www.nytimes.com Open in urlscan Pro
151.101.65.164 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://link.mail.bloombergbusiness.com/click/29363474.380344/aHR0cHM6Ly93d3cubnl0aW1lcy5jb20vMjAyMi8xMC8xMi91cy9wb2xpdGljcy9sZW9uYXJkLW...
Effective URL:
https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Submission: On October 13 via api (October 13th 2022, 6:17:18 pm UTC) from US — Scanned from DE

Summary HTTP 115 Redirects Links 41 Behaviour Indicators

Summary

This website contacted 28 IPs in 3 countries across 20 domains to perform 115 HTTP transactions. The main IP is 151.101.65.164, located in United States and belongs to FASTLY, US. The main domain is www.nytimes.com. The Cisco Umbrella rank of the primary domain is 3344.
TLS certificate: Issued by Thawte RSA CA 2018 on March 14th 2022. Valid for: a year.

This is the only time www.nytimes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.226.166.212 3.226.166.212	14618 (AMAZON-AES) (AMAZON-AES)
43	151.101.65.164 151.101.65.164	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
11	52.207.181.173 52.207.181.173	14618 (AMAZON-AES) (AMAZON-AES)
6	151.101.129.164 151.101.129.164	54113 (FASTLY) (FASTLY)
7	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:480... 2a02:26f0:480:297::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	143.204.215.54 143.204.215.54	16509 (AMAZON-02) (AMAZON-02)
2	174.129.223.242 174.129.223.242	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:340... 2a02:26f0:3400:180::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1 2	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223c:7400:18:1fcd:351:7bc1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::681a:69b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	52.73.164.105 52.73.164.105	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	20.50.2.28 20.50.2.28	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700:e6:... 2606:4700:e6::ac40:c516	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	23.213.161.143 23.213.161.143	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.213.161.144 23.213.161.144	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
4	2606:4700:e6:... 2606:4700:e6::ac40:c416	13335 (CLOUDFLAR...) (CLOUDFLARENET)
115	28

1 3.226.166.212 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-166-212.compute-1.amazonaws.com

link.mail.bloombergbusiness.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 151.101.65.164 (United States)

ASN54113 (FASTLY, US)

www.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static01.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
myaccount.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwcm.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static01.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vp.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.207.181.173 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-181-173.compute-1.amazonaws.com

a.et.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
als-svc.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
meter-svc.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.129.164 (United States)

ASN54113 (FASTLY, US)

samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:297::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.215.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-54.fra53.r.cloudfront.net

dd.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 174.129.223.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-174-129-223-242.compute-1.amazonaws.com

a.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
purr.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3400:180::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.166 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

5290727.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:7400:18:1fcd:351:7bc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:69b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.73.164.105 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-164-105.compute-1.amazonaws.com

pnytimes.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.50.2.28 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

collector.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e6::ac40:c516 (United States)

ASN13335 (CLOUDFLARENET, US)

platform.iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.213.161.143 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-143.deploy.static.akamaitechnologies.com

trial-eum-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.213.161.144 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-144.deploy.static.akamaitechnologies.com

3fznufyx2wqy6y2ikyuq-piy2sf-20cac2430-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

trial-eum-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eaarwyaaaibeakqce3ydkaaaczruqvrj-piy2sf-3a47096c6-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e6::ac40:c416 (United States)

ASN13335 (CLOUDFLARENET, US)

iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	nytimes.com www.nytimes.com — Cisco Umbrella Rank: 3344 a.et.nytimes.com — Cisco Umbrella Rank: 6396 samizdat-graphql.nytimes.com — Cisco Umbrella Rank: 8381 als-svc.nytimes.com — Cisco Umbrella Rank: 10654 myaccount.nytimes.com — Cisco Umbrella Rank: 12307 dd.nytimes.com — Cisco Umbrella Rank: 10905 meter-svc.nytimes.com — Cisco Umbrella Rank: 11432 a.nytimes.com — Cisco Umbrella Rank: 7601 purr.nytimes.com — Cisco Umbrella Rank: 8064 mwcm.nytimes.com — Cisco Umbrella Rank: 11613 static01.nytimes.com — Cisco Umbrella Rank: 11087	1 MB
18	nyt.com g1.nyt.com — Cisco Umbrella Rank: 9665 static01.nyt.com — Cisco Umbrella Rank: 5482 a1.nyt.com — Cisco Umbrella Rank: 8167 vp.nyt.com — Cisco Umbrella Rank: 15432	2 MB
14	googlesyndication.com b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 147 pagead2.googlesyndication.com — Cisco Umbrella Rank: 104	66 KB
9	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 188 5290727.fls.doubleclick.net — Cisco Umbrella Rank: 9302	178 KB
6	iteratehq.com platform.iteratehq.com — Cisco Umbrella Rank: 7062 iteratehq.com — Cisco Umbrella Rank: 6386	32 KB
4	akamaihd.net 2 redirects trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 2035 3fznufyx2wqy6y2ikyuq-piy2sf-20cac2430-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 2032 eaarwyaaaibeakqce3ydkaaaczruqvrj-piy2sf-3a47096c6-clienttons-s.akamaihd.net	1 KB
3	brandmetrics.com cdn.brandmetrics.com — Cisco Umbrella Rank: 3417 collector.brandmetrics.com — Cisco Umbrella Rank: 3710	16 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 78 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 44	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	20 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1300 c.go-mpulse.net — Cisco Umbrella Rank: 595	51 KB
1	gstatic.com fonts.gstatic.com	13 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 193	47 KB
1	chartbeat.net pnytimes.chartbeat.net — Cisco Umbrella Rank: 7300	201 B
1	adsrvr.org insight.adsrvr.org — Cisco Umbrella Rank: 632	261 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1323	15 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8724	792 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 61	108 KB
1	bloombergbusiness.com 1 redirects link.mail.bloombergbusiness.com — Cisco Umbrella Rank: 93333	674 B
0	akstat.io Failed 02179915.akstat.io Failed
115	20

