ms Stylesheet
text/css 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/font-awesome.css?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 6b843e790da6cd0382ce651f782236f3fe68e99b1523c4fbafb2542dffff444c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:23 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 5269

GET
H2 200 jquery.js Show response
www.travelbyus.org/wp-includes/js/jquery/ 95 KB
42 KB 303ms
301ms Script
application/javascript 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 15 Sep 2020 05:16:29 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==

GET
H2 200 asteria.js Show response
www.travelbyus.org/wp-content/themes/asteria-lite/ 9 KB
3 KB 157ms
155ms Script
application/javascript 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/asteria.js?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: f2f8a098577ad0b23587ad26722d70ca485df960249529a699596e73bd57a887

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:27 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 2999

GET
H2 200 other.js Show response
www.travelbyus.org/wp-content/themes/asteria-lite/js/ 48 KB
19 KB 280ms
278ms Script
application/javascript 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/js/other.js?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 54654b26dee9bc46545c79f816398b7f73548fddb4676f490d2589972ed9f2d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:27 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==

GET
H2 200 gallery.js Show response
www.travelbyus.org/wp-content/themes/asteria-lite/js/ 5 KB
2 KB 158ms
156ms Script
application/javascript 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/js/gallery.js?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 1b7fe1e319d40ecfb9a0799820d08c770dfe754484e9d315bc60e62da4c4285e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:27 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1749

GET
H2 200 fancybox.js Show response
www.travelbyus.org/wp-content/themes/asteria-lite/js/ 16 KB
7 KB 447ms
445ms Script
application/javascript 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/js/fancybox.js?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 5e3f33cd72859c5ead67ebdf528c65772430b0ba181cb711e56f45c6f92cf02c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:27 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 7129

GET
H2 200 jquery.nivo.js Show response
www.travelbyus.org/wp-content/themes/asteria-lite/js/ 12 KB
4 KB 446ms
444ms Script
application/javascript 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/js/jquery.nivo.js?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: e1684fc4ce4e99adbe5d9f0a4eb19ce2c54116da8b0f9224cdc94d33988aa387

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:27 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 3876

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 192 KB
43 KB 40ms
9ms Script
text/javascript 13.32.99.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: www.travelbyus.org
URL: https://www.travelbyus.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.51 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-51.fra60.r.cloudfront.net

Software

Resource Hash

700ad5e597681fb45dfc74f05206ad9c2229a6c710c45b413842ddfe03ce4d50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:36:32 GMT
content-encoding: gzip
via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P3
age: 161
etag: W/"3011a-1tH8M8TNdKB39qADlCdHeiBv0FM"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-cache: Hit from cloudfront
x-amz-cf-id: TxtxaqItBgGZrQ8uX2qIfuN1CL5FdWm-BufHGgydwlfv55SOedQiLw==

GET
H2 200 css
fonts.googleapis.com/ 398 B
820 B 59ms
22ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cinzel+Decorative&subset=latin&v=1600075249

Requested by

Host: www.travelbyus.org
URL: https://www.travelbyus.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8586a8a48d83c458b675c80aa94fbba3fe2b9f0c12c0097ea39bc345df72f8e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 08:34:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Oct 2022 08:39:13 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 163 KB
54 KB 90ms
53ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.travelbyus.org
URL: https://www.travelbyus.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7554aeaf6cfc15e3a2543339793d56fcff66ce5f29e12326908d1e97b168293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54628
x-xss-protection: 0
server: cafe
etag: 2579696252461169791
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 11 Oct 2022 08:39:13 GMT

GET
H2 200 26224244_883195225180423_873079092210040832_n.jpg
www.travelbyus.org/wp-content/uploads/2018/11/ 127 KB
128 KB 312ms
310ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2018/11/26224244_883195225180423_873079092210040832_n.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 5a33560046d69b6b549de44dc633e2f8b0793de157f276274d4e6f33f9f40dc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 11 Nov 2018 12:01:40 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 130073

GET
H2 200 yogin.jpg
www.travelbyus.org/wp-content/uploads/2018/08/ 134 KB
135 KB 157ms
155ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2018/08/yogin.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: d002def30698d66db2949953d802719e7d0863c21c8dd843cea93022d74e372f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 08 Aug 2018 16:05:16 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 137530

GET
H2 200 21480553_469261286779666_3737162653269753856_n.jpg
www.travelbyus.org/wp-content/uploads/2018/08/ 164 KB
165 KB 163ms
160ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2018/08/21480553_469261286779666_3737162653269753856_n.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 511e6af99a30aab5799f1beafd5b8ad415cbfc278a9e2beb2d75a1ed02d91f12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 07 Aug 2018 14:37:52 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 167873

GET
H2 200 First-Trip-Together.jpg
www.travelbyus.org/wp-content/uploads/2017/10/ 79 KB
79 KB 310ms
307ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2017/10/First-Trip-Together.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 317604f0095ebb05fdc3811bb662d4ca40326bac093888dc247f0e6f069b6694

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Oct 2017 17:05:22 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 80697

GET
H2 200 Yoga-in-Delhi.jpg
www.travelbyus.org/wp-content/uploads/2019/10/ 87 KB
88 KB 310ms
308ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2019/10/Yoga-in-Delhi.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 640ad6ed3481eca92012da83afcec7fbb0faac1e653a70ee2fd87547e096bed3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 01 Oct 2019 18:11:43 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 89003

GET
H2 200 41470917_686307578417241_2699752487451695167_n.jpg
www.travelbyus.org/wp-content/uploads/2018/11/ 110 KB
110 KB 153ms
152ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2018/11/41470917_686307578417241_2699752487451695167_n.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 7bdf89237caff78415d2c19c63e614baa3073656be47128638615d66ce9b1d34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 11 Nov 2018 11:56:31 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 112181

GET
H2 200 turtle-island-150x150.jpg
www.travelbyus.org/wp-content/uploads/2013/11/ 9 KB
9 KB 293ms
293ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2013/11/turtle-island-150x150.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: a6888f85540f3bff0e822ddc943cd4fb7531e7cbc52ae28a1b38e78eac297e81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 21 Nov 2013 08:31:47 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 9165

GET
H2 200 1-150x150.jpg
www.travelbyus.org/wp-content/uploads/2014/02/ 9 KB
9 KB 293ms
293ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2014/02/1-150x150.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: bef00c3c204b60796965a6b658035743262790e8a222ca3e52020e5c49718390

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 28 Feb 2014 07:42:21 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 8709

GET
H2 200 vacations-trips-to-vietnam-1-150x150.jpg
www.travelbyus.org/wp-content/uploads/2013/12/ 11 KB
11 KB 294ms
294ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2013/12/vacations-trips-to-vietnam-1-150x150.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: fa59b5e1e5bc5364f8b99ec1ac55499b23f29c56a976fb760da6c7dc45fffac2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 02 Dec 2013 16:35:40 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 11273

GET
H2 200 Whisky-Tasting-150x150.jpg
www.travelbyus.org/wp-content/uploads/2013/12/ 10 KB
10 KB 294ms
293ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2013/12/Whisky-Tasting-150x150.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 9501b9f2b34f5e8b12ae0a1c043e08dd25b8c414cc72eb2d29b66bf7b7335fd6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 07 Dec 2013 04:30:14 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 10380

GET
H2 200 wp-emoji-release.min.js Show response
www.travelbyus.org/wp-includes/js/ 14 KB
5 KB 157ms
157ms Script
application/javascript 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-includes/js/wp-emoji-release.min.js?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 16 Apr 2021 00:13:19 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4942

GET
H2 200 wp-embed.min.js Show response
www.travelbyus.org/wp-includes/js/ 1 KB
834 B 156ms
156ms Script
application/javascript 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-includes/js/wp-embed.min.js?ver=5.5.10
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 16 Apr 2021 00:13:19 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 777

GET
H2 200 5f6381133dd74500195ad4cf.js Show response
buttons-config.sharethis.com/js/ 30 B
448 B 453ms
423ms Script
text/javascript 2600:9000:223c:1c00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/5f6381133dd74500195ad4cf.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:1c00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:15 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 17 Sep 2020 15:30:28 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
etag: "e6e1643313740711175f51662a65b42f"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 30
x-amz-cf-id: 2Ge-noF0iy8mxoJAow9Og1C9FFl6BUV48yrDbrC4u7nVSpNTlF_j9Q==

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
405 B 43ms
9ms XHR
text/plain 3.122.76.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=www.travelbyus.org&location=%2F&product=ga&url=https%3A%2F%2Fwww.travelbyus.org%2F&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Submit%20Travel%20Guest%20Post%20-%20Travel%20News%2C%20Tips%20for%20Traveling%20-%20Travelbyus.org&cms=unknown&publisher=5f6381133dd74500195ad4cf&sop=true&version=st_sop.js&lang=en&description=Travelbyus.org%20is%20A%20Travel%20Blog%20sharing%20exciting%20travel%20stories%2C%20tips%2C%20and%20hints.%20About%20Travel%20Destination%2C%20Tour%20packages%2C%20Travel%20Tips%20%26%20Advice%2C%20Tourism%20Destinations%2C%20Tour%20%26%20travels%2C%20etc.

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.122.76.243 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-76-243.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Tue, 11 Oct 2022 08:39:13 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://www.travelbyus.org
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 analytics.js Show response
google-analytics.com/ 49 KB
20 KB 109ms
23ms Script
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: www.travelbyus.org
URL: https://www.travelbyus.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 11 Oct 2022 07:11:19 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 5274
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Tue, 11 Oct 2022 09:11:19 GMT

GET
H2 200 daaCSScvJGqLYhG8nNt8KPPswUAPni7TTMw.woff2
fonts.gstatic.com/s/cinzeldecorative/v14/ 14 KB
15 KB 50ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cinzeldecorative/v14/daaCSScvJGqLYhG8nNt8KPPswUAPni7TTMw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cinzel+Decorative&subset=latin&v=1600075249

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97d28bf5a628c4f0305a6f837e85d5ae7dbf44485f04d2a4cada8d7810c9bb03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.travelbyus.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 20:42:38 GMT
x-content-type-options: nosniff
age: 388595
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14416
x-xss-protection: 0
last-modified: Thu, 21 Apr 2022 16:56:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 20:42:38 GMT

GET
H2 200 yanonekaffeesatz-extralight-webfont.woff
www.travelbyus.org/wp-content/themes/asteria-lite/fonts/yanone_kaffeesatz/ 29 KB
29 KB 158ms
158ms Font
font/woff 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/yanone_kaffeesatz/yanonekaffeesatz-extralight-webfont.woff
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/yanone_kaffeesatz.css?ver=5.5.10
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 65e9cf20d1d0bf0d990df885c9e4314cea1b2717c618be3984a112d0cab170ac

Request headers

Referer: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/yanone_kaffeesatz.css?ver=5.5.10
Origin: https://www.travelbyus.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:23 GMT
server: Apache
content-type: font/woff
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 29528

GET
H2 200 opensans-light-webfont.woff
www.travelbyus.org/wp-content/themes/asteria-lite/fonts/opensans-light/ 22 KB
23 KB 159ms
158ms Font
font/woff 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/opensans-light/opensans-light-webfont.woff
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/opensans-light.css?ver=5.5.10
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: e27485b98b56c6d269125bd994acdb67c1c796126d919d33adb2e013b723b59a

Request headers

Referer: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/opensans-light.css?ver=5.5.10
Origin: https://www.travelbyus.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:23 GMT
server: Apache
content-type: font/woff
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 22880

GET
H2 200 main.js Show response
m9m6e2w5.stackpathcdn.com/v2/d1d50b0d/ 148 KB
41 KB 36ms
11ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/d1d50b0d/main.js
Requested by: Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 0419e69120a1482daf1f15c02e3f33243fdb086d90cbb69d3bab8aa4de064056

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
content-encoding: gzip
last-modified: Mon, 03 Oct 2022 22:06:50 GMT
server: nginx
x-amz-request-id: K87QD2K8DXHZWH5P
etag: "cdf3dea93c7b2a9f7a21e20e85edc782"
x-hw: 1665477553.cds010.fr8.hn,1665477553.cds228.fr8.c
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
content-length: 41827
x-amz-id-2: GTUlIra7KWNBKe1Yl5neNCwH6a9gfP8X2Uu3AKXKMFbKc0/VLejwjV/nMHwRHok7L7gVAFqKONU=

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 33ms
9ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.travelbyus.org
URL: https://www.travelbyus.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f267fee8cfbb8bcb0b5504290fec9b97e96ca840c139a637411f696cac6099b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 11 Oct 2022 08:39:13 GMT
content-md5: xxBLJlGyjPboJBXR3EVSvA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: 5REe/TSwLg/6bpM4NFkyP2IPqrp/lxHIoxcHSNkROg2rxWgBYAnlJt9uCSwYwac6iNnqGEu1b/F7LXJMQxcSew==
x-fb-trip-id: 917726464
x-fb-content-md5: c7ec1f1f6460973d28343a6881c37679
cross-origin-opener-policy: same-origin-allow-popups
etag: "6b84c9931c189ca91d9b548d35b98219"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Tue, 11 Oct 2022 08:58:07 GMT

GET
H2 200 lay_hover.png
www.travelbyus.org/wp-content/themes/asteria-lite/images/ 938 B
1001 B 155ms
155ms Image
image/png 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/images/lay_hover.png
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/style.css?ver=5.5.10
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: fed01ce1153a0e18e5af37771b7c26b652794d68439456dcf4779c1ddae6e363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/wp-content/themes/asteria-lite/style.css?ver=5.5.10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:24 GMT
server: Apache
content-type: image/png
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 938

GET
H2 200 fontawesome-webfont.woff
www.travelbyus.org/wp-content/themes/asteria-lite/fonts/fontawesome/ 43 KB
44 KB 298ms
297ms Font
font/woff 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/fontawesome/fontawesome-webfont.woff
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/font-awesome.css?ver=5.5.10
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer: https://www.travelbyus.org/wp-content/themes/asteria-lite/fonts/font-awesome.css?ver=5.5.10
Origin: https://www.travelbyus.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:23 GMT
server: Apache
content-type: font/woff
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 44432

GET
H2 200 mds-387x260.jpeg
www.travelbyus.org/wp-content/uploads/2022/03/ 18 KB
19 KB 210ms
210ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2022/03/mds-387x260.jpeg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 59e80f5a3957be2f81d0870579cb9a56c3ccadfdf9e47527efd7498c9b2eed05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Mar 2022 10:19:19 GMT
server: Apache
x-server-cache: false
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 18885