	Domain	Requested by
14	g1.nyt.com	www.nytimes.com g1.nyt.com b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
13	www.nytimes.com	www.nytimes.com
12	samizdat-graphql.nytimes.com	www.nytimes.com
9	a.et.nytimes.com	www.nytimes.com
7	securepubads.g.doubleclick.net	www.nytimes.com securepubads.g.doubleclick.net b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com www.googletagservices.com
6	tpc.googlesyndication.com	b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com
5	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
4	iteratehq.com	platform.iteratehq.com
3	b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com	securepubads.g.doubleclick.net b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
3	myaccount.nytimes.com	www.nytimes.com myaccount.nytimes.com
2	platform.iteratehq.com	www.nytimes.com platform.iteratehq.com
2	static01.nytimes.com	b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
2	fonts.googleapis.com	client b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
2	cdn.brandmetrics.com	www.googletagmanager.com cdn.brandmetrics.com
2	5290727.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	adservice.google.com	securepubads.g.doubleclick.net 5290727.fls.doubleclick.net
2	dd.nytimes.com	www.nytimes.com dd.nytimes.com
2	static01.nyt.com	www.nytimes.com
1	www.google.com	tpc.googlesyndication.com
1	eaarwyaaaibeakqce3ydkaaaczruqvrj-piy2sf-3a47096c6-clienttons-s.akamaihd.net
1	trial-eum-clienttons-s.akamaihd.net	1 redirects
1	3fznufyx2wqy6y2ikyuq-piy2sf-20cac2430-clientnsv4-s.akamaihd.net
1	trial-eum-clientnsv4-s.akamaihd.net	1 redirects
1	vp.nyt.com	b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
1	fonts.gstatic.com	fonts.googleapis.com
1	collector.brandmetrics.com	cdn.brandmetrics.com
1	www.googletagservices.com	b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
1	pnytimes.chartbeat.net	www.nytimes.com
1	insight.adsrvr.org	www.nytimes.com
1	a1.nyt.com	www.nytimes.com
1	static.chartbeat.com	www.nytimes.com
1	mwcm.nytimes.com	www.nytimes.com
1	adservice.google.de	securepubads.g.doubleclick.net
1	c.go-mpulse.net	s.go-mpulse.net
1	purr.nytimes.com	www.nytimes.com
1	a.nytimes.com	www.nytimes.com
1	meter-svc.nytimes.com	www.nytimes.com
1	s.go-mpulse.net	www.nytimes.com
1	als-svc.nytimes.com	www.nytimes.com
1	www.googletagmanager.com	www.nytimes.com
1	link.mail.bloombergbusiness.com	1 redirects
0	02179915.akstat.io Failed	s.go-mpulse.net
115	43

This site contains links to these domains. Also see Links.

Domain
myaccount.nytimes.com
www.youtube.com
www.thegazette.com
www.c-span.org
projects.jsonline.com
truenorthresearch.substack.com
web.archive.org
www.eenews.net
consumersresearch.org
www.wsj.com
tallahasseereports.com
www.flgov.com
twitter.com
www.bloomberg.com
www.blackrock.com
www.washingtonpost.com
youtu.be
www.axios.com
help.nytimes.com
www.nytco.com
nytmediakit.com
www.tbrandstudio.com

Subject Issuer	Validity	Valid
nytimes.com Thawte RSA CA 2018	`2022-03-14` - `2023-04-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
a.et.nytimes.com R3	`2022-10-04` - `2023-01-02`	3 months	crt.sh
als-svc.nytimes.com R3	`2022-08-16` - `2022-11-14`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
akstat.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-15` - `2023-04-19`	a year	crt.sh
dd.nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-03` - `2023-04-02`	a year	crt.sh
meter-svc.nytimes.com R3	`2022-09-13` - `2022-12-12`	3 months	crt.sh
a.nytimes.com R3	`2022-08-16` - `2022-11-14`	3 months	crt.sh
purr.nytimes.com R3	`2022-08-26` - `2022-11-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2022-05-06` - `2023-06-03`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2021-12-01` - `2022-12-30`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.brandmetrics.com Go Daddy Secure Certificate Authority - G2	`2022-06-11` - `2023-06-11`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Frame ID: 327B13A8ECFCA5AEEE5905EB5E06D7FF
Requests: 79 HTTP requests in this frame

Frame: https://myaccount.nytimes.com/auth/prefetch-assets
Frame ID: 6251932FBB8601FC0CCA5EF2666AB11A
Requests: 3 HTTP requests in this frame

Frame: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 86E5A7561807F65BA8B7FA2D397F8484
Requests: 1 HTTP requests in this frame

Frame: https://5290727.fls.doubleclick.net/activityi;dc_pre=CLz9-6To3foCFQ2z7QodxkMJbw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=290346128.1665685031;u17=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share;u5=;u18=anon;~oref=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share
Frame ID: 939246DDD3846A7EABBB1C592451462B
Requests: 2 HTTP requests in this frame

Frame: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 639BA13965727D576B462A0390095A2F
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B84720CCF5A4FFE96DCDA8212FC3ABC2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: ECBF08B29F62EEEDB471E6604B5C0393
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Leonard Leo Pushed the Courts Right. Now He’s Aiming at American Society. - The New York Times

Page URL History Show full URLs

https://link.mail.bloombergbusiness.com/click/29363474.380344/aHR0cHM6Ly93d3cubnl0aW1lcy5jb20vMjAyMi8xMC8xMi91cy9wb2... HTTP 302
https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share Page URL

Detected technologies

Backbone.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

backbone.*\.js

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

Datadome (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

115
Requests

97 %
HTTPS

59 %
IPv6

20
Domains

43
Subdomains

28
IPs

3
Countries

3982 kB
Transfer

8490 kB
Size

31
Cookies

41 Outgoing links

These are links going to different origins than the main page.

URL: https://myaccount.nytimes.com/auth/login?response_type=cookie&client_id=vi&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX&asset=masthead
Title: Log in

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=_wgJuAXK2v8
Title: schools for teaching critical race theory

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=dg-Z2aqRKRo
Title: BlackRock

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=MJRK5k3OfF8
Title: Uber

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=Fg89CSkoSuI
Title: American Airlines

Search URL Search Domain Scan URL

URL: https://www.thegazette.com/crime-courts/parents-group-suing-linn-mar-school-district-over-gender-discrimination-policies/
Title: information to be withheld from parents about children’s gender identities

Search URL Search Domain Scan URL

URL: https://www.c-span.org/video/?523052-1/president-biden-urges-senate-pass-campaign-finance-bill-disclosing-donors
Title: Mr. Biden singled out Mr. Leo

Search URL Search Domain Scan URL

URL: https://projects.jsonline.com/news/2017/5/5/hacked-records-show-bradley-foundation-taking-wisconsin-model-national.html
Title: hack of a foundation

Search URL Search Domain Scan URL

URL: https://truenorthresearch.substack.com/p/backgrounder-on-barre-seid-the-extremist
Title: analyzed by the progressive researcher Lisa Graves

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20220713205324/https://sfof.com/donor-partners/
Title: listed this year as a top donor

Search URL Search Domain Scan URL

URL: https://www.eenews.net/articles/slip-up-reveals-chevron-ties-to-architect-of-climate-attack/
Title: unintentionally revealed a client

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=eXfM-CpBYL8
Title: propping up Chinese Communist leaders

Search URL Search Domain Scan URL

URL: https://consumersresearch.org/wp-content/uploads/2021/12/CR-Letter-to-Governors-on-BlackRock-Consumer-Warning.pdf
Title: a letter

Search URL Search Domain Scan URL

URL: https://www.wsj.com/articles/blackrock-larry-fink-china-hkex-sse-authoritarianism-xi-jinping-term-limits-human-rights-ant-didi-global-national-security-11630938728
Title: political spectrum

Search URL Search Domain Scan URL

URL: https://tallahasseereports.com/2021/12/22/state-targets-investments-in-chinese-companies/
Title: ordered an audit

Search URL Search Domain Scan URL

URL: https://www.flgov.com/wp-content/uploads/2022/08/ESG-Resolution-Final.pdf
Title: a resolution

Search URL Search Domain Scan URL

URL: https://www.wsj.com/livecoverage/stock-market-news-today-2022-10-06/card/louisiana-to-pull-out-794-million-out-of-blackrock-funds-by-end-of-year-for-its-esg-investing-HwGuSEjF03lc21rrpAPv
Title: pull hundreds of millions of dollars

Search URL Search Domain Scan URL

URL: https://twitter.com/TomCottonAR/status/1377322300303884288
Title: objected to a Republican election law in Georgia

Search URL Search Domain Scan URL

URL: https://twitter.com/TomCottonAR/status/1535344165311197188
Title: BlackRock and its investments in China

Search URL Search Domain Scan URL

URL: https://www.bloomberg.com/news/articles/2022-02-08/larry-fink-meets-big-oil-and-its-foes-to-navigate-climate-fight
Title: meetings this year with oil companies

Search URL Search Domain Scan URL

URL: https://www.blackrock.com/us/individual/insights/buying-houses-facts
Title: housing market

Search URL Search Domain Scan URL

URL: https://www.blackrock.com/us/individual/insights/energy-investing
Title: climate change efforts

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=bmmnKdU2sok
Title: came under fire

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=e4zTbGzWAJ0
Title: after they or their parent companies

Search URL Search Domain Scan URL

URL: https://www.washingtonpost.com/graphics/2019/investigations/leonard-leo-federalists-society-courts/
Title: worked closely with President George W. Bush’s White House

Search URL Search Domain Scan URL

URL: https://youtu.be/doFu1XT4YbM?t=948
Title: Mr. McConnell later said

Search URL Search Domain Scan URL

URL: https://www.wsj.com/articles/charles-koch-says-his-partisanship-was-a-mistake-11605286893
Title: expressed regret for years of backing Republicans

Search URL Search Domain Scan URL

URL: https://www.bloomberg.com/news/articles/2021-10-04/ken-griffin-says-he-won-t-support-trump-for-president
Title: recalibrating their giving

Search URL Search Domain Scan URL

URL: https://www.axios.com/2020/01/07/leonard-leo-crc-advisors-federalist-society
Title: went public as the head of the new network

Search URL Search Domain Scan URL

URL: https://twitter.com/SenWhitehouse/status/1569807902642143236
Title: last month

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014792127-Copyright-notice
Title: © 2022 The New York Times Company

Search URL Search Domain Scan URL

URL: https://www.nytco.com/
Title: NYTCo

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015727108-Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.nytco.com/careers/
Title: Work with us

Search URL Search Domain Scan URL

URL: https://nytmediakit.com/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://www.tbrandstudio.com/
Title: T Brand Studio

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893428-Terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-sale
Title: Terms of Sale

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us?redir=myacc
Title: Feedback

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://link.mail.bloombergbusiness.com/click/29363474.380344/aHR0cHM6Ly93d3cubnl0aW1lcy5jb20vMjAyMi8xMC8xMi91cy9wb2xpdGljcy9sZW9uYXJkLWxlby1jb3VydHMtZGFyay1tb25leS5odG1sP3NtaWQ9dHctc2hhcmU/6277c72f0c69768c87030c34Ba67fca49 HTTP 302
https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 57

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=290346128.1665685031;u17=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share;u5=;u18=anon;~oref=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share HTTP 302
https://5290727.fls.doubleclick.net/activityi;dc_pre=CLz9-6To3foCFQ2z7QodxkMJbw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=290346128.1665685031;u17=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share;u5=;u18=anon;~oref=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share