GET
H2 200 Star-Ferry-Ride-in-Hong-Kong-387x260.jpg
www.travelbyus.org/wp-content/uploads/2022/02/ 26 KB
27 KB 156ms
156ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2022/02/Star-Ferry-Ride-in-Hong-Kong-387x260.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 7916bf0f2c745446bffc819162a8d1e0ee26faf024520464359e26eb16c4b0c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 08 Feb 2022 11:41:50 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 26956

GET
H2 200 Reasons-for-Opting-Ready-To-Eat-Meals-While-Travelling-387x260.jpg
www.travelbyus.org/wp-content/uploads/2021/11/ 31 KB
32 KB 162ms
160ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2021/11/Reasons-for-Opting-Ready-To-Eat-Meals-While-Travelling-387x260.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 484caa5be3cc57262d16ef6714a06534618544120afa24f9d1bd649a9339890b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 17 Nov 2021 11:20:54 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 32086

GET
H2 200 32285055_434309613648004_5504382232027987968_n-387x260.jpg
www.travelbyus.org/wp-content/uploads/2018/11/ 20 KB
20 KB 155ms
154ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2018/11/32285055_434309613648004_5504382232027987968_n-387x260.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 5f45e2a223cabc1ddc4525a4045614b25b9d27f8e9410df276bec1443857eb30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 11 Nov 2018 11:56:11 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 20426

GET
H2 200 Siem-Reap-Night-Market-387x260.jpg
www.travelbyus.org/wp-content/uploads/2020/09/ 58 KB
58 KB 157ms
157ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2020/09/Siem-Reap-Night-Market-387x260.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: b41196b36f282a09b3b6ed74fdb916ccdeb3659130f326da05c27a4f3655aeaf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Sep 2020 06:40:55 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 59524

GET
H2 200 Paris-387x260.jpg
www.travelbyus.org/wp-content/uploads/2017/10/ 24 KB
24 KB 156ms
155ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2017/10/Paris-387x260.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: dcf03499320107fb184b7713b0dd262e2b8117122c4a39823921dc206f3813cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 10 Oct 2017 06:21:54 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 24459

GET
H2 200 What-Needs-To-Be-Taken-Care-of-When-You-Go-Hunting-387x260.jpg
www.travelbyus.org/wp-content/uploads/2021/11/ 34 KB
34 KB 156ms
155ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2021/11/What-Needs-To-Be-Taken-Care-of-When-You-Go-Hunting-387x260.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 3bc6d9198de7f893a58a9b6f87c6267bc99ac181d8ffea9f78203d4b56273b60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 12 Nov 2021 12:51:06 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 34447

GET
H2 200 road-trip-387x260.png
www.travelbyus.org/wp-content/uploads/2021/11/ 87 KB
87 KB 156ms
156ms Image
image/png 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2021/11/road-trip-387x260.png
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 62fae6814e2fac139576dbeae2d666c23815d762200c3b4150302169dfaaac6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 10 Nov 2021 11:53:40 GMT
server: Apache
content-type: image/png
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 89136

GET
H2 200 Travel-Themed-Christmas-Ornaments-387x260.jpg
www.travelbyus.org/wp-content/uploads/2021/11/ 24 KB
24 KB 155ms
155ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2021/11/Travel-Themed-Christmas-Ornaments-387x260.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 516ce076817af45ee1038ea3aaf146aa50577cab7f390b88b44a90c5e8a986d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 10 Nov 2021 11:50:45 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 24971

GET
H2 200 ffeac143b02993b812183f1e4884598b.json Show response
www.shareaholic.net/config/ 8 KB
2 KB 306ms
96ms XHR
application/json 184.73.100.94
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.shareaholic.net/config/ffeac143b02993b812183f1e4884598b.json
Requested by: Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.73.100.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-73-100-94.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cbd1a9f141a955bfd24dd0826c1aad186d848d4fa6735f4a784f825f2a2ed61b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-client-geo-country: DE,Deutschland
date: Mon, 10 Oct 2022 15:02:01 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0)
x-client-geo-metrocode
content-length: 1486
x-client-geo-region: HE,Hessen
server: nginx
etag: W/"cbd1a9f141a955bfd24dd0826c1aad18"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
x-varnish: 467962075 452647136
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Etag, Access-Control-Allow-Origin, x-client-geo-latlong, x-client-geo-country, x-client-geo-city, x-client-geo-zip, x-client-geo-region, x-client-geo-metrocode
cache-control: max-age=3, public, must-revalidate
x-client-geo-city: Butzbach
x-client-geo-zip: 35510
access-control-max-age: 2000
accept-ranges: bytes
access-control-allow-headers: *
x-client-geo-latlong: 50.425800,8.672300

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 302 KB
85 KB 18ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=a9de931dfc6ffcc2489ae66392ffbf24

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

324079ec3c1b7edbae53b7e8a43ec28776792944b479f7df68a565814c56311f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.travelbyus.org/
Origin: https://www.travelbyus.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 11 Oct 2022 08:39:13 GMT
content-md5: jYhHsDeHskgM8o1oNdhalQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86788
x-fb-rlafr: 0
x-fb-debug: el08aTou4wAXi1ym5jfgBZ6vXsaGeFkjgnWmtbjo7tjCDvR3WnkWFqv9AFF2TVakIC3DZrcwuYEqE52z027Icg==
x-fb-content-md5: edb1ceb80037b7ab1288f3698892e0e9
cross-origin-opener-policy: same-origin-allow-popups
etag: "f29d25d3822ea0163448720d3e50c6a7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 11 Oct 2023 01:57:44 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210050101/ 352 KB
116 KB 95ms
64ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2926736915306400&plah=www.travelbyus.org&bust=31070209

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f20335708045c8758cc33cfee8c35e10627592a5139bda813ad06830502201c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118401
x-xss-protection: 0
server: cafe
etag: 9167177390302343926
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 11 Oct 2022 08:39:14 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221005/r20190131/ Frame 81A3 10 KB
5 KB 50ms
14ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221005/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 19281
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 03:17:53 GMT
etag: 9671129459699598864
expires: Tue, 25 Oct 2022 03:17:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
409 B 93ms
25ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1540767316&t=pageview&_s=1&dl=https%3A%2F%2Fwww.travelbyus.org%2F&ul=en-us&de=UTF-8&dt=Submit%20Travel%20Guest%20Post%20-%20Travel%20News%2C%20Tips%20for%20Traveling%20-%20Travelbyus.org&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1065902567&gjid=1029734834&cid=1647092186.1665477554&tid=UA-43276003-1&_gid=327054424.1665477554&_r=1&_slc=1&z=1219736165

Requested by

Host: google-analytics.com
URL: https://google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.travelbyus.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.travelbyus.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 e
analytics.shareaholic.com/ 43 B
383 B 301ms
98ms Ping
image/gif 35.174.112.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.shareaholic.com/e

Requested by

Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/d1d50b0d/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.174.112.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-174-112-146.compute-1.amazonaws.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Content-Security-Policy	referrer always

Request headers

Referer: https://www.travelbyus.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:14 GMT
content-security-policy: referrer always
vary: Origin
content-type: image/gif
access-control-allow-origin: https://www.travelbyus.org
p3p: CP="OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
referer-policy: unsafe-url
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 like_box.php Show response
www.facebook.com/plugins/ Frame 1438 43 KB
16 KB 249ms
224ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa2601afd4963%26domain%3Dwww.travelbyus.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.travelbyus.org%252Ff5ed0880af7b7%26relation%3Dparent.parent&color_scheme=light&container_width=280&header=true&href=https%3A%2F%2Fwww.facebook.com%2FTravelByUs.org&locale=en_GB&sdk=joey&show_border=true&show_faces=true&stream=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js?hash=a9de931dfc6ffcc2489ae66392ffbf24

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

851b1ba17f2457cf226e2fc4f461542436d723f6436c8be64624cc42e81ad1c0

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Tue, 11 Oct 2022 08:39:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 8cr49DBhCQwPG7Mke/ohKxod+NH8gYbqjapuOlILCyZ+nbzdl7JCThuYsaKeuocCnC/EDRFErAxMWxuNtBHghA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 218 B
648 B 84ms
24ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.travelbyus.org&callback=_gfp_s_&client=ca-pub-2926736915306400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2926736915306400&plah=www.travelbyus.org&bust=31070209

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

e7da4841b631f18b890fd0f6862b2b21ab89e519c425fc0f3a3a3873791cc51d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 61ms
24ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.travelbyus.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 61ms
24ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.travelbyus.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3C0D 243 KB
57 KB 825ms
794ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&adk=1812271804&adf=3025194257&lmt=1665477554&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.travelbyus.org%2F&ea=0&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477553984&bpp=9&bdt=601&idt=149&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5380283916519&frm=20&pv=2&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=172

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dabdc4a34886087b602a5261f63e7bf73b1f0d5419eb3c6e77f525eee88779e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 58299
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:14 GMT
expires: Tue, 11 Oct 2022 08:39:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3A6D 109 KB
40 KB 1275ms
1259ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1739562190&adf=721852255&pi=t.aa~a.356315161~rp.1&w=338&fwrn=4&fwrnh=100&lmt=1665477554&rafmt=1&to=qs&pwprc=9457725174&format=338x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477553993&bpp=2&bdt=609&idt=170&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=192&ady=57&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=svDUEFSzsz&p=https%3A//www.travelbyus.org&dtd=179

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e82c6cef5d3adbe9505e301f70831d7813c26d06468639f0dd009346830acc70

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJWegbDj1_oCFVWPsgody9wJZA&gqi=sitFY6ymDNXAkdUPpcyJ8Aw&layout=/sadbundle/%24csp%253Der3%24/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 41143
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJWegbDj1_oCFVWPsgody9wJZA&gqi=sitFY6ymDNXAkdUPpcyJ8Aw&layout=/sadbundle/%24csp%253Der3%24/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:15 GMT
expires: Tue, 11 Oct 2022 08:39:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 affiliatelinks.js Show response
m9m6e2w5.stackpathcdn.com/v2/d1d50b0d/ 997 B
818 B 13ms
10ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/d1d50b0d/affiliatelinks.js
Requested by: Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 4d071d69e25eb8288369459a7fa77275fd654bc22f4965e50ca2e95fe63931c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: gzip
last-modified: Mon, 03 Oct 2022 22:06:49 GMT
server: nginx
x-amz-request-id: K87VC06DGHCKNQT7
etag: "99e5164c1e3f1deebc20ff6fd1e5eae7"
x-hw: 1665477554.cds010.fr8.hn,1665477554.cds265.fr8.c
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
content-length: 591
x-amz-id-2: RBTzmJmcdV1APNiiurOVLbi8EEOV5P7LAZAtqNa7v89QrKbMNztaSr82C8K8q1qxD0XmFAugFQU=

GET
H2 200 anchorad.js Show response
m9m6e2w5.stackpathcdn.com/v2/d1d50b0d/ 5 KB
3 KB 14ms
11ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/d1d50b0d/anchorad.js
Requested by: Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 1d2edfe4b9da6657460275a1e6ed9d7e114848f0b531ff229774a2dc92a60faf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: gzip
last-modified: Mon, 03 Oct 2022 22:06:49 GMT
server: nginx
x-amz-request-id: MF7WXG350QVP03JY
etag: "6b55e8bbf14ff4a3e432401e0755c778"
x-hw: 1665477554.cds010.fr8.hn,1665477554.cds270.fr8.c
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
content-length: 2514
x-amz-id-2: eX1rAL4tDy6GjcJsUdjPWdqmhby1fTtsEA4KZy9F4/hwPDRXK5FliBuxRBq462oaf8blGcl41fA=

GET
H2 200 partners.js Show response
partner.shareaholic.com/ 0
265 B 301ms
108ms Script
application/javascript 107.20.140.231
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fwww.travelbyus.org%2F&cl=en-US&id_sync=fd95677a-930c-4300-97e4-69a842f11fc2&pvs=1&site=ffeac143b02993b812183f1e4884598b
Requested by: Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/d1d50b0d/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.20.140.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-20-140-231.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:14 GMT
vary: Accept-Encoding, User-Agent
p3p: CP='OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC'
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 vglnk.js Show response
cdn.viglink.com/api/ 81 KB
28 KB 47ms
27ms Script
text/javascript 2606:4700::6810:a40d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viglink.com/api/vglnk.js
Requested by: Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/d1d50b0d/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: RZWQVMRQFAHJGJS1
age: 1593207
content-length: 28567
x-amz-id-2: h6gvxno4yca7UKTaQD21Mo3sJqUI+Tz4ZtFip/J96Vi4pQn6pherJuWOY3VJ7dmbeb0gs3009jo=
last-modified: Wed, 02 Dec 2020 18:57:12 GMT
server: cloudflare
etag: "072eaf64a771815874455704fca9301b"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 758648ba0b71927f-FRA
expires: Tue, 18 Oct 2022 08:39:14 GMT

POST
H/1.1 200
OK ping Show response
api.viglink.com/api/ 233 B
684 B 153ms
57ms XHR
text/javascript 34.248.7.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/ping
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.7.88 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-7-88.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: acd5c1b3bf98d1b9232de006d8296be7561a2a7e49a21fcecb92982023efc921

Request headers

Referer: https://www.travelbyus.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Tue, 11 Oct 2022 08:39:13 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.travelbyus.org
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 233
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 Dg-zvGCDr50.css
static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/ Frame 1438 19 KB
5 KB 30ms
9ms Stylesheet
text/css 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/Dg-zvGCDr50.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa2601afd4963%26domain%3Dwww.travelbyus.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.travelbyus.org%252Ff5ed0880af7b7%26relation%3Dparent.parent&color_scheme=light&container_width=280&header=true&href=https%3A%2F%2Fwww.facebook.com%2FTravelByUs.org&locale=en_GB&sdk=joey&show_border=true&show_faces=true&stream=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

16aa6fa9cafd57e49fdc06346467d51a96cd4852d0a40dd7a29785ed62a9a23d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: DtHBJj7lYovCW0pvzIZHsg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 4957
x-fb-rlafr: 0
x-fb-debug: 2dDtuRcd97cve7G01x0TTz4gRyCYoE3i6E6mZ3M/okLtVIg1nt+hjUjUX3P0ieSxJIfzrGbbusq6tG4FfxP5kw==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Tue, 10 Oct 2023 15:08:50 GMT