Request Chain 99

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=piy2sf35d HTTP 302
https://3fznufyx2wqy6y2ikyuq-piy2sf-20cac2430-clientnsv4-s.akamaihd.net/eum/results.txt

Request Chain 100

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=piy2sf35d HTTP 302
https://eaarwyaaaibeakqce3ydkaaaczruqvrj-piy2sf-3a47096c6-clienttons-s.akamaihd.net/eum/results.txt

115 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request leonard-leo-courts-dark-money.html Show response
www.nytimes.com/2022/10/12/us/politics/
Redirect Chain

https://link.mail.bloombergbusiness.com/click/29363474.380344/aHR0cHM6Ly93d3cubnl0aW1lcy5jb20vMjAyMi8xMC8xMi91cy9wb2xpdGljcy9sZW9uYXJkLWxlby1jb3VydHMtZGFyay1tb25leS5odG1sP3NtaWQ9dHctc2hhcmU/6277c72...
https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

301 KB
91 KB

379ms
29ms

Document
text/html

151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

56151b6f036c712a97f8ab4c39830f8dd3a971e23cd8850ad97577456ea73c6b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1959
cache-control: s-maxage=300,no-cache
content-encoding: gzip
content-length: 91252
content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-type: text/html; charset=utf-8
date: Thu, 13 Oct 2022 18:17:07 GMT
fastly-restarts: 1
last-modified: Thu, 13 Oct 2022 17:41:12 GMT
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/2022/10/12/us/politics/leonard-leo-courts-dark-money.html
server: nginx
strict-transport-security: max-age=63072000; preload; includeSubdomains
vary: Accept-Encoding, Fastly-SSL
x-api-version: F-F-VI
x-b3-traceid: 08b1ca1e3a6d44a0b77a9eddcc4088a7
x-cache: HIT, HIT
x-cache-hits: 26, 1
x-cloud-trace-context: 74fd97ab7f51fd0cd08ca578147d7e52/7187096391436126010;o=1
x-content-type-options: nosniff
x-datadome: protected
x-datadome-timer: S1665683363.761823,VS0,VE7
x-frame-options: DENY
x-gdpr: 1
x-nyt-app-webview: 0
x-nyt-data-last-modified: Thu, 13 Oct 2022 17:41:12 GMT
x-nyt-edge-cache: HIT-HIT
x-nyt-route: vi-story
x-origin-time: 2022-10-13 17:49:22 UTC
x-pagetype: vi-story
x-scoop-last-modified: 2022-10-13T14:47:14.289Z
x-served-by: cache-lga21960-LGA, cache-hhn4033-HHN
x-timer: S1665685028.649472,VS0,VE8
x-xss-protection: 1; mode=block

Redirect headers

connection: close
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 13 Oct 2022 18:17:07 GMT
location: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
server: Sailthru
strict-transport-security: max-age=30758400
x-robots-tag: noindex

GET
H2 200 web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
g1.nyt.com/fonts/css/ 60 KB
10 KB 67ms
22ms Stylesheet
text/css 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

18ddec635c94f0004919a4c299f1e5bdf1e5cc0efc263669fc343d5cfc6144f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Tue, 26 Sep 2023 23:57:20 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 1448387
x-guploader-uploadid: ADPycdt5eJHms-t-Z8CQ0DDQ83jJeh6_srp9aooVcYPoYZy4MsGxdSUdXt7jYYuyfMkhW7DJBOS0-UnWS3VuL4GQ6j8HNpztuCF1
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9789
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 03 May 2022 17:15:49 GMT
server: UploadServer
x-timer: S1665685028.730911,VS0,VE0
etag: "0ae5b8ecb62ff6424a71dc89303213f5"
vary: Accept-Encoding
x-goog-generation: 1651598149653041
x-goog-hash: crc32c=YzYKVQ==, md5=CuW47LYv9kJKcdyJMDIT9Q==
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 9789
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 3102

GET
H2 200 global-f449cfd9976ad673ef2b7ab5098b85be.css
www.nytimes.com/vi-assets/static-assets/ 6 KB
3 KB 43ms
43ms Stylesheet
text/css 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176

Security Headers

Name

Value

Content-Security-Policy

upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 95230
x-guploader-uploadid: ADPycdvEJl1hmZGugRdfuWY4nDpRq2KtbSvJL6QJydJNImne_yAf6FwUdm5b5jSr_NhlUWEqFcu-KDxldlvzQY2xtkU_cGQqE_bQ
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:50:01 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685028.696010,VS0,VE1
etag: "e74f8b7c668251280cf3e52e20455a1c"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665437996107668
content-type: text/css; charset=utf-8
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2059
expires: Thu, 12 Oct 2023 15:49:58 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 1968
last-modified: Wed, 12 Oct 2022 15:40:50 GMT
server: UploadServer
x-goog-hash: crc32c=jAKqfw==, md5=50+LfGaCUSgM8+UuIEVaHA==
x-gdpr: 1
x-goog-stored-content-length: 5656
accept-ranges: bytes

GET
H2 200 adslot-d9497965d2cdb4896d18.js Show response
www.nytimes.com/vi-assets/static-assets/ 21 KB
9 KB 24ms
23ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/adslot-d9497965d2cdb4896d18.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

2691e0e8d8dd1f1ddbc3913da712bd7c59bbf25740a371dd50d0be1607421a1e

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 95229
x-guploader-uploadid: ADPycdtA11_byzq_xl-4IwLvEtibclQkoCcr_pnhIf9zYGc5uJ3SRBY_IDNWnzvMmSFAc3flIaJzYR6TVDG7PXNqdexvNmPk_k50
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:50:01 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685028.731077,VS0,VE1
etag: "0595bb5419340e197da9112b246f06a7"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665011965529905
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-d9497965d2cdb4896d18.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2734
expires: Thu, 12 Oct 2023 15:49:58 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 7714
last-modified: Wed, 12 Oct 2022 15:40:50 GMT
server: UploadServer
x-goog-hash: crc32c=nzHGWQ==, md5=BZW7VBk0Dhl9qRErJG8Gpw==
x-gdpr: 1
x-goog-stored-content-length: 21998
accept-ranges: bytes

GET
H2 200 merlin_164473608_5a505a95-11fe-4a19-a617-0843a2590942-superJumbo.jpg
static01.nyt.com/images/2022/10/12/us/politics/08dc-leo-1/ 157 KB
157 KB 103ms
71ms Image
image/webp 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2022/10/12/us/politics/08dc-leo-1/merlin_164473608_5a505a95-11fe-4a19-a617-0843a2590942-superJumbo.jpg?quality=75&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

7158d44e4125771fd9a4f9ccc746d637488550464d9c3fa44ed9c93158fea178

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Wed, 12 Oct 2022 18:07:50 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 86956
x-guploader-uploadid: ADPycdssUaOLHZVV0qjlgqbctZr1sMxpZzjKv6v1J5T3FmdQjBn2sGsH8B4QcXnSSpCEM4oAWDLLyaZUPAa46oCCYv7Sj9YRKrEW
x-cache: HIT, HIT
fastly-io-info: ifsz=530502 idim=2048x1425 ifmt=jpeg ofsz=160598 odim=2048x1425 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 160598
x-served-by: cache-iad-kiad7000111-IAD, cache-hhn4033-HHN
server: UploadServer
x-timer: S1665685028.787213,VS0,VE3
etag: "d2sUQTG6q6WTAtrfvlP+JqWKHS+RVtnSn+IJSh48MGU"
vary: Accept
x-goog-generation: 1665598006981799
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=Kh3v3w==, md5=FNxziZLDC1Yw5CbEvrdHhg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 530502
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 69, 1

GET
H2 200 author-kenneth-p-vogel-thumbLarge-v3.png
static01.nyt.com/images/2018/02/20/multimedia/author-kenneth-p-vogel/ 20 KB
20 KB 90ms
69ms Image
image/png 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2018/02/20/multimedia/author-kenneth-p-vogel/author-kenneth-p-vogel-thumbLarge-v3.png

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

9a3a5160ccbcba07b73a2d82c9c75dcbeb6429615d68607fa9647f4a94bbc1bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Tue, 13 Sep 2022 17:11:15 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 202341
x-guploader-uploadid: ADPycduGnICnzldh6k5sXa7A4UHlDdPMN763qsUG6lRMkqhUskZt5l9KH1_Cor2iZSSbdC1IOs4d4xHTHJYHNfMtfbRf
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 20292
x-served-by: cache-iad-kjyo7100123-IAD, cache-hhn4033-HHN
last-modified: Wed, 18 Jul 2018 21:44:55 GMT
server: UploadServer
x-timer: S1665685028.787246,VS0,VE1
etag: "b20390a44131b6571e148738fc3a6a2b"
vary: Origin
x-goog-generation: 1531950295081396
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=1CaGAw==, md5=sgOQpEExtlceFIc4/DpqKw==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 20292
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 3, 1

GET
H2 200 vendor-9e8548c562a278b763ee.js Show response
www.nytimes.com/vi-assets/static-assets/ 223 KB
66 KB 22ms
21ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendor-9e8548c562a278b763ee.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

121907192d6464b08b797183be5e0e05bc21c40f189676657e9e3148e44bb771

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 95228
x-guploader-uploadid: ADPycduw3rcQY7nk1NMpxrJ4zjcFRPVENGAJoht6hIJoxHaiIkEbNw1F8-gtmEkKE0D8JPVJaLj5sewDQ-h53j7qjSGMNQ
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:50:02 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685028.778072,VS0,VE1
etag: "2920aa9ea492facacbbb86cad1e185d6"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665064909526022
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-9e8548c562a278b763ee.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2750
expires: Thu, 12 Oct 2023 15:49:59 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 66777
last-modified: Wed, 12 Oct 2022 15:40:51 GMT
server: UploadServer
x-goog-hash: crc32c=O11ioQ==, md5=KSCqnqSS+srLu4bK0eGF1g==
x-gdpr: 1
x-goog-stored-content-length: 228275
accept-ranges: bytes

GET
H2 200 story-6caed7f094c9840a4a38.js Show response
www.nytimes.com/vi-assets/static-assets/ 1 MB
360 KB 34ms
34ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/story-6caed7f094c9840a4a38.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

d4d5f19a0605c40ba04d4915a7131407dc789126996761bb6c2e2f659c69d39e

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 97476
x-guploader-uploadid: ADPycdsRI1vZC2W-nkfE0FTUamnIOuTs6jKzpbJq7YhZMDeSYdpN70h_5t9UWZ1vQvW0gCaIshZHkGxX-KXtlW3B5vbczJxkWLiL
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:49:58 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685028.778042,VS0,VE1
etag: "12f04ab798d444231c9d0671cb5122be"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665523766317949
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/story-6caed7f094c9840a4a38.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 3
expires: Thu, 12 Oct 2023 15:12:32 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 367942
last-modified: Wed, 12 Oct 2022 15:08:12 GMT
server: UploadServer
x-goog-hash: crc32c=e6uYEw==, md5=EvBKt5jURCMcnQZxy1Eivg==
x-gdpr: 1
x-goog-stored-content-length: 1353400
accept-ranges: bytes

GET
H2 200 main-3ccd6eae50f5d14dc244.js Show response
www.nytimes.com/vi-assets/static-assets/ 1 MB
392 KB 34ms
33ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/main-3ccd6eae50f5d14dc244.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ee2b394e6f39c52badcd3a3aeba863e0a07e97c19eb1282d132f389d636a14e0