GET
H2 200 5d4eZbVHxAY.css
static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/ Frame 1438 2 KB
1021 B 30ms
9ms Stylesheet
text/css 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/5d4eZbVHxAY.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

239a83f36e0eb1c181c4ec174b9a05ce02b44afc5685aa3dc828aa581ea3d7a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: qp62alFG777So/ro/wbkaA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 829
x-fb-rlafr: 0
x-fb-debug: vSjYciL2qABDsh1QHF0cHcJxUaOkjAL01NN70G+Z5cFdyGD175dQFMO+QqIxrGDYq5k0dWXcRNnduEH7wmWJLA==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 05 Oct 2023 15:32:30 GMT

GET
H2 200 Po6DZYgATVU.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ Frame 1438 322 KB
87 KB 30ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/Po6DZYgATVU.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4889509b33a1f28a706f744883f0dbbc6a07df7df4ab6298d89665a5614f4aba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: S8+GVWFpgfgRVt/D5tI75w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 88915
x-fb-rlafr: 0
x-fb-debug: 78bzOK+SxXECeaen8wYrAPiObhuUhWK8Osupqhn/NiLg3vVNBdmoHnOSlIQ+06sxe9KfB6/fdBLyDyCffm7FSg==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Wed, 11 Oct 2023 00:33:10 GMT

GET
H2 200 iiDbYMCPtB3.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yi/r/ Frame 1438 5 KB
2 KB 30ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4c01bda88c70f4508fe21057233d32a63b91052cac425a9027a1f930866d4e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: Uz/0UZ4sf3f6xy7wRFf48w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1657
x-fb-rlafr: 0
x-fb-debug: pF6EwBrotHVthVuyUeJQ5W2qLrPAmpvOMOXuTC0TEzuAF9hpvi/A+ng7t8YNIy4q4pYTVVBD9lcKOgj7FUjnUQ==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sun, 08 Oct 2023 20:15:36 GMT

GET
H2 200 WOLN5pzG8JN.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yh/r/ Frame 1438 38 KB
12 KB 31ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/WOLN5pzG8JN.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cebc7a80f5ac30f4c8c7e298fe437356fb12ea8a2d639fb0945e985969ca90ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 7yLS2P1qnNtFYRYaR3NAgQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 12270
x-fb-rlafr: 0
x-fb-debug: X/R2iFn7gBoXxWlj8vS5vxsHRW6Xs3O0fh5FW+NFNJeJgg2egMdgag5aU6Z/VgjnYaLZVrO/FaXSq14Qa+H6xg==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 04 Oct 2023 07:24:22 GMT

GET
H2 200 q6VzhXzzuec.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yU/r/ Frame 1438 51 KB
16 KB 50ms
30ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/q6VzhXzzuec.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4ba8f26f2981d7e02030eaff9c6869eedd2de20e9d261dae7bcb8535f84d7b50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: vtbxyXN1YCqPhJgBCTQobw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 16189
x-fb-rlafr: 0
x-fb-debug: YXh7IXH3eyO2Oz2RCR0sZZeCiyTQW5FUORw30p6ThoBv4MO9UzNDGt5lhcGu4YE41k/D6PfibFu7W8pGltmEfQ==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 30 Sep 2023 02:46:31 GMT

GET
H2 200 5_SUQAbK5E-.js Show response
static.xx.fbcdn.net/rsrc.php/v3i7244/y1/l/en_GB/ Frame 1438 83 KB
23 KB 50ms
30ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i7244/y1/l/en_GB/5_SUQAbK5E-.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9f24f87a718cb69c45930f92e1e798a476707ace487372ce9cbf0ef26ea98554

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: hmjAGgUQiRUrq2iZuFv6oQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 23343
x-fb-rlafr: 0
x-fb-debug: y+Wxoyf4hjs2DBZp5eUkSp2zmt2hKpITY7UwDdNNM7Gf49G1uii05hTgOlTDS63MD1nFOR/w5O4ndX5voqKnaQ==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 07 Oct 2023 17:37:37 GMT

GET
H2 200 1475968_661651320540728_1640621910_n.jpg
scontent.xx.fbcdn.net/v/t1.18169-9/ Frame 1438 16 KB
17 KB 173ms
172ms Image
image/jpeg 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.xx.fbcdn.net/v/t1.18169-9/1475968_661651320540728_1640621910_n.jpg?stp=dst-jpg_p206x206&_nc_cat=104&ccb=1-7&_nc_sid=dd9801&_nc_ohc=sAVoge_0hVEAX8tmv0c&_nc_ht=scontent.xx&edm=ANSO7JkEAAAA&oh=00_AT9OpDY1MW1k2XPYfuHh1uQUTEv64tY22tco4_EkvxXkIQ&oe=636A814C
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa2601afd4963%26domain%3Dwww.travelbyus.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.travelbyus.org%252Ff5ed0880af7b7%26relation%3Dparent.parent&color_scheme=light&container_width=280&header=true&href=https%3A%2F%2Fwww.facebook.com%2FTravelByUs.org&locale=en_GB&sdk=joey&show_border=true&show_faces=true&stream=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 64c42abcf10701e7b2173b9b910c8ddab09608920649fc5eec689d1e82ade9af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-haystack-needlechecksum: 1070336070
date: Tue, 11 Oct 2022 08:39:14 GMT
x-fb-trip-id: 917726464
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sun, 15 Dec 2013 12:52:31 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=1553315663
cache-control: max-age=1209600, no-transform
x-fb-edge-debug: tgrQBGENGcBivpcof5ZSl_4qC_rfl3GFUbd_BNj21-JyjFJR9amLkTBls-8VjfmFCGlaGMQOAtt33eKA605tqmUGlo9Ti1b0qyXaTvH5PqfDV5KVw2hFI9hiO64qIcq1
cross-origin-resource-policy: cross-origin
x-needle-checksum: 484919106
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 16549

GET
H2 200 1471772_661651083874085_1981385730_n.jpg
scontent.xx.fbcdn.net/v/t1.18169-1/ Frame 1438 2 KB
2 KB 176ms
175ms Image
image/jpeg 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.xx.fbcdn.net/v/t1.18169-1/1471772_661651083874085_1981385730_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=axjv_tDTj64AX-MNiGl&_nc_ht=scontent.xx&edm=ANSO7JkEAAAA&oh=00_AT8YgwRgkkk80yj240i4v_ThfSAmylBKcW9qUnRlmTbxEw&oe=63691F5D
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa2601afd4963%26domain%3Dwww.travelbyus.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.travelbyus.org%252Ff5ed0880af7b7%26relation%3Dparent.parent&color_scheme=light&container_width=280&header=true&href=https%3A%2F%2Fwww.facebook.com%2FTravelByUs.org&locale=en_GB&sdk=joey&show_border=true&show_faces=true&stream=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 1d247c32cff59d7e1b993acf23dd77bf2403032407402690722cce2096f62061

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-haystack-needlechecksum: 1591594595
date: Tue, 11 Oct 2022 08:39:14 GMT
x-fb-trip-id: 917726464
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sun, 15 Dec 2013 12:51:55 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=1210207606
cache-control: max-age=1209600, no-transform
x-fb-edge-debug: dRhAy2LQceBnVjR7qD96O0RtUQCBYokM-Za1Dp89pRsbn4Zmm2qfv4a5bAT-is47OR_KhuW_7B-Mb7wsNG22MKSMexxXf5lZddb4bOTmL05w25orgR-JBQSJIEi1h3_-
cross-origin-resource-policy: cross-origin
x-needle-checksum: 2238853052
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1725

GET
H2 200 nivo_nav.png
www.travelbyus.org/wp-content/themes/asteria-lite/images/ 1 KB
1 KB 152ms
152ms Image
image/png 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/images/nivo_nav.png
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/wp-content/themes/asteria-lite/style.css?ver=5.5.10
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 347f885243664d7fa4496861c399ab116f962252f50e3be2ac84d198fce5a8dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/wp-content/themes/asteria-lite/style.css?ver=5.5.10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Jun 2014 09:08:24 GMT
server: Apache
content-type: image/png
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1503

GET
H3 200 UXtr_j2Fwe-.png
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ Frame 1438 573 B
628 B 19ms
7ms Image
image/png 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/Dg-zvGCDr50.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yC/l/0,cross/Dg-zvGCDr50.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
x-content-type-options: nosniff
content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 573
x-fb-rlafr: 0
x-fb-debug: eqJ02I60kecGdrEMxBdIPfCMH+R/0qx715HoEZ7+BI0qSimr4DUZtde66tGQtp4FGGZqEg8z3eXh8pcMi4UdKA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 04 Oct 2023 00:50:13 GMT

GET
H3 200 1lYRIUv3fB9.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yV/r/ Frame 1438 22 KB
7 KB 9ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/1lYRIUv3fB9.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/Po6DZYgATVU.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

faf79cb9e29372a0c931d3c576f286c1ae40f22a5c24c089ab51e06685775660

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:14 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 5PIhxmQubFGcokYgJ6FXEg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 7237
x-fb-rlafr: 0
x-fb-debug: HXVt9TU0MRe0Z52hKhRt6/80UErcTdXn6/D42TP7d7hlqoWCQxplCyjtDI0udgEN25TTd4XzlCLmfhSYFe5rog==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Sat, 30 Sep 2023 02:46:31 GMT

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 41 B
491 B 33ms
33ms XHR
text/javascript 34.248.7.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.7.88 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-7-88.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 1f7239af6f4e76d246b38c8378f242924b661fee6ce090aba51efe94627d0f35

Request headers

Referer: https://www.travelbyus.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Tue, 11 Oct 2022 08:39:14 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.travelbyus.org
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 41
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210050101/ 151 KB
54 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210050101/reactive_library_fy2021.js?bust=31070209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7335c98517ed2d5b28367b1623ff2c13feb7d9a2caf553861a16c4979f951d9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55070
x-xss-protection: 0
server: cafe
etag: 13937315439521848423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 55ms
24ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.travelbyus.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 75ms
22ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.travelbyus.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3321 97 KB
34 KB 661ms
660ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=54949582&pi=t.aa~a.312431347~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=2&bdt=1651&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280&nras=3&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1536&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=YVJYtTLhlj&p=https%3A//www.travelbyus.org&dtd=19

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95bd0c050a629e681e22cf876333a2f6da63b48801c52fef52b97c119e3f2925

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 34466
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:15 GMT
expires: Tue, 11 Oct 2022 08:39:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 68A2 91 KB
33 KB 707ms
706ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3dec7344da876753f7e1c1d0af4015c999494f0ced1a011c33f6f1dc6de75bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 33935
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:15 GMT
expires: Tue, 11 Oct 2022 08:39:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B5EF 106 KB
34 KB 696ms
695ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=3777123250&adf=3651570137&pi=t.aa~a.1508228134~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=1&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280%2C1200x280&nras=5&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3058&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=F9QhB8yvrA&p=https%3A//www.travelbyus.org&dtd=28

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed6b42edcf89a2577ecd8c30bbc7e0616968538603945cd7c17ee8a49f28a0e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 34465
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:15 GMT
expires: Tue, 11 Oct 2022 08:39:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/ Frame 309A 10 KB
4 KB 20ms
14ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79559
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Oct 2022 10:33:16 GMT
etag: 9671129459699598864
expires: Mon, 24 Oct 2022 10:33:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/ Frame C1E3 10 KB
4 KB 19ms
15ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79559
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Oct 2022 10:33:16 GMT
etag: 9671129459699598864
expires: Mon, 24 Oct 2022 10:33:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 309A 4 KB
636 B 65ms
34ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 08:37:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 309A 205 B
742 B 81ms
17ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:16:13 GMT
x-content-type-options: nosniff
age: 1382
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 11 Oct 2023 08:16:13 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 309A 604 B
694 B 82ms
17ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:34:41 GMT
x-content-type-options: nosniff
age: 274
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 11 Oct 2023 08:34:41 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/elements/html/ Frame 309A 19 KB
9 KB 73ms
10ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d6b185c25855ec7d560c46a127f8f28ea723d0bd8bd6b1c2b610cd219016207

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 07:27:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8224
x-xss-protection: 0
server: cafe
etag: 969526298976576263
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 07:27:39 GMT

GET
H2 200 cc2fa6f05f6b7ab36f626f2501931c3a.js Show response
www.gstatic.com/mysidia/ Frame C1E3 10 KB
4 KB 82ms
22ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cc2fa6f05f6b7ab36f626f2501931c3a.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5b7440eb01b4db530c8b12650e39b4a3bfb1b49b7518c76b08bb6e8b8434a2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 353850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4312
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H2 200 9a8178d18d321307744a4c8ce46adea2.js Show response
www.gstatic.com/mysidia/ Frame C1E3 10 KB
4 KB 79ms
19ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9a8178d18d321307744a4c8ce46adea2.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

311d6e0a623475d73c35b2a61232ef0621db876a120cf7069721cb04f06ad003

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 07:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 350946
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4293
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 07:10:09 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C1E3 8 KB
895 B 50ms
26ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 08:19:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame C1E3 2 KB
983 B 84ms
27ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:37:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:37:01 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/ Frame C1E3 23 KB
9 KB 69ms
13ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

880b54918b4a62ebf033b5063c0398a2e3173533c69e87aa7ea9ad8af6b9ed72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:25:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 805
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9572
x-xss-protection: 0
server: cafe
etag: 13714838864795470651
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:25:50 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame C1E3 3 KB
1 KB 85ms
28ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1147
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:20:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame C1E3 17 KB
7 KB 74ms
17ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3481fbb99448440c24cc5c6d452b6c2e3450f471d69cc31269ffe9a05964fa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1073
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 9181008806812530437
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:21:22 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C1E3 151 KB
46 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c86d8bb13f5159b51509118253d40b69616a4a54b7a24d9c08f727eaf3ef9e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47122
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665402098278948"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H2 200 1d54d8cacad5994e062108e03542c880.js Show response
www.gstatic.com/mysidia/ Frame C1E3 33 KB
14 KB 76ms
18ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1d54d8cacad5994e062108e03542c880.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 353850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame E32D 8 KB
895 B 27ms
26ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 08:19:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame E32D 2 KB
902 B 63ms
24ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 762
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:26:33 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/ Frame E32D 23 KB
9 KB 53ms
17ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