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 95229
x-guploader-uploadid: ADPycdvQ4ibi6Fkbdg-dwMTO45QW6Nuozk5NsdRsCbYzssMjTguMLr-IeaTbegPnNBNiHLSta3qB1eHBl0G31AyO7Etv-A
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:49:58 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685028.778275,VS0,VE1
etag: "977fea7c047c156ff6283fd02bdc4685"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665583115573080
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-3ccd6eae50f5d14dc244.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 23
expires: Thu, 12 Oct 2023 15:49:58 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 399932
last-modified: Wed, 12 Oct 2022 15:40:51 GMT
server: UploadServer
x-goog-hash: crc32c=wCgRsQ==, md5=l3/qfAR8FW/2KD/QK9xGhQ==
x-gdpr: 1
x-goog-stored-content-length: 1390982
accept-ranges: bytes

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 396 KB
108 KB 92ms
45ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d8e3f0bac129ab6e5a8872b3f141b579fa1875446413112920134e4de99e3677

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109663
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 424ms
137ms Ping
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-181-173.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 148 B
775 B 138ms
138ms XHR
application/json 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

1a4921877a651d0873db28503f132aed42da17b71b686c676d5067d239b1e389

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
nyt-app-type: project-vi
Content-Type: application/json

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 5fe6ba1b86ce543b-505cf8c64740ba0c-0
age: 0
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: fc0ab80762178336
samizdat-x-canary: false
x-served-by: cache-hhn4033-HHN
x-nyt-country: DE
x-timer: S1665685028.883529,VS0,VE112
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: HE
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: EU:PM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: bc90be65
x-envoy-upstream-service-time: 17
content-length: 123
server: envoy
access-control-allow-credentials: true
x-datadog-trace-id: 5fe6ba1b86ce543b-505cf8c64740ba0c-0
accept-ranges: bytes
timing-allow-origin: *

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 116ms
34ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.nytimes.com
access-control-max-age: 300
age: 4
cache-control: max-age=30
content-length: 0
date: Thu, 13 Oct 2022 18:17:07 GMT
samizdat-x-canary: false
samizdat-x-instance: f1226829
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google, 1.1 varnish
x-b3-traceid: 1b5fc18479f5d21e-dc1e5af4f282f09-0
x-cache: HIT
x-cache-hits: 1
x-datadog-trace-id: 1b5fc18479f5d21e-dc1e5af4f282f09-0
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 17
x-nyt-audience-target-flat: EU:PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: HE
x-samizdat-query-exe-id: a57622b1fd5cff93
x-samizdat-query-field-errors: 0
x-served-by: cache-hhn4047-HHN
x-timer: S1665685028.858864,VS0,VE1

GET
H2 200 als Show response
als-svc.nytimes.com/ 1 KB
2 KB 401ms
142ms XHR
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2F86ef18ef-48b4-5ee3-941d-a9e78a7afc75&typ=&prop=nyt&plat=web

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-207-181-173.compute-1.amazonaws.com

Software

envoy /

Resource Hash

a21a8ba50008bbe4f541f9a96a4e0d9c9eb79d4e1a2b192fca8c0d38501a665c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:08 GMT
via: 1.1 google
x-envoy-decorator-operation: als-svc.nytimes.com:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
server: envoy
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 35
access-control-allow-headers: DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Cookie, Accept, x-requested-by, x-api-key, nyt-a
content-length: 1083

GET
H2 200 franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2
g1.nyt.com/fonts/family/franklin/ 19 KB
20 KB 72ms
22ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 07 Sep 2023 10:14:00 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 3139386
x-guploader-uploadid: ADPycdvs34e7FTDEnYwVWJ23ft0O2Vrpi0RmMJnG1qO8aqV3zHFk10CLtqOFrq2W_nuWtgRnPg15F27HMk_g8WHQ3j0aytsdIiId
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 19816
x-served-by: cache-hhn4026-HHN
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1665685028.838026,VS0,VE0
etag: "0f4aea3d462cdb64748629efcbbf36bc"
x-goog-generation: 1651598151017654
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=bdL0Mw==, md5=D0rqPUYs22R0hinvy782vA==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 19816
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 27947

GET
H2 200 franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 115ms
65ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Tue, 12 Sep 2023 22:46:09 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 2662257
x-guploader-uploadid: ADPycdvm3PblP2ctU_Q0fGF3ZRVUHPvI2UTz3DL6fQ8RfvpsMbTsiK1b5bAzLPRJxbmAFpOsu3xQkPXbmA1Ja03j0YoGJg
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20276
x-served-by: cache-hhn4026-HHN
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1665685028.838799,VS0,VE0
etag: "91eaf6b5642463af4091160b4bbfdfcb"
x-goog-generation: 1651598151054057
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=teZvhg==, md5=ker2tWQkY69AkRYLS7/fyw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20276
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 27775

GET
H2 200 cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
29 KB 95ms
45ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Fri, 11 Nov 2022 00:54:21 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 29092968
x-guploader-uploadid: ADPycdsbmB0iGXrnj0YJIZxZlMCd46_nNAOz3Po7oc1jbUFbh_TztelAet_j9dEfjgeGE8bMBAavINFKWZRKFcfT-wI
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 29076
x-served-by: cache-hhn4026-HHN
last-modified: Wed, 15 Sep 2021 19:43:02 GMT
server: UploadServer
x-timer: S1665685028.838766,VS0,VE0
etag: "a3ed7afe3eaa0a873f3fbd379f8c491b"
x-goog-generation: 1631734982705223
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=qrdFGQ==, md5=o+16/j6qCoc/P703n4xJGw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 29076
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 18972

GET
H2 200 cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2
g1.nyt.com/fonts/family/cheltenham-small/ 20 KB
20 KB 94ms
44ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Fri, 18 Nov 2022 00:09:37 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 28490851
x-guploader-uploadid: ADPycduOrhjba74-CeRc3F9k_9vFN2QMWqkEBhI_NbkUXB0LpkmOIsecIGAI0nwwt8znlr9CmC9Sum3OzIxqJbC3VsM
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20136
x-served-by: cache-hhn4026-HHN
last-modified: Wed, 15 Sep 2021 19:43:03 GMT
server: UploadServer
x-timer: S1665685028.838765,VS0,VE0
etag: "108ce298d451197b23fefceb3e36959f"
x-goog-generation: 1631734983132414
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=jpfQKQ==, md5=EIzimNRRGXsj/vzrPjaVnw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20136
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 10833