880b54918b4a62ebf033b5063c0398a2e3173533c69e87aa7ea9ad8af6b9ed72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9572
x-xss-protection: 0
server: cafe
etag: 13714838864795470651
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:32:10 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame E32D 3 KB
1 KB 55ms
20ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:24:53 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame E32D 17 KB
7 KB 51ms
17ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3481fbb99448440c24cc5c6d452b6c2e3450f471d69cc31269ffe9a05964fa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 761
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 9181008806812530437
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:26:34 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E32D 151 KB
46 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c86d8bb13f5159b51509118253d40b69616a4a54b7a24d9c08f727eaf3ef9e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47122
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665402098278948"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H3 200 1d54d8cacad5994e062108e03542c880.js Show response
www.gstatic.com/mysidia/ Frame E32D 33 KB
13 KB 49ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1d54d8cacad5994e062108e03542c880.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 353850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17790311148257100460/ Frame C1E3 2 KB
2 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17790311148257100460/downsize_200k_v1?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ac523824bc1635fae9a925f20cecfb001148b2c9ef0a799e014b948f95e301c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 08:45:10 GMT
x-content-type-options: nosniff
age: 345245
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1656
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 00:33:59 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Oct 2023 08:45:10 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C1E3 0
0 79ms
71ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CXGvBsitFY5TvDKbVkdUPn4qbiAnpn97rbLybkcDBEMPvj5yuIxABIOzcxlJglcKmgrAHoAGSmav8AsgBAagDAaoE6QFP0K_OH186BKQlBokIlNl64EQDTIzwFgiVVuIOJZFwMWoa84ok6K_MdUzc8iY0htcCySRofwoNJWrvYUX97A1il2S-iM_vw0vwy0iKRbZAuvO3D2qx5V73PICiXG7aotJeRX2617fz_eXfd13nvC1rJg2RQ-wBgiaxyFRrKZb4RwU8sGnh5azciFH3FFWPq59Ml4L8_K7NOSgG7MGLxAoeufyxIrqG6JHIHCEfElHtjZ7eT12WMH068is2yqV4X5bylzSRIN8Bw-Ug77XvGh8YgRSgCEU_w-rTj-Dxmj_3eucbnDOV88vlecAEjbHGyIUEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGAB9bm1IMBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ5tsQ0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItMjkyNjczNjkxNTMwNjQwMBgA&sigh=CQg0I0FGYZE&uach_m=[UACH]&template_id=5001

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Oct 2022 08:39:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 298B 143 B
166 B 17ms
16ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1433
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:15:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C1E3 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d13519cbe68d19daeaca93f3a9bc423b1644bda6c19f4501483e8f23893c345

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 21A1 143 B
166 B 19ms
18ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1433
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:15:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 336x280_GlobalL_CYSEC.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/ Frame 0099 143 KB
28 KB 20ms
17ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1739562190&adf=721852255&pi=t.aa~a.356315161~rp.1&w=338&fwrn=4&fwrnh=100&lmt=1665477554&rafmt=1&to=qs&pwprc=9457725174&format=338x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477553993&bpp=2&bdt=609&idt=170&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=192&ady=57&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=svDUEFSzsz&p=https%3A//www.travelbyus.org&dtd=179

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ecbaf54325167809fb1d28162b6e0251528ba3d571628343e763c904123f716

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 531334
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 28788
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 05:03:41 GMT
expires: Thu, 05 Oct 2023 05:03:41 GMT
last-modified: Wed, 31 Aug 2022 04:52:15 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3A6D 0
0 61ms
60ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C7XkJsitFY5X9DdWeygXLuaegBpiz7uds9dSh8p4Q2LXxj5YdEAEg7NzGUmCVwqaCsAegAercgNECyAEJqQJoKsb3LCSlPqgDAcgDSKoE6wFP0JMpqoQJAsroHII2LQZfgupLIU5Hok4yqLPCG8_Knw81s5NSRLiT3KL-uRb8t1T4x8FMYbp9dFyEDkoQKgnzWUtiK6h9-Y50IwTshl1dlyA6T_-UBxbkxtkDoPsTDMZfM8Eb1pine7EiUMRJRCqF9ATNKKuiS9Vh14gqt4PpUd1diDY2HgCl5dX1Z5R4fkrcAVA5jlnnnkYQZbH-Y75AMLNraWmclmC4V0i0qADfihtZosjRacULQbyLNqoDenaiLuQR8vI3VsjWalFcFLUvJjM0--fkbXfH_t3j7sO0cFUGT0Umq7r2umqEwATzwvie1AOSBQQIBBgBkgUECAUYBKAGLoAH_qL_rgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCyixTSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi0yOTI2NzM2OTE1MzA2NDAwGAA&sigh=24XBO2stiWU&uach_m=[UACH]&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1739562190&adf=721852255&pi=t.aa~a.356315161~rp.1&w=338&fwrn=4&fwrnh=100&lmt=1665477554&rafmt=1&to=qs&pwprc=9457725174&format=338x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477553993&bpp=2&bdt=609&idt=170&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=192&ady=57&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=svDUEFSzsz&p=https%3A//www.travelbyus.org&dtd=179
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Oct 2022 08:39:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/ Frame 3A6D 23 KB
9 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

880b54918b4a62ebf033b5063c0398a2e3173533c69e87aa7ea9ad8af6b9ed72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9572
x-xss-protection: 0
server: cafe
etag: 13714838864795470651
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:32:10 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 0099 6 KB
3 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 13:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70015
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2655
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 11 Oct 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 0099 34 KB
13 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45969
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 11 Oct 2022 19:53:06 GMT

GET
H3 200 createjs.min.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/libs/1.0.0/ Frame 0099 236 KB
63 KB 20ms
18ms Script
application/x-javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/libs/1.0.0/createjs.min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/336x280_GlobalL_CYSEC.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 05 Oct 2022 05:03:41 GMT
age: 531334
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64184
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 04:52:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 05 Oct 2023 05:03:41 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 298B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

28ms
25ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:15 GMT
expires: Tue, 11 Oct 2022 08:39:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:15 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 21A1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

37ms
37ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:15 GMT
expires: Tue, 11 Oct 2022 08:39:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:15 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js Show response
pagead2.googlesyndication.com/bg/ Frame 089C 36 KB
16 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js

Requested by

Host: www.travelbyus.org
URL: https://www.travelbyus.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3a8782bbe8cd0610acc3f91da27e1d89a86cb7049fd4146a833f0518c112ec3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 566017
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15993
x-xss-protection: 0
last-modified: Mon, 03 Oct 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 19:25:38 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F5FB 143 B
166 B 19ms
16ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1739562190&adf=721852255&pi=t.aa~a.356315161~rp.1&w=338&fwrn=4&fwrnh=100&lmt=1665477554&rafmt=1&to=qs&pwprc=9457725174&format=338x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477553993&bpp=2&bdt=609&idt=170&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=192&ady=57&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=svDUEFSzsz&p=https%3A//www.travelbyus.org&dtd=179
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1433
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:15:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame 3A6D 3 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:24:53 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame 3A6D 17 KB
7 KB 21ms
17ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3481fbb99448440c24cc5c6d452b6c2e3450f471d69cc31269ffe9a05964fa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 761
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 9181008806812530437
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:26:34 GMT

GET
H3 200 _336f.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/images/ Frame 0099 5 KB
5 KB 20ms
18ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/images/_336f.jpg?1661349804535

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a162c7c14f08a6ad632407431cc46ae786394033bcd85eb6df52ba0c29dcf64

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 05 Oct 2022 05:03:42 GMT
x-content-type-options: nosniff
age: 531333
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5163
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 04:52:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 05 Oct 2023 05:03:42 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 3321 8 KB
895 B 30ms
29ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=54949582&pi=t.aa~a.312431347~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=2&bdt=1651&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280&nras=3&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1536&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=YVJYtTLhlj&p=https%3A//www.travelbyus.org&dtd=19

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 07:34:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame 3321 2 KB
902 B 19ms
17ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 762
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:26:33 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/ Frame 3321 23 KB
9 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

880b54918b4a62ebf033b5063c0398a2e3173533c69e87aa7ea9ad8af6b9ed72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9572
x-xss-protection: 0
server: cafe
etag: 13714838864795470651
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:32:10 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame 3321 3 KB
1 KB 19ms
14ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:24:53 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame 3321 17 KB
7 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3481fbb99448440c24cc5c6d452b6c2e3450f471d69cc31269ffe9a05964fa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 761
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 9181008806812530437
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:26:34 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3321 0
0 58ms
21ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTmLtl_KPinI-P8JFwCCUUQX3sVpO5i9JicDyBcr5xOHPb1jlbb_QsRYAIZCg6lj7FbeLrxHepM3SHGBXnuyaaMqtcvaw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=54949582&pi=t.aa~a.312431347~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=2&bdt=1651&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280&nras=3&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1536&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=YVJYtTLhlj&p=https%3A//www.travelbyus.org&dtd=19
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3321 151 KB
46 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c86d8bb13f5159b51509118253d40b69616a4a54b7a24d9c08f727eaf3ef9e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47122
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665402098278948"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H3 200 1d54d8cacad5994e062108e03542c880.js Show response
www.gstatic.com/mysidia/ Frame 3321 33 KB
13 KB 20ms
13ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1d54d8cacad5994e062108e03542c880.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 353850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3A6D 151 KB
46 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c86d8bb13f5159b51509118253d40b69616a4a54b7a24d9c08f727eaf3ef9e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47122
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665402098278948"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H3 200 cell.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/images/ Frame 0099 24 KB
24 KB 23ms
22ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14058492476962613972/336x280_GlobalL_CYSEC/images/cell.png?1661349804535

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8da5c9041bc1e9d4fdb1e387807c44237a704bfafa2617acb77c25d790553710

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 05 Oct 2022 05:03:42 GMT
x-content-type-options: nosniff
age: 531333
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24806
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 04:52:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 05 Oct 2023 05:03:42 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3321 0
0 77ms
64ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C1yDisytFY__5BYXCywWX8b6YBKOUiOZsgZPgyuAQ7eqrpY0OEAEg7NzGUmCVwqaCsAegAdzJktwCyAEJqQKRhqOUQ0mwPqgDAcgDywSqBOwBT9DXI7j4nhSK4UtLkAGX2Mx5PuJyYoHsWgef1qx0XENxwdeOoGfUbLWDHaZmgBk5SGldNj-d1UWkKFWcVB9gFC0fV9msHRZTdV3Q5u_zjck5HFBAfiAymfFXQofGMZyqShimWArinpN-_OyuaNhYUfm-KZYgfZpHuc01HfAFRC_r0K7yxRQXuBcFyM_eRSB-avPN7lI5aNjm71JUGHCWGLJvgHX0fmR0bC-HGZBW03E-n47a6jvtlaD1Qedx6zGZWNBmJUqNejkxt0GuRJkKt4oljvhSHh_GjuWhMt25qk0J1XK96hHWcsK4nLzABODRro-mBJIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeMtu2jAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEENPlB9IIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BML0BUBmBYBgBcBshccChoIABIUcHViLTI5MjY3MzY5MTUzMDY0MDAYAA&sigh=qyECHck9A9Y&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=54949582&pi=t.aa~a.312431347~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=2&bdt=1651&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280&nras=3&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1536&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=YVJYtTLhlj&p=https%3A//www.travelbyus.org&dtd=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Oct 2022 08:39:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F5FB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

32ms
29ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:15 GMT
expires: Tue, 11 Oct 2022 08:39:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:15 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3A6D 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10e1f49f0f27f540d0c567d7ff510501389d4d8e72f6af6f8a3a1c66320b00f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16335473540965298367/ Frame 3321 27 KB
27 KB 27ms
16ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16335473540965298367/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12b88b37b848e93cbff359332a18207f95f29b3350e5ef3fc7dbfdd56f5bf02e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 07:39:15 GMT
x-content-type-options: nosniff
age: 435600
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27298
x-xss-protection: 0
last-modified: Tue, 04 Oct 2022 14:20:39 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 06 Oct 2023 07:39:15 GMT

GET
DATA 200
OK truncated
/ Frame 3321 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3321 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 css
fonts.googleapis.com/ Frame B5EF 3 KB
601 B 24ms
22ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=3777123250&adf=3651570137&pi=t.aa~a.1508228134~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=1&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280%2C1200x280&nras=5&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3058&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=F9QhB8yvrA&p=https%3A//www.travelbyus.org&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fb7989597f1a10a56bd83de6a26eefec44a0c704979fb5e06f02195bc9cebfce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 08:23:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame B5EF 2 KB
902 B 18ms
17ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 762
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:26:33 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/ Frame B5EF 23 KB
9 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

880b54918b4a62ebf033b5063c0398a2e3173533c69e87aa7ea9ad8af6b9ed72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9572
x-xss-protection: 0
server: cafe
etag: 13714838864795470651
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:32:10 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame B5EF 3 KB
1 KB 19ms
16ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:24:53 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame B5EF 17 KB
7 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3481fbb99448440c24cc5c6d452b6c2e3450f471d69cc31269ffe9a05964fa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 761
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 9181008806812530437
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:26:34 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B5EF 0
0 28ms
25ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTetA3xjKk8frtlowCa9I2MqwnYHDII6j0keGyN0TrThcRCQ3HT7slsRNfq0tJB3jwzTymdzB_dWzunSVGSXzbltZERlQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=3777123250&adf=3651570137&pi=t.aa~a.1508228134~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=1&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280%2C1200x280&nras=5&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3058&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=F9QhB8yvrA&p=https%3A//www.travelbyus.org&dtd=28
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B5EF 151 KB
46 KB 31ms
28ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c86d8bb13f5159b51509118253d40b69616a4a54b7a24d9c08f727eaf3ef9e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47122
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665402098278948"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H3 200 1d54d8cacad5994e062108e03542c880.js Show response
www.gstatic.com/mysidia/ Frame B5EF 33 KB
13 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1d54d8cacad5994e062108e03542c880.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 353850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 cc2fa6f05f6b7ab36f626f2501931c3a.js Show response
www.gstatic.com/mysidia/ Frame 68A2 10 KB
4 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cc2fa6f05f6b7ab36f626f2501931c3a.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5b7440eb01b4db530c8b12650e39b4a3bfb1b49b7518c76b08bb6e8b8434a2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 353850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4312
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 bca10ddd16af34d21051a380f937ccd2.js Show response
www.gstatic.com/mysidia/ Frame 68A2 18 KB
8 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/bca10ddd16af34d21051a380f937ccd2.js?tag=pingback