GET
H2 200 franklin-normal-300.a6479a5200f9a6352bdb71589c27c9c3.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 94ms
45ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-300.a6479a5200f9a6352bdb71589c27c9c3.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

284b0236a4042298beab7fbd92e85285533473c1316488a1fd2e0aa3522f607a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Wed, 20 Sep 2023 01:22:45 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 2048062
x-guploader-uploadid: ADPycdsIzDP0UpfwaLo5DWzHaVRnZwStX8ySiZ9FXOEzkx8uJZt59gyIliX0kXa3zICwEBQNR4gn-6RzkkV0dsxuOyV9Dg
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20136
x-served-by: cache-hhn4026-HHN
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1665685028.838713,VS0,VE0
etag: "a6479a5200f9a6352bdb71589c27c9c3"
x-goog-generation: 1651598150991608
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=pRBawg==, md5=pkeaUgD5pjUr23FYnCfJww==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20136
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 23268

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 79 KB
28 KB 92ms
35ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/adslot-d9497965d2cdb4896d18.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac4003cf88cbe92cacef3cebee3c05245610bacbd0e1637517f7a2a7793a24ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27672
x-xss-protection: 0
server: sffe
etag: "1362 / 490 of 1000 / last-modified: 1665684019"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 13 Oct 2022 18:17:07 GMT

GET
H2 200 imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
g1.nyt.com/fonts/family/imperial/ 26 KB
26 KB 90ms
65ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 14 Sep 2023 00:21:15 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 2570152
x-guploader-uploadid: ADPycduFUD6H5jrgwFPuYZwTe49fTmo-WfpKMTjkBkRK3an5_c0WgAg_Pv22NoHfHQXEANeTENKarRwdJxpaoq5fOBviRTlfMwFs
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26504
x-served-by: cache-hhn4026-HHN
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1665685028.838779,VS0,VE0
etag: "6131cd77b6e216c7693ed925f4309ffc"
x-goog-generation: 1651598151578179
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 26504
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 26995

GET
H2 200 cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
g1.nyt.com/fonts/family/cheltenham/ 27 KB
27 KB 50ms
26ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Wed, 27 Sep 2023 01:18:20 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 1443527
x-guploader-uploadid: ADPycdtnXvjfcc08mmrusiXD7K2TMwE9quvvpLAIaDTG-LQi9EYRDU6FaPwuCpIQ0STJX7ZxFZmvXwm8NtEZt6C2KQCH8A
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 27260
x-served-by: cache-hhn4026-HHN
last-modified: Tue, 03 May 2022 17:15:49 GMT
server: UploadServer
x-timer: S1665685028.838678,VS0,VE0
etag: "7ea91ebd036309e1fe756ee3aab272da"
x-goog-generation: 1651598149597753
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=rNQ9pA==, md5=fqkevQNjCeH+dW7jqrJy2g==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 27260
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 19623

GET
H2 200 cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
29 KB 50ms
27ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Wed, 06 Sep 2023 22:35:47 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 3181279
x-guploader-uploadid: ADPycdsL_Z8R85VywzJni4AFuUbbB-YhB4-FxkrvoDIO_LEvEB6ntqV_8Ou0Sb0JKAEiOCGf-QIQkIKwhLlO_QCvC0uoqQ
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28620
x-served-by: cache-hhn4026-HHN
last-modified: Tue, 03 May 2022 17:15:49 GMT
server: UploadServer
x-timer: S1665685028.838695,VS0,VE0
etag: "f99a0459024509f157a3352e5de4f873"
x-goog-generation: 1651598149661480
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=4NwmFQ==, md5=+ZoEWQJFCfFXozUuXeT4cw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 28620
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 11162

GET
H2 200 cheltenham-normal-700.530cfb72378419eedb60da7e266ad5f1.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
28 KB 78ms
70ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-700.530cfb72378419eedb60da7e266ad5f1.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

564385e5dd8a1058fd759445c33b2c554d409528496b9d91533eeb079f6415de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Wed, 23 Aug 2023 22:48:34 GMT
date: Thu, 13 Oct 2022 18:17:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 4390113
x-guploader-uploadid: ADPycdsBx_PN14La3G8D02jaonwBQj46HSoaPqal5fBOvHqXGN3mRtWA6O3rK5vTJ89LPnPFAbq-tNtSTlPnwxYX7iVfWQ
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28276
x-served-by: cache-hhn4026-HHN
last-modified: Tue, 03 May 2022 17:15:49 GMT
server: UploadServer
x-timer: S1665685028.855932,VS0,VE0
etag: "530cfb72378419eedb60da7e266ad5f1"
x-goog-generation: 1651598149856995
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=O9qQIA==, md5=Uwz7cjeEGe7bYNp+JmrV8Q==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 28276
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 17993

GET
H2 200 ATH8A-MAMN8-XPXCH-N5KAX-8D239 Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 71ms
19ms Script
application/javascript 2a02:26f0:480:297::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:480:297::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:07 GMT
content-encoding: br
last-modified: Thu, 15 Sep 2022 18:49:27 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
x-n: S
timing-allow-origin: *
content-length: 50393

GET
H2 200 prefetch-assets Show response
myaccount.nytimes.com/auth/ Frame 6251 393 B
1 KB 50ms
23ms Document
text/html 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/auth/prefetch-assets