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

781435863bd553fd2673b10b1dda8faad16ba7f9113560d4a9815615b8ddf5cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 07:39:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 349187
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7723
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 07:39:28 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 68A2 6 KB
672 B 26ms
23ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Oct 2022 08:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 08:22:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Oct 2022 08:39:15 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame 68A2 2 KB
916 B 16ms
16ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 763
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:26:33 GMT

GET
H3 200 1c8b28b3f1e45bd861fb75f2fad01d8e.js Show response
www.gstatic.com/mysidia/ Frame 68A2 6 KB
2 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1c8b28b3f1e45bd861fb75f2fad01d8e.js?tag=analytics_pingback_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87cdc9a4af3ce62dc6e491a4a393307f40a3c90bbac8ada4baafff7390775b8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 353385
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2262
x-xss-protection: 0
last-modified: Thu, 29 Sep 2022 20:53:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:29:30 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/ Frame 68A2 23 KB
9 KB 19ms
16ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

880b54918b4a62ebf033b5063c0398a2e3173533c69e87aa7ea9ad8af6b9ed72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:32:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9572
x-xss-protection: 0
server: cafe
etag: 13714838864795470651
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:32:10 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame 68A2 3 KB
1 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:24:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 863
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:24:53 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/ Frame 68A2 17 KB
7 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221005/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3481fbb99448440c24cc5c6d452b6c2e3450f471d69cc31269ffe9a05964fa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 761
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 9181008806812530437
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Oct 2022 08:26:34 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 68A2 0
0 89ms
87ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS39X6YI_6L53YSX1ROBlEuVoTPc3a8pbm7MxZRylTYcOtWNTxbkdkSM4Su1tTyL3xxPbk6rDa9P8I_kq73TJX71k0SRQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 68A2 151 KB
46 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c86d8bb13f5159b51509118253d40b69616a4a54b7a24d9c08f727eaf3ef9e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47122
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665402098278948"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Oct 2022 08:39:16 GMT

GET
H3 200 1d54d8cacad5994e062108e03542c880.js Show response
www.gstatic.com/mysidia/ Frame 68A2 33 KB
13 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1d54d8cacad5994e062108e03542c880.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 353851
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js Show response
pagead2.googlesyndication.com/bg/ Frame 0099 36 KB
16 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3a8782bbe8cd0610acc3f91da27e1d89a86cb7049fd4146a833f0518c112ec3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 566017
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15993
x-xss-protection: 0
last-modified: Mon, 03 Oct 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 19:25:38 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B5EF 0
0 71ms
70ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cv1B6sytFY7DHBsKMywX_8Y-YCJiy4floqb7swagM6um0tfkBEAEg7NzGUmCVwqaCsAegAbC6odcDyAEJqQKRhqOUQ0mwPqgDAcgDywSqBOIBT9DxgrY5hoOFAsGGPY4I25_P4tYOdhMAuW1RWs2OzYSzMmNaSf20HwKifR6n6QqPdOONtwzHpcb9-Y6NypxmN2oxDVti1fjkMi6iHwdCWdxLDt2FSJUSLtGRbLKIn30MpsyDNJo_Lnq4vLc95bF2blNdgmPHUi-WizloE9iaf9qzD2-rm0vCXxSPnvZgF80Cc-r2ybsaC2bCMp8GD_4OoA6Cf4jiQpeoyx06sfe4yuVDzQkk3gC_EZksq5HUEC4XwViCDD8hjwRecRMzCp20HTyvMHeA4PsY4VjDZn1K1sLsHcAEseDiyo4DkgUECAQYAZIFBAgFGASgBi6AB7_ZvWCoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwQQwpEF0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwyIFAHQFQGAFwGyFxwKGggAEhRwdWItMjkyNjczNjkxNTMwNjQwMBgA&sigh=SswtOl-r9vI&uach_m=[UACH]&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=3777123250&adf=3651570137&pi=t.aa~a.1508228134~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=1&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280%2C1200x280&nras=5&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3058&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=F9QhB8yvrA&p=https%3A//www.travelbyus.org&dtd=28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Oct 2022 08:39:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 9588183769006283943_9186565913604646649.jpeg
static.doubleclick.net/dynamic/5/179058610/ Frame B5EF 89 KB
89 KB 108ms
47ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/179058610/9588183769006283943_9186565913604646649.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68eaf8ac60d0942a6bcee0b4538d7d50ebe41bd26e332550d05d8b9d37fa16e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 12:10:12 GMT
x-content-type-options: nosniff
age: 332943
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91035
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 07:22:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 07 Oct 2023 12:10:12 GMT

GET
H3 200 12113704999434785491
tpc.googlesyndication.com/daca_images/simgad/ Frame B5EF 20 KB
20 KB 21ms
17ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/12113704999434785491

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fddf414a300c78da053ac44e4c709bb5a0336c14fe29df3c136ee7f239d7e847

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 05:59:20 GMT
x-content-type-options: nosniff
age: 527995
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20048
x-xss-protection: 0
last-modified: Mon, 26 Jun 2017 02:21:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 05 Oct 2023 05:59:20 GMT

GET
H2 200 8879577723597230621_11361403871243500124.jpeg
static.doubleclick.net/dynamic/5/179058610/ Frame B5EF 83 KB
84 KB 75ms
14ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/179058610/8879577723597230621_11361403871243500124.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcd3ea17cbf6c1c1e8b723ac4013c9f23c5ec57085b27a38b3ac59f401890591

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 07:55:22 GMT
x-content-type-options: nosniff
age: 348233
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84958
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 07:22:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 07 Oct 2023 07:55:22 GMT

GET
H2 200 1360005467745665247_9146618617033836075.jpeg
static.doubleclick.net/dynamic/5/179058610/ Frame B5EF 71 KB
71 KB 107ms
47ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/179058610/1360005467745665247_9146618617033836075.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd4166a69eaa2d6cf37f33cb021cda0767429283b038db80e64e4fdd7adac908

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 07:36:58 GMT
x-content-type-options: nosniff
age: 349337
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72725
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 07:23:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 07 Oct 2023 07:36:58 GMT

GET
H3

200

4091503581208051288
tpc.googlesyndication.com/simgad/ Frame B5EF
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL
https://tpc.googlesyndication.com/simgad/4091503581208051288

107 KB
107 KB

24ms
24ms

Image
image/png

2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4091503581208051288

Requested by

Protocol

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 16:38:04 GMT
x-content-type-options: nosniff
age: 576071
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109931
x-xss-protection: 0
last-modified: Wed, 23 Oct 2019 12:45:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 04 Oct 2023 16:38:04 GMT

Redirect headers

date: Mon, 10 Oct 2022 19:03:05 GMT
x-content-type-options: nosniff
server: cafe
age: 48970
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/4091503581208051288
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 09 Nov 2022 19:03:05 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame FE2D 1 KB
643 B 24ms
14ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54845
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Oct 2022 17:25:10 GMT
etag: 48472445140208031
expires: Tue, 11 Oct 2022 17:25:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3321 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c921f9bac77793b99b7983b08f28cc6c01c63972bb33bc5770e48bca60cc3ba

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 3321 28 KB
28 KB 66ms
15ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:44:44 GMT
x-content-type-options: nosniff
age: 518072
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 08:44:44 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 47BF 1 KB
643 B 68ms
66ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54846
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Oct 2022 17:25:10 GMT
etag: 48472445140208031
expires: Tue, 11 Oct 2022 17:25:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8754881022018569179/ Frame 68A2 15 KB
15 KB 49ms
47ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8754881022018569179/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0cd455709157c9ab51f6690915a476e1bc2c5b9261e4dac4d0f5024116157b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 10:10:37 GMT
x-content-type-options: nosniff
age: 340119
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15487
x-xss-protection: 0
last-modified: Mon, 28 Dec 2020 11:44:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Oct 2023 10:10:37 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5121390031775087215/ Frame 68A2 4 KB
4 KB 47ms
45ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5121390031775087215/downsize_200k_v1?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e1b38e3ec57ff3b5e9d587e514749f89efbca73eb3b4612a434ae18707c74e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 22:30:59 GMT
x-content-type-options: nosniff
age: 382097
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3666
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 16:04:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 06 Oct 2023 22:30:59 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 68A2 0
0 68ms
68ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CmogosytFY5WKBoOOywW1hZdgz5jQ42zFtYax6w3a2R4QASDs3MZSYJXCpoKwB6ABj8qfmAPIAQmpApGGo5RDSbA-qAMByAPLBKoE6AFP0GeHikrdaLNDcEJj9NYBVRn9gOlp_FTmO-qItnBHW8dGMReff6DFdYdTsXoywtM3cIvmY7j5XXf91jL-0pLS7hNHAICsId2KfADK7v2yCoZ-MwN1ICdcant-m5XhVN5CAddSKWaBoQfVrwdgAVSeT6eKm287lYZp487rlCFXuDZmKbH0EZaETZxEz0P1VRUr4gUQselxren7ZAUMSzPx342poEz12CvSDf6PiBNB5jaxiqgN7oTg-jt87IY6EVsX757uoespNmuHxSRtIKNa7LPjrSEDEnjQMRZzfvi0WW_x3fUe0u9HwASs1-PP0QOSBQQIBBgBkgUECAUYBKAGLoAH2bXgZ6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKr4FdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsBuBPkA9gTDYgUEtAVAZgWAYAXAbIXHAoaCAASFHB1Yi0yOTI2NzM2OTE1MzA2NDAwGAA&sigh=bUg2fvzKUKc&uach_m=[UACH]&template_id=484

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Oct 2022 08:39:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9B49 1 KB
643 B 25ms
22ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54846
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Oct 2022 17:25:10 GMT
etag: 48472445140208031
expires: Tue, 11 Oct 2022 17:25:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 68A2 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5501e08abccd50d5fa2bc70ef46adf1bc135941ab89408f83fe90d53cbe7eb4e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B5EF 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f97582cbaa0a8ffb23b8701916fb60e09017867549087d5f1c24ba688030636

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame FE2D 35 B
464 B 54ms
7ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENILKi8q_XOSI25idGbOek8&google_cver=1&google_push=AZmPxg8Y9lgzsyFmamK41QNsqMnikqBNfR8UvGudGVAquqWIferko-eufeVOWJHaacZiF9WICh0fmLY0Hei28e9g8-V7s_LaiR8

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FE2D
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEPez7p72jGrRSACOCbcrmbw&google_cver=1&google_push=AZmPxg_FFMnHgkxMlLVPWmdvDbfB8rc95dcXlWIa4fBdfEskzZxp2_kTVuh9_xDLZeNs9cxsgK9l_7EY2g1ilXYRShG7bJAfBxk
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AZmPxg_FFMnHgkxMlLVPWmdvDbfB8rc95dcXlWIa4fBdfEskzZxp2_kTVuh9_xDLZeNs9cxsgK9l_7EY2g1ilXYRShG7bJAfBxk&google_hm=Q0FFU0VQZXo3cDcyakdyUl...

170 B
188 B

55ms
27ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AZmPxg_FFMnHgkxMlLVPWmdvDbfB8rc95dcXlWIa4fBdfEskzZxp2_kTVuh9_xDLZeNs9cxsgK9l_7EY2g1ilXYRShG7bJAfBxk&google_hm=Q0FFU0VQZXo3cDcyakdyUlNBQ09DYmNybWJ3

Requested by

Host: www.travelbyus.org
URL: https://www.travelbyus.org/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 11 Oct 2022 08:39:15 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AZmPxg_FFMnHgkxMlLVPWmdvDbfB8rc95dcXlWIa4fBdfEskzZxp2_kTVuh9_xDLZeNs9cxsgK9l_7EY2g1ilXYRShG7bJAfBxk&google_hm=Q0FFU0VQZXo3cDcyakdyUlNBQ09DYmNybWJ3
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame FE2D 43 B
356 B 76ms
20ms Image
image/gif 34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEPoP3BRVQgAeiULzXDZtS54&google_push=AZmPxg-FTNsOTEzkngIhYJv2FiWJort6IugpKjt41NDixxw858MF5uxUF3_2cen87oTD0pHKGA6o8bH7LBFn4FvFjAjCHe70mg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=54949582&pi=t.aa~a.312431347~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=2&bdt=1651&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280&nras=3&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1536&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=YVJYtTLhlj&p=https%3A//www.travelbyus.org&dtd=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame FE2D 43 B
351 B 75ms
19ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEHNKcMwHQ2OoLUDF2ThJVPE&google_cver=1&google_push=AZmPxg_KBvidWTU-Dv6PRpzTkcJrkIYlMIOOT-qWdiyZHzN_jLAWTBd9WBTNA0vCZV3Bz71mlMLQmQRxMq8nrQR-3cR7scQx0OA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=54949582&pi=t.aa~a.312431347~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=2&bdt=1651&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280&nras=3&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1536&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=YVJYtTLhlj&p=https%3A//www.travelbyus.org&dtd=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:15 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: eqkejl24d7hgt9gn6o6cpugjlc7h029c

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame FE2D 0
166 B 67ms
12ms Image
text/html 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMRJpeQQlEfjIFSQD_DOkTQ&google_cver=1&google_push=AZmPxg9dlO8e1sME01-YnRg8sY1YLQY6crNcS02GOpyQMkF0VprxowHE-HzWC0RHJ03DqtBvYxb_Y6cuXzEDIhmVFSJIAE0c7Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=54949582&pi=t.aa~a.312431347~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=2&bdt=1651&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280&nras=3&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1536&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=YVJYtTLhlj&p=https%3A//www.travelbyus.org&dtd=19
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 11 Oct 2022 08:39:16 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FE2D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEE_9X0kLVXQI7P2SbBsmTxI&google_cver=1&google_push=AZmPxg_3Mw-kE39OI9ic9C8wnpBf9DLnGrwqbj-1zk23HhONiRLBz67X9RcZfUi3_pvmX6f1bP-...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDkzWUMyWTUtMTQtMjAzQg==&google_push=AZmPxg_3Mw-kE39OI9ic9C8wnpBf9DLnGrwqbj-1zk23HhONiRLBz67X9RcZfUi3_pvmX6f1bP-d1nnokUg6zRATpAKsw9ooew

170 B
188 B

41ms
26ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDkzWUMyWTUtMTQtMjAzQg==&google_push=AZmPxg_3Mw-kE39OI9ic9C8wnpBf9DLnGrwqbj-1zk23HhONiRLBz67X9RcZfUi3_pvmX6f1bP-d1nnokUg6zRATpAKsw9ooew

Requested by

Host: www.travelbyus.org
URL: https://www.travelbyus.org/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDkzWUMyWTUtMTQtMjAzQg==&google_push=AZmPxg_3Mw-kE39OI9ic9C8wnpBf9DLnGrwqbj-1zk23HhONiRLBz67X9RcZfUi3_pvmX6f1bP-d1nnokUg6zRATpAKsw9ooew
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FE2D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGg6-wEONwjur6VCyrbvusI&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEGg6-wEONwjur6VCyrbvusI&google_push=AZ...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGg6-wEONwjur6VCyrbvusI&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg98ZyXaov7p8nPbkv1uHBh1N1UXBXuBB...

170 B
188 B

27ms
26ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGg6-wEONwjur6VCyrbvusI&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg98ZyXaov7p8nPbkv1uHBh1N1UXBXuBB3JgJZk9loNJoXwiMardnR-liWQcyFuMIz7kYEQuWc806o3o808xXa1oUPaUMJQ

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2BPlu4%2BV1%2BKqoBtioV2XIU9tQy3FfcGFrRGfHMZMI1CPMdf1f3nq734wyU01ayCeoZxLHL%2Fo2H9OmB1nei4KmaiOAs3h5Bt%2FpO%2FArn5Z807VjUSEsYjNBNZys84GC0SbGGJf3wMJHAh%2Bog%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGg6-wEONwjur6VCyrbvusI&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg98ZyXaov7p8nPbkv1uHBh1N1UXBXuBB3JgJZk9loNJoXwiMardnR-liWQcyFuMIz7kYEQuWc806o3o808xXa1oUPaUMJQ
cache-control: no-cache
cf-ray: 758648c6ac9f5c14-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame FE2D 0
223 B 86ms
26ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IlKZ3XLecDtxIwmK5iQDi1LyZ1h2YDJSBspNgkpS_YcB-lEL7a5RYU7ImrKQ-QXNiX-3Me

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame B5EF 20 KB
20 KB 19ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 21:33:43 GMT
x-content-type-options: nosniff
age: 299133
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Oct 2023 21:33:43 GMT

GET
H3 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame B5EF 21 KB
21 KB 21ms
17ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 22:44:30 GMT
x-content-type-options: nosniff
age: 554086
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21428
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:32:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 22:44:30 GMT

GET
H3 200 w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js Show response
pagead2.googlesyndication.com/bg/ Frame 5E74 36 KB
16 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3a8782bbe8cd0610acc3f91da27e1d89a86cb7049fd4146a833f0518c112ec3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 566018
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15993
x-xss-protection: 0
last-modified: Mon, 03 Oct 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 19:25:38 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 47BF
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBvj5D7B7WBaAsTt-7YxlA4&google_cver=1&google_push=AZmPxg8thmiXKbGGSwlKw-5s0VxFarW0R4SvMN4Oh2DvDCU_86XSqDuHIO...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg8thmiXKbGGSwlKw-5s0VxFarW0R4SvMN4Oh2DvDCU_86XSqDuHIO_fWZ6v-vMxWdw703c58StLryAnzkXlr1GsTkvbqwM&google_hm=x9FpPMN7GwNUo...

170 B
188 B

26ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg8thmiXKbGGSwlKw-5s0VxFarW0R4SvMN4Oh2DvDCU_86XSqDuHIO_fWZ6v-vMxWdw703c58StLryAnzkXlr1GsTkvbqwM&google_hm=x9FpPMN7GwNUoVWYGus0TQ

Requested by

Host: www.travelbyus.org
URL: https://www.travelbyus.org/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg8thmiXKbGGSwlKw-5s0VxFarW0R4SvMN4Oh2DvDCU_86XSqDuHIO_fWZ6v-vMxWdw703c58StLryAnzkXlr1GsTkvbqwM&google_hm=x9FpPMN7GwNUoVWYGus0TQ
pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 451 466606.gif
id.rlcdn.com/ Frame 47BF 0
98 B 58ms
21ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAZmPxg9DA56ig8FZlMNxDOqYRhGk6tfyVEGWp-8LatpRrdIyfDGD5MBbaBOkow5xDz6EpVGmbuAG5GUrYwaccC3XBj8wdptE1tQ&google_gid=CAESEI36Vi-OUwW8WTXMRaCvfWg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=3777123250&adf=3651570137&pi=t.aa~a.1508228134~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=1&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280%2C1200x280&nras=5&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3058&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=F9QhB8yvrA&p=https%3A//www.travelbyus.org&dtd=28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:16 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 sync
odr.mookie1.com/t/v2/ Frame 47BF 43 B
61 B 38ms
21ms Image
image/gif 34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEFHs59H5XR8H6pmk3BDly98&google_push=AZmPxg-nc9-Jrf_DMpm6XN5c9z3j88r8JQYQoPw6TuCDUGp71pDVe8AWxkAWz5kjnqc26Hh5tZJtvIw_kOJZ-tRuG7kMDTWK8tU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=3777123250&adf=3651570137&pi=t.aa~a.1508228134~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=1&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280%2C1200x280&nras=5&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3058&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=F9QhB8yvrA&p=https%3A//www.travelbyus.org&dtd=28
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 47BF 43 B
64 B 39ms
22ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESECf_6dO8NCCTJxZSY-qoa2o&google_cver=1&google_push=AZmPxg-oF811RKctarnXUHE2oij0ZCvnQShgS8xEO-6RC3tFZPpbNmOK_yBxG5Ab7joi1BJtLHXYbG4bV9aLsuat7qEF3b4FKms
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=3777123250&adf=3651570137&pi=t.aa~a.1508228134~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=1&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280%2C1200x280&nras=5&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3058&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=F9QhB8yvrA&p=https%3A//www.travelbyus.org&dtd=28
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: l0prah2pd4s1sm7c6f23crci0huat864

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 47BF 0
41 B 15ms
13ms Image
text/html 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHEWICOx7p9N2QFWdq1hFpU&google_cver=1&google_push=AZmPxg-eG9GXeg8G0Bd61SklvceZn2VTFnBeIpcEfRPh_s4tfpIzpQxQl6QNaOOJPFc4z-haAV4qveg_6US2z84Zs-bCedAhdzb4
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=3777123250&adf=3651570137&pi=t.aa~a.1508228134~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=1&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280%2C1200x280&nras=5&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3058&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=F9QhB8yvrA&p=https%3A//www.travelbyus.org&dtd=28
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 11 Oct 2022 08:39:16 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 47BF
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFd-J-BY7c06hwIb3fiEfME&google_cver=1&google_push=AZmPxg9lfuGcz9U96MuYiVx1DOsbizSLzRB37Cv9uNDZfGmwBFu4gFbgFrazthaSNLieR_FPx7a...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDkzWUMyWkctMTktMkRPWA==&google_push=AZmPxg9lfuGcz9U96MuYiVx1DOsbizSLzRB37Cv9uNDZfGmwBFu4gFbgFrazthaSNLieR_FPx7aBcs_iedwsyBFq7vRntAPu24nv

170 B
188 B

28ms
27ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDkzWUMyWkctMTktMkRPWA==&google_push=AZmPxg9lfuGcz9U96MuYiVx1DOsbizSLzRB37Cv9uNDZfGmwBFu4gFbgFrazthaSNLieR_FPx7aBcs_iedwsyBFq7vRntAPu24nv

Requested by

Host: www.travelbyus.org
URL: https://www.travelbyus.org/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDkzWUMyWkctMTktMkRPWA==&google_push=AZmPxg9lfuGcz9U96MuYiVx1DOsbizSLzRB37Cv9uNDZfGmwBFu4gFbgFrazthaSNLieR_FPx7aBcs_iedwsyBFq7vRntAPu24nv
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 47BF
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMUEuzIHsKFATVeFWvDA9zU&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEMUEuzIHsKFATVeFWvDA9zU&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg_KR7kNfg4bRIdsIzL2scCDt8B5mjHL_...

170 B
188 B

29ms
27ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEMUEuzIHsKFATVeFWvDA9zU&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg_KR7kNfg4bRIdsIzL2scCDt8B5mjHL_hu0s3vRhqr4aMHtpTQ5e9lMClWQh28BaoFSObjRSEm60y8mgqyHj7l9J3VTn3HU

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XyVL5gqTaBD%2FHvCVfX03exB2KmYBcejfmhn%2FAC90mCOMG4oApHP8sbxp%2FfPjYo8mH4FoYaxvomlSStg4jxVgR2EfcIc%2F0e7t9CJnzJxCl6NAe9RF96i5Oj7L2TuERRiAbOdukJRRb5OdLg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEMUEuzIHsKFATVeFWvDA9zU&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg_KR7kNfg4bRIdsIzL2scCDt8B5mjHL_hu0s3vRhqr4aMHtpTQ5e9lMClWQh28BaoFSObjRSEm60y8mgqyHj7l9J3VTn3HU
cache-control: no-cache
cf-ray: 758648c6ac985c14-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 47BF 0
12 B 28ms
24ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KTfvrHJ-dJhGgGWCWfbxERyJhu0EFYCLixuAlv32yH6T_a82nufyXZhitpG_ZEagw9ykl4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B49
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEI0tiVXbQZAEhuXDbKgSpCE&google_cver=1&google_push=AZmPxg9nOTbZCFE4iumi5PKgL7HuLM4qIcH87Y9K6CrnN1_yYAw_R6Iwly...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg9nOTbZCFE4iumi5PKgL7HuLM4qIcH87Y9K6CrnN1_yYAw_R6IwlyKspja9Qulb9PsKJkBI21p23kEdgbjI-PUrLu5mckg&google_hm=x9FpPMN7GwNUo...

170 B
188 B

25ms
24ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg9nOTbZCFE4iumi5PKgL7HuLM4qIcH87Y9K6CrnN1_yYAw_R6IwlyKspja9Qulb9PsKJkBI21p23kEdgbjI-PUrLu5mckg&google_hm=x9FpPMN7GwNUoVWYGus0TQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg9nOTbZCFE4iumi5PKgL7HuLM4qIcH87Y9K6CrnN1_yYAw_R6IwlyKspja9Qulb9PsKJkBI21p23kEdgbjI-PUrLu5mckg&google_hm=x9FpPMN7GwNUoVWYGus0TQ
pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B49
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg9v70n6...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg9v70n6...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMTEwODM5MTYwMDA1MTkzOTgwNjE0OA%3D%3D&google_push=AZmPxg9v70n6A3-FmigZpox9rdXT4nVUU7_W2gqPOdXfBJiHV2w8M9KYl908tBhGz-xb1t...

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMTEwODM5MTYwMDA1MTkzOTgwNjE0OA%3D%3D&google_push=AZmPxg9v70n6A3-FmigZpox9rdXT4nVUU7_W2gqPOdXfBJiHV2w8M9KYl908tBhGz-xb1tni5QkFP10n5iTefizin7Vq8DoIi4I

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMTEwODM5MTYwMDA1MTkzOTgwNjE0OA%3D%3D&google_push=AZmPxg9v70n6A3-FmigZpox9rdXT4nVUU7_W2gqPOdXfBJiHV2w8M9KYl908tBhGz-xb1tni5QkFP10n5iTefizin7Vq8DoIi4I
pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Tue, 11 Oct 2022 08:39:16 GMT

GET
H3 200 sync
odr.mookie1.com/t/v2/ Frame 9B49 43 B
61 B 23ms
20ms Image
image/gif 34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEL_cpHB0Rg3kLwS4pn59kZY&google_push=AZmPxg9InqBkfxf730LsrXMJkn3cPhdwFzfJ2Inix1o_Id2TGjXorhtlba6eVq5bWES5HcPjUV9xMmSJFa9RI3Q4BkEXb9LxJkU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 9B49 0
41 B 15ms
13ms Image
text/html 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMl75E7nNA44hICkI2M8ThU&google_cver=1&google_push=AZmPxg9cWAK-2fD-S1jf4VvVuqRi2go19bKF9jOO7ZNbkX_Yaypo_js4POI6SlpYJdC6Jn5ffxM2OObAtoJfsd-ma2cXMfS3-bs
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 11 Oct 2022 08:39:15 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B49
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJD0pNGo48K3TZHo1N43aIU&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJD0pNGo48K3TZHo1N43aIU&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg9WRDjtljXR5aqGmELYW0HdX4TF0q4D0...

170 B
188 B

26ms
24ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJD0pNGo48K3TZHo1N43aIU&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg9WRDjtljXR5aqGmELYW0HdX4TF0q4D0Ncu6rmoB7zY8E2uYtTUvWc95E_p0xligGvvkbTBA6e7IArPdqkuO9VDEQIgDA

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CKiJc2ZS8tyT7pfgGRDY1P0ezaKVh5efV9C6%2F9WT3yk1KsdHbquK5awLzbkiQGm46VC2cmZx3bvIk6JC9vWZH5N0ogLrAEmX396VxSFGVrQlADzqEO5TVy6xrnHcxYtnwySSfaUMAOp6sA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJD0pNGo48K3TZHo1N43aIU&google_hm=Y0UrtI2XR6TPmtLqGjD1GwAABJMAAAIB&google_nid=index&google_push=AZmPxg9WRDjtljXR5aqGmELYW0HdX4TF0q4D0Ncu6rmoB7zY8E2uYtTUvWc95E_p0xligGvvkbTBA6e7IArPdqkuO9VDEQIgDA
cache-control: no-cache
cf-ray: 758648c6aca85c14-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame 9B49 43 B
297 B 223ms
21ms Image
image/gif 2a05:d01c:1d8:8101:25d:89fc:67d9:f1d7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEAbXHxAdBWOtk6-1CZ_YRQU&google_cver=1&google_push=AZmPxg_CQ6Jsf4MhOTH1cidBxa7DEKBpFUHnp6dDkdBBmY9mSqY1gOelvUc_TcDryw4uO9mUT4KMKr13jFk1dn8E7AuftTptB6U
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8101:25d:89fc:67d9:f1d7 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
cache-control: no-cache
content-length: 43
request-time: 0
expires: -1

GET googleredir
googlecm.hit.gemius.pl/ Frame 9B49 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9B49 0
12 B 77ms
75ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LftB5UyZmSUVNm82tz5bce4qJ8P5leV1-Wttlf3yICIfpKy99wNF7JQNsrLy95unkkJrwV4Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:16 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 68A2 15 KB
15 KB 16ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 20:22:20 GMT
x-content-type-options: nosniff
age: 303416
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Oct 2023 20:22:20 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 68A2 15 KB
16 KB 15ms
13ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 05:09:29 GMT
x-content-type-options: nosniff
age: 358187
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Oct 2023 05:09:29 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 68A2 15 KB
15 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 13:14:53 GMT
x-content-type-options: nosniff
age: 329063
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Oct 2023 13:14:53 GMT

GET
H3 200 w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js Show response
pagead2.googlesyndication.com/bg/ Frame A824 36 KB
16 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3a8782bbe8cd0610acc3f91da27e1d89a86cb7049fd4146a833f0518c112ec3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 566018
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15993
x-xss-protection: 0
last-modified: Mon, 03 Oct 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 19:25:38 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 68A2 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoLCAEqB2Jhbm5lckIKCggCKgZzZXJ2ZXIKMQgEKi1teXNpZGlhX2FuYWx5dGljc19leHAzLG15c2lkaWFfcmVsZWFzZV9jYW5hcnkKDRArIQAAAAAAgElAMAQKDRADIQAAYGZmAJBAMAQKDRAKIQAAADQzszNAMAQKDRANIQAAAAAAAAAAMAQKDhAeKggxMjAweDI4MDAECg4QGSoIMTIwMHgyODAwBAoNEA4hAAAAAAAAAAAwBAoNEAQhAAAAAABUkEAwBAoNEA8hAAAAAAAAAAAwBAoNECshAAAAAABAUkAwBAoNEAUhAABgZmZUkEAwBAoNEBAhAAAAAGC34EAwBAoNEBEhAAAAAAAY1EAwBAoNEBIhAAAAAAAAIEAwBAoNEBMhAAAAAAAAEEAwBAoNEBchAADQzMz0kkAwBBIaQ05XdnRyRGoxX29DRlFQSHNnb2R0Y0lGREEiHHNjcmVhbS90aHJvbmVfaW1hZ2VfbG9nb19vY2goEQ==

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/bca10ddd16af34d21051a380f937ccd2.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 71ms
43ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221005&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

015eb0d9a896d0cb663aed0e9b4960bd10ff4259b9dd527325cedb8553244399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11240
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 68A2 0
20 B 48ms
48ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/bca10ddd16af34d21051a380f937ccd2.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js Show response
pagead2.googlesyndication.com/bg/ Frame 365D 36 KB
16 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2926736915306400&output=html&h=280&adk=1418185256&adf=1436417967&pi=t.aa~a.3152972103~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665477555&rafmt=1&to=qs&pwprc=9457725174&format=1200x280&url=https%3A%2F%2Fwww.travelbyus.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665477555035&bpp=1&bdt=1652&idt=-M&shv=r20221005&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df4967dd8c2666b00-2252be5a40ce00ce%3AT%3D1665477554%3ART%3D1665477554%3AS%3DALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw&prev_fmts=0x0%2C338x280%2C1200x280&nras=4&correlator=5380283916519&frm=20&pv=1&ga_vid=1647092186.1665477554&ga_sid=1665477554&ga_hid=1540767316&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1826&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531705%2C31069178%2C31070209%2C21065725&oid=2&pvsid=3338832343418063&tmod=502651653&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=qExbeOklQz&p=https%3A//www.travelbyus.org&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3a8782bbe8cd0610acc3f91da27e1d89a86cb7049fd4146a833f0518c112ec3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 566018
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15993
x-xss-protection: 0
last-modified: Mon, 03 Oct 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 19:25:38 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Oct 2022 08:39:16 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 68A2 0
20 B 48ms
48ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoLCAEqB2Jhbm5lckIKCggCKgZzZXJ2ZXIKMQgEKi1teXNpZGlhX2FuYWx5dGljc19leHAzLG15c2lkaWFfcmVsZWFzZV9jYW5hcnkKDRAyIQAAAAAzM9M_MAQKDRAzIQAAAAAzM9M_MAQKDRA0IQAAAAAzM9M_MAQKDRA1IQAAAAAzM9M_MAQKDRA2IQAAAAAzM9M_MAQKDRA3IQAAAAAzM9M_MAQKDRA4IQAAAKCZmQFAMAQKDRA5IQAAwMzMIIZAMAQKDRA6IQAAoJmZcYZAMAQKDRA7IQAAAAAA7pJAMAQKDRA8IQAAAAAA7pJAMAQKDRA9IQAA0MzM9JJAMAQKDRA-IQAAAAAAlJRAMAQKDRA_IQAAYGZmlJRAMAQKDRBAIQAAMDMzw5RAMAQSGkNOV3Z0ckRqMV9vQ0ZRUEhzZ29kdGNJRkRBIhxzY3JlYW0vdGhyb25lX2ltYWdlX2xvZ29fb2NoKBE=

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/bca10ddd16af34d21051a380f937ccd2.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C1E3 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss8OcbnXWpYeBSP9ja5sh9YOsQIySL7ltJTOYxiy7DBmFs2R5S-KYQCwi1_qzl5Uk3my9lYuwdsjpxxzldEmo0DOXGELVwtU_NVU85Kanb-HuoekmsdiJS4nkHcbuFLbACCZoHr3A&sai=AMfl-YQA9dsoznVMQnCxWdbnXiBFtOefsYKY57d8SLt3sCvWkVA5XNEE3JT58BY1nKMeR1f7Cm7N85vs2eM6agk&sig=Cg0ArKJSzL4f70YnlH7uEAE&id=lidar2&mcvt=1006&p=0,0,124,1005&mtos=172,843,1006,1006,1006&tos=172,671,163,0,0&v=20221010&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1665477555101&rpt=474&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A02B 13 KB
5 KB 16ms
14ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:18:49 GMT
expires: Wed, 11 Oct 2023 08:18:49 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 274E 783 B
535 B 24ms
23ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

10465ea3dc01cb20c9ac159cf88d1e18baa0d159b347d37fdf2588901bff3ea2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gJa7COMwyE181u98Wd7AlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.travelbyus.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-gJa7COMwyE181u98Wd7AlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 08:39:16 GMT
expires: Tue, 11 Oct 2022 08:39:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 274E 0
0 48ms
48ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221005&jk=3338832343418063&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H3 200 w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js Show response
pagead2.googlesyndication.com/bg/ Frame A02B 36 KB
16 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w6h4K76M0GEKzD-R2ifh2JqGy3BJ_UFGqDPwUYwRLsM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3a8782bbe8cd0610acc3f91da27e1d89a86cb7049fd4146a833f0518c112ec3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 566018
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15993
x-xss-protection: 0
last-modified: Mon, 03 Oct 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 19:25:38 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A02B 0
12 B 14ms
14ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?XUXi_Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:16 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3A6D 42 B
64 B 50ms
49ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstUhc-jD60Qa-P5ML8sPSVbQL4-zwAZzm_heETsw2BSR4Q6BFzw8QHLf286PTUxb9BOL07IL1T6-IrWtvL8vCaBs-KcBgOiTpcreBbeRZVtc3E6QMpqZqatWcHeLxH19SWgK2UiYA&sai=AMfl-YTPEJ2SsNrU2A9WlVlbaeEAUOUDCsWNeKK7V_f2X6SNu85jX1-6Oqz3314CmgGYYmpfP1bXs_w4X6gSi8Y&sig=Cg0ArKJSzLkbecvh8ehvEAE&id=lidar2&mcvt=1000&p=0,0,280,336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221010&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=1739562190&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1665477554173&rpt=1721&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Oct 2022 08:39:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 51ms
51ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221005&jk=3338832343418063&bg=!xsWlxYHNAAYqRg79CkY7ACkAdvg8Ws498PgWgzTR8DlLHn_xs5mMrFMEjpVFwbTvamk_r_B8KBN-cQIAAABaUgAAAAVoAQcKAJaGHYO3TL7OdNkpkHQUs54JrwQ6kwRgwk_zGIyRdyhvaY4ZPKpTsJ7BLXrIBcTE-jO5zHigZLSr4qPBanRZWxdKdvGN5DfueY5pTYdHj90P13GnWrvDeD3Okmc5pzvnKXaXu1Vor7vM9OT373qEaIGRz0dIKCEr6Ke_ykLNIOrAF1wDTPabr-YyFRKYUJ1VYo3V4wc236qZAtAib-I-bMsabbry_j9P9UuhgqWp32tlqxy2jbsqBYYZ9wyQfa1Rz0PfIFd8ImlDV26f7b5Jk1fcXM0HkUIPqmT5bbBXVRpELpZxrpc0y9YFAz7UO-MU_KczJTSYhGtvALqpyE2RSYB8erDabJSF7lCC65Cr7ShU7PT6FnrJuDAUp_iHX5ziVc8r087aW6ns5ssroPq-eA7VOInv1UrErMpi5uEY92qV7E6P7YYryzDdD3nVIxgDPy7AKBDLlDVIObFhVCtVPFWCYAS7dJSlPeiI_vXsTSSHI5EbxxnAfyUz8Ei1QHE60j69eohMQyxsMUuAMoe6LGlh8LjIE9q821dNdhFZKl5c2pbbhB0ni1dHr9JXvC4HjTrCyYhmrJRgpq_Xld25bORCome6rTMlncg6ZzETuVvF-8XcOCK5qDijxRSa5GLE7A7b0pA5atpX5oPU_obAqXmMqnTxf6TXTehiEqGQy6RF0ytHVVU-8wM6ltjVKfuhKhsaGaaaQvChENbuvG0h3w9twTkqXR4F7DPqCm_agIIY6RwMSn964x96E8lL7zKKJWTPhAtAllmK2Z25cDz0djRNNVHSEIPNALl0qMKf5YNZvL6CfleoQjkaeG-fDDYxhkLINFZ0Irwk_AQBfP-7loLm10YJD66uo457HL8_uWF5bwuaW-lktEW4bvW22TlUvWnoDr42GEqsft-NlS_Sz_bsgX3XiiIjVlxs0g9_Ih4WgtpkbYJEqPlM8OliRnG7IXkCSc4qiUdce5MMyKCduNBe3zG8ICEmo3kc1KOOfLQnN-W0LgcBw0QycXJgil-LDD7lUaAlSjhssl0V9TycTz788n8WGUCveka9oxCxfkOPp-7lSnUlJTmY4c2SNGMtFMRkucHh81mNHOfv_M7QbaPUy1sCxDMyMMNJb7F3jKwssV4Uz9DkRVsmjDI2jh8xP4w_nj_4VyD_usM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 26224244_883195225180423_873079092210040832_n.jpg
www.travelbyus.org/wp-content/uploads/2018/11/ 127 KB
128 KB 151ms
151ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2018/11/26224244_883195225180423_873079092210040832_n.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: 5a33560046d69b6b549de44dc633e2f8b0793de157f276274d4e6f33f9f40dc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:18 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 11 Nov 2018 12:01:40 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 130073

GET
H2 200 yogin.jpg
www.travelbyus.org/wp-content/uploads/2018/08/ 134 KB
135 KB 153ms
153ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2018/08/yogin.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: d002def30698d66db2949953d802719e7d0863c21c8dd843cea93022d74e372f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:18 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 08 Aug 2018 16:05:16 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 137530

GET
H2 200 yogin.jpg
www.travelbyus.org/wp-content/uploads/2018/08/ 134 KB
135 KB 154ms
154ms Image
image/jpeg 50.87.237.60
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.travelbyus.org/wp-content/uploads/2018/08/yogin.jpg
Requested by: Host: www.travelbyus.org
URL: https://www.travelbyus.org/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.237.60 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2144.bluehost.com
Software: Apache /
Resource Hash: d002def30698d66db2949953d802719e7d0863c21c8dd843cea93022d74e372f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.travelbyus.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 08:39:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 08 Aug 2018 16:05:16 GMT
server: Apache
content-type: image/jpeg
accept-ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 137530

GET yogin.jpg
www.travelbyus.org/wp-content/uploads/2018/08/ 0
0

GET 21480553_469261286779666_3737162653269753856_n.jpg
www.travelbyus.org/wp-content/uploads/2018/08/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEDWHol3cRgaSm0eC7KWc25s&google_cver=1&google_push=AZmPxg-KasvlKtQ5ZQ0NabV3ooVtTebk_lZWiz9SrqPenqgB7qFFB69OCYe_Fe6i6rh_7l-f3gx32mVjrNUf3voSc9eTWsaMnJcx

Domain: www.travelbyus.org
URL: https://www.travelbyus.org/wp-content/uploads/2018/08/yogin.jpg

Domain: www.travelbyus.org
URL: https://www.travelbyus.org/wp-content/uploads/2018/08/21480553_469261286779666_3737162653269753856_n.jpg

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.travelbyus.org/	1970-01-20 16:13:57	Name: _ga Value: GA1.2.1647092186.1665477554
.travelbyus.org/	1970-01-20 06:39:23	Name: _gid Value: GA1.2.327054424.1665477554
.travelbyus.org/	1970-01-20 06:37:57	Name: _gat Value: 1
.travelbyus.org/	1970-01-20 15:59:33	Name: __gads Value: ID=f4967dd8c2666b00-2252be5a40ce00ce:T=1665477554:RT=1665477554:S=ALNI_MbvwaVkosRB_wFx-C3wLqg6UGiZCw
.doubleclick.net/	1970-01-20 06:38:01	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 15:59:33	Name: IDE Value: AHWqTUmEsumhI3gkuB_2ojZaxsR4WfOl1VcsL2d2EEOvicrBeEdR70u-X0GYt73VHek
.quantserve.com/	1970-01-20 08:47:33	Name: d Value: EBgBCQGnJ4EA
.quantserve.com/	1970-01-20 16:08:11	Name: mc Value: 63452bb4-29e20-84d54-46e1f
.agkn.com/	1970-01-20 15:23:33	Name: ab Value: 0001%3Ayeb1xhuMLbHCuF0rhvpYvQwaCCXpnxYD
.agkn.com/	1970-01-20 15:23:33	Name: u Value: C\|0CEAq1-g0KtfoNAAAAAAAAQ13AQCAAQpAAAAAAA
.casalemedia.com/	1970-01-20 15:23:33	Name: CMID Value: Y0UrtI2XR6TPmtLqGjD1GwAA
.casalemedia.com/	1970-01-20 08:47:33	Name: CMPS Value: 1171
.casalemedia.com/	1970-01-20 08:47:33	Name: CMPRO Value: 1171
.casalemedia.com/	1970-01-20 08:47:33	Name: CMTS Value: 1166
.e.dlx.addthis.com/	1970-01-20 16:08:11	Name: na_tc Value: Y
.innovid.com/	1970-01-20 08:47:33	Name: uuid Value: 2fb0023a-bfd0-40cf-b51e-9b184d435da7-20221011 04:39:16
.addthis.com/	1970-01-20 16:08:11	Name: na_id Value: 2022101108391600051939806148
.addthis.com/	1970-01-20 16:08:11	Name: na_tc Value: Y
.addthis.com/	1970-01-20 16:08:11	Name: uid Value: 63452bb42294f069
.addthis.com/	1970-01-20 16:08:11	Name: ouid Value: 63452bb4000124769ef5bff7d163694220be12e33760625f9e05
.dlx.addthis.com/	1970-01-20 07:21:09	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 07:21:09	Name: na_sr Value: 20221011
.dlx.addthis.com/	1970-01-20 06:37:57	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 07:21:09	Name: na_sc_e Value: 0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEDWHol3cRgaSm0eC7KWc25s&google_cver=1&google_push=AZmPxg-KasvlKtQ5ZQ0NabV3ooVtTebk_lZWiz9SrqPenqgB7qFFB69OCYe_Fe6i6rh_7l-f3gx32mVjrNUf3voSc9eTWsaMnJcx Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAZmPxg9DA56ig8FZlMNxDOqYRhGk6tfyVEGWp-8LatpRrdIyfDGD5MBbaBOkow5xDz6EpVGmbuAG5GUrYwaccC3XBj8wdptE1tQ&google_gid=CAESEI36Vi-OUwW8WTXMRaCvfWg&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20221005/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271801&client=ca-pub-2926736915306400&fa=1&ifi=7&uci=a!7&btvi=4&xpc=ss8ysjYsDJ&p=https%3A//www.travelbyus.org Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ag.innovid.com
analytics.shareaholic.com
api.viglink.com
buttons-config.sharethis.com
cdn.shareaholic.net
cdn.viglink.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d.agkn.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
google-analytics.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
id.rlcdn.com
image6.pubmatic.com
l.sharethis.com
m9m6e2w5.stackpathcdn.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
partner.shareaholic.com
pixel.rubiconproject.com
platform-api.sharethis.com
rtb.openx.net
scontent.xx.fbcdn.net
ssum-sec.casalemedia.com
static.doubleclick.net
static.xx.fbcdn.net
tpc.googlesyndication.com
travelbyus.org
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.shareaholic.net
www.travelbyus.org
googlecm.hit.gemius.pl
www.travelbyus.org
104.18.18.126
107.20.140.231
13.32.99.51
151.139.128.11
172.217.23.98
184.73.100.94
198.47.127.19
216.58.212.130
2600:9000:223c:1c00:c:abe:f440:93a1
2606:4700::6810:a40d
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:800::2003
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::200e
2a00:1450:4001:828::2006
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::2004
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a05:d01c:1d8:8101:25d:89fc:67d9:f1d7
3.122.76.243
3.123.239.111
34.248.7.88
34.98.67.61
35.174.112.146
35.186.253.211
35.244.174.68
50.87.237.60
69.173.144.138
69.192.160.219
009b278e570d00e6e01fab77d1ab77c7d3e3db56f37df4f12be3553795365383
015eb0d9a896d0cb663aed0e9b4960bd10ff4259b9dd527325cedb8553244399
0419e69120a1482daf1f15c02e3f33243fdb086d90cbb69d3bab8aa4de064056
07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cd455709157c9ab51f6690915a476e1bc2c5b9261e4dac4d0f5024116157b54
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
10465ea3dc01cb20c9ac159cf88d1e18baa0d159b347d37fdf2588901bff3ea2
10e1f49f0f27f540d0c567d7ff510501389d4d8e72f6af6f8a3a1c66320b00f9
12b88b37b848e93cbff359332a18207f95f29b3350e5ef3fc7dbfdd56f5bf02e
16aa6fa9cafd57e49fdc06346467d51a96cd4852d0a40dd7a29785ed62a9a23d
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1b7fe1e319d40ecfb9a0799820d08c770dfe754484e9d315bc60e62da4c4285e
1d13519cbe68d19daeaca93f3a9bc423b1644bda6c19f4501483e8f23893c345
1d247c32cff59d7e1b993acf23dd77bf2403032407402690722cce2096f62061
1d2edfe4b9da6657460275a1e6ed9d7e114848f0b531ff229774a2dc92a60faf
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1f7239af6f4e76d246b38c8378f242924b661fee6ce090aba51efe94627d0f35
239a83f36e0eb1c181c4ec174b9a05ce02b44afc5685aa3dc828aa581ea3d7a0
2ac523824bc1635fae9a925f20cecfb001148b2c9ef0a799e014b948f95e301c
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
311d6e0a623475d73c35b2a61232ef0621db876a120cf7069721cb04f06ad003
317604f0095ebb05fdc3811bb662d4ca40326bac093888dc247f0e6f069b6694
324079ec3c1b7edbae53b7e8a43ec28776792944b479f7df68a565814c56311f
347f885243664d7fa4496861c399ab116f962252f50e3be2ac84d198fce5a8dd
39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101
3bc6d9198de7f893a58a9b6f87c6267bc99ac181d8ffea9f78203d4b56273b60
3dec7344da876753f7e1c1d0af4015c999494f0ced1a011c33f6f1dc6de75bee
40a756ab79660a4c284c427c7a096c2d295c3d5f3d4197880d7a9bc6b5a0337c
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
484caa5be3cc57262d16ef6714a06534618544120afa24f9d1bd649a9339890b
4889509b33a1f28a706f744883f0dbbc6a07df7df4ab6298d89665a5614f4aba
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4ba8f26f2981d7e02030eaff9c6869eedd2de20e9d261dae7bcb8535f84d7b50
4c01bda88c70f4508fe21057233d32a63b91052cac425a9027a1f930866d4e33
4c921f9bac77793b99b7983b08f28cc6c01c63972bb33bc5770e48bca60cc3ba
4d071d69e25eb8288369459a7fa77275fd654bc22f4965e50ca2e95fe63931c3
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e1b38e3ec57ff3b5e9d587e514749f89efbca73eb3b4612a434ae18707c74e2
511e6af99a30aab5799f1beafd5b8ad415cbfc278a9e2beb2d75a1ed02d91f12
516ce076817af45ee1038ea3aaf146aa50577cab7f390b88b44a90c5e8a986d6
53c311faa86a6220eedcc8ca4329e87c2b28f84a47f0b41f9c04937790ae93ae
54654b26dee9bc46545c79f816398b7f73548fddb4676f490d2589972ed9f2d8
5501e08abccd50d5fa2bc70ef46adf1bc135941ab89408f83fe90d53cbe7eb4e
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59e80f5a3957be2f81d0870579cb9a56c3ccadfdf9e47527efd7498c9b2eed05
5a33560046d69b6b549de44dc633e2f8b0793de157f276274d4e6f33f9f40dc4
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5e3f33cd72859c5ead67ebdf528c65772430b0ba181cb711e56f45c6f92cf02c
5f45e2a223cabc1ddc4525a4045614b25b9d27f8e9410df276bec1443857eb30
5f97582cbaa0a8ffb23b8701916fb60e09017867549087d5f1c24ba688030636
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62fae6814e2fac139576dbeae2d666c23815d762200c3b4150302169dfaaac6a
640ad6ed3481eca92012da83afcec7fbb0faac1e653a70ee2fd87547e096bed3
64c42abcf10701e7b2173b9b910c8ddab09608920649fc5eec689d1e82ade9af
65e9cf20d1d0bf0d990df885c9e4314cea1b2717c618be3984a112d0cab170ac
68eaf8ac60d0942a6bcee0b4538d7d50ebe41bd26e332550d05d8b9d37fa16e4
6a162c7c14f08a6ad632407431cc46ae786394033bcd85eb6df52ba0c29dcf64
6b843e790da6cd0382ce651f782236f3fe68e99b1523c4fbafb2542dffff444c
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
700ad5e597681fb45dfc74f05206ad9c2229a6c710c45b413842ddfe03ce4d50
73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e
7335c98517ed2d5b28367b1623ff2c13feb7d9a2caf553861a16c4979f951d9b
781435863bd553fd2673b10b1dda8faad16ba7f9113560d4a9815615b8ddf5cd
7916bf0f2c745446bffc819162a8d1e0ee26faf024520464359e26eb16c4b0c8
7bdf89237caff78415d2c19c63e614baa3073656be47128638615d66ce9b1d34
7d6b185c25855ec7d560c46a127f8f28ea723d0bd8bd6b1c2b610cd219016207
851b1ba17f2457cf226e2fc4f461542436d723f6436c8be64624cc42e81ad1c0
8586a8a48d83c458b675c80aa94fbba3fe2b9f0c12c0097ea39bc345df72f8e9
87cdc9a4af3ce62dc6e491a4a393307f40a3c90bbac8ada4baafff7390775b8c
880b54918b4a62ebf033b5063c0398a2e3173533c69e87aa7ea9ad8af6b9ed72
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8da5c9041bc1e9d4fdb1e387807c44237a704bfafa2617acb77c25d790553710
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
9501b9f2b34f5e8b12ae0a1c043e08dd25b8c414cc72eb2d29b66bf7b7335fd6
95bd0c050a629e681e22cf876333a2f6da63b48801c52fef52b97c119e3f2925
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
97d28bf5a628c4f0305a6f837e85d5ae7dbf44485f04d2a4cada8d7810c9bb03
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ecbaf54325167809fb1d28162b6e0251528ba3d571628343e763c904123f716
9f24f87a718cb69c45930f92e1e798a476707ace487372ce9cbf0ef26ea98554
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6888f85540f3bff0e822ddc943cd4fb7531e7cbc52ae28a1b38e78eac297e81
a7554aeaf6cfc15e3a2543339793d56fcff66ce5f29e12326908d1e97b168293
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
aa6e97fd276690e8d93d1f41c9e1e84239991606ffef007c8e7f629c9342f04b
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
acd5c1b3bf98d1b9232de006d8296be7561a2a7e49a21fcecb92982023efc921
b11c92bffb3352451105557f7e8a0a0400784e694868f9f31686abcb8cf44a61
b41196b36f282a09b3b6ed74fdb916ccdeb3659130f326da05c27a4f3655aeaf
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b5b7440eb01b4db530c8b12650e39b4a3bfb1b49b7518c76b08bb6e8b8434a2f
bcd3ea17cbf6c1c1e8b723ac4013c9f23c5ec57085b27a38b3ac59f401890591
bef00c3c204b60796965a6b658035743262790e8a222ca3e52020e5c49718390
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c3481fbb99448440c24cc5c6d452b6c2e3450f471d69cc31269ffe9a05964fa9
c3a8782bbe8cd0610acc3f91da27e1d89a86cb7049fd4146a833f0518c112ec3
c86d8bb13f5159b51509118253d40b69616a4a54b7a24d9c08f727eaf3ef9e46
cbd1a9f141a955bfd24dd0826c1aad186d848d4fa6735f4a784f825f2a2ed61b
cebc7a80f5ac30f4c8c7e298fe437356fb12ea8a2d639fb0945e985969ca90ca
d002def30698d66db2949953d802719e7d0863c21c8dd843cea93022d74e372f
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
dabdc4a34886087b602a5261f63e7bf73b1f0d5419eb3c6e77f525eee88779e4
dcf03499320107fb184b7713b0dd262e2b8117122c4a39823921dc206f3813cf
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e1684fc4ce4e99adbe5d9f0a4eb19ce2c54116da8b0f9224cdc94d33988aa387
e27485b98b56c6d269125bd994acdb67c1c796126d919d33adb2e013b723b59a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e7da4841b631f18b890fd0f6862b2b21ab89e519c425fc0f3a3a3873791cc51d
e82c6cef5d3adbe9505e301f70831d7813c26d06468639f0dd009346830acc70
e8364100f848675f4baf850e36f62407e681d563534c6c212e9852e32875a512
ed6b42edcf89a2577ecd8c30bbc7e0616968538603945cd7c17ee8a49f28a0e4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f20335708045c8758cc33cfee8c35e10627592a5139bda813ad06830502201c5
f267fee8cfbb8bcb0b5504290fec9b97e96ca840c139a637411f696cac6099b3
f2f8a098577ad0b23587ad26722d70ca485df960249529a699596e73bd57a887
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fa59b5e1e5bc5364f8b99ec1ac55499b23f29c56a976fb760da6c7dc45fffac2
faf79cb9e29372a0c931d3c576f286c1ae40f22a5c24c089ab51e06685775660
fb7989597f1a10a56bd83de6a26eefec44a0c704979fb5e06f02195bc9cebfce
fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb
fd4166a69eaa2d6cf37f33cb021cda0767429283b038db80e64e4fdd7adac908
fddf414a300c78da053ac44e4c709bb5a0336c14fe29df3c136ee7f239d7e847
fed01ce1153a0e18e5af37771b7c26b652794d68439456dcf4779c1ddae6e363
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

www.travelbyus.org Open in urlscan Pro 50.87.237.60 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

219 Requests

94 %HTTPS

50 %IPv6

29 Domains

42 Subdomains

33 IPs

5 Countries

3856 kBTransfer

7386 kBSize

24 Cookies

1 Outgoing links

Page URL History

Redirected requests

219 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.travelbyus.org Open in urlscan Pro
50.87.237.60 Public Scan

Screenshot
Live screenshot

Full Image

219
Requests

94 %
HTTPS

50 %
IPv6

29
Domains

42
Subdomains

33
IPs

5
Countries

3856 kB
Transfer

7386 kB
Size

24
Cookies

219 HTTP transactions
7 data transactions