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy / Express

Resource Hash

77c51b9b96e69e71adc8642653d1607ddc3a3965b4bd10eac59c2baccadbb798

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 472
cache-control: public, max-age=600
content-encoding: gzip
content-length: 277
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-type: text/html; charset=utf-8
date: Thu, 13 Oct 2022 18:17:07 GMT
etag: W/"189-fsQ/jfphfT4IsRJUlgehP1tHkC0"
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
vary: Accept-Encoding
via: 1.1 varnish
x-api-version: F-X
x-cache: HIT
x-cache-hits: 9
x-cloud-trace-context: 41a1b345acab9fb58a965027e6412999
x-content-type-options: nosniff
x-datadog-parent-id: 6669094753719201125
x-datadog-sampled: 1
x-datadog-sampling-priority: 0
x-datadog-trace-id: 1404747800576980362
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 2
x-nyt-backend: lire-ui
x-nyt-edge-cache: HIT
x-powered-by: Express
x-served-by: cache-hhn4033-HHN

GET
H2 200 vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveAsset~mar~08e1f0ce-21923e024992cb29ba5e.js Show response
www.nytimes.com/vi-assets/static-assets/ 44 KB
15 KB 36ms
29ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveAsset~mar~08e1f0ce-21923e024992cb29ba5e.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

de032eff92aa5b1b158d6855036a6a41ffe9b7ea52b3e2a98a04147735fd606a

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 95230
x-guploader-uploadid: ADPycduQDyU5Ccb175TozGomg-D2I7LFkzzisDMXNW3rv3bc0MDwKHO7rgk1rzUCTACl53Z6JZKg9Pgp76-Zo-OrBnaJ2KYMb2Qd
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:50:02 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685028.054125,VS0,VE1
etag: "30c32b71105c9696070a4fa12e2e2cf0"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665069956368668
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~answerpage~audio~bestsellers~byline~capsule~collections~explainer~home~hubpage~liveAsset~mar~08e1f0ce-21923e024992cb29ba5e.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2522
expires: Thu, 12 Oct 2023 15:49:58 GMT
date: Thu, 13 Oct 2022 18:17:08 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 13992
last-modified: Wed, 12 Oct 2022 15:40:51 GMT
server: UploadServer
x-goog-hash: crc32c=AA7efA==, md5=MMMrcRBclpYHCk+hLi4s8A==
x-gdpr: 1
x-goog-stored-content-length: 45343
accept-ranges: bytes

GET
H2 200 vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js Show response
www.nytimes.com/vi-assets/static-assets/ 67 KB
14 KB 44ms
37ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

021d83ded368491a9f0a1671fb7ca0ad89777d49843363c5347387c07d24ecaf

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 95227
x-guploader-uploadid: ADPycduZUJgLTOoR40XLZ7yco1TPlJjB9Gj1cray2uRcq_Z4-okloUHpcCLIsa1Li4Sv_sOk_yhM1VGAUVVH96ACD2j3Ig
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:50:02 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685028.054095,VS0,VE1
etag: "755e5720d464eee3ca9331f87d4a4c8d"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665581297825801
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~5ec95911-824144bf9c921d79b374.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2186
expires: Thu, 12 Oct 2023 15:50:01 GMT
date: Thu, 13 Oct 2022 18:17:08 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 13470
last-modified: Wed, 12 Oct 2022 15:40:51 GMT
server: UploadServer
x-goog-hash: crc32c=7Whslw==, md5=dV5XINRk7uPKkzH4fUpMjQ==
x-gdpr: 1
x-goog-stored-content-length: 68990
accept-ranges: bytes

GET
H2 200 vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-54046be739493425a283.js Show response
www.nytimes.com/vi-assets/static-assets/ 21 KB
6 KB 45ms
38ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-54046be739493425a283.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

99f9ce928d01961d64b5fc7dac2df58191816728c2f0e789dd9f8738163f38d1

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 95230
x-guploader-uploadid: ADPycdtB72P0eeRsc_DGBGLXwoahmUc3l6xKy6gN4265x7LPl9qMY50W1BJdqdXnipDRLnlHF-OYLYkP_VorOZgUo04eXQ
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:50:00 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685028.054043,VS0,VE1
etag: "c7cf60514bb3468bce7b366b26dd9ba6"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665437997154696
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~capsule~card~clientSideCapsule~collections~explainer~home~liveAsset~paidpost~story~tre~698cb9e2-54046be739493425a283.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2309
expires: Thu, 12 Oct 2023 15:49:58 GMT
date: Thu, 13 Oct 2022 18:17:08 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 5032
last-modified: Wed, 12 Oct 2022 15:40:51 GMT
server: UploadServer
x-goog-hash: crc32c=EIp8aw==, md5=x89gUUuzRovOezZrJt2bpg==
x-gdpr: 1
x-goog-stored-content-length: 21996
accept-ranges: bytes

GET
H2 404 index.js
myaccount.nytimes.com/lire_ui/js/common/abra/ Frame 6251 0
0 160ms
146ms Script
text/html 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/lire_ui/js/common/abra/index.js

Requested by

Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:08 GMT
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
age: 0
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache: MISS
x-envoy-upstream-service-time: 22
content-length: 308
x-served-by: cache-hhn4033-HHN
server: envoy
content-type: text/html; charset=UTF-8
x-cloud-trace-context: 354a039f7ad1e8b30d6309878df32eec
x-nyt-edge-cache: MISS
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 unified-lire.bundle.js Show response
myaccount.nytimes.com/lire_ui/js/ Frame 6251 446 KB
149 KB 41ms
28ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=cb2a643

Requested by

Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

4c3803d7a5072fcb6e08e1d85f8748b19a22f8e1adbf7a9414958ddc66df601e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Wed, 12 Oct 2022 19:11:56 GMT
date: Thu, 13 Oct 2022 18:17:08 GMT
content-encoding: gzip
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
via: 1.1 varnish
x-api-version: F-X
age: 90
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache: HIT
x-envoy-upstream-service-time: 3
content-length: 152040
x-served-by: cache-hhn4033-HHN
server: envoy
x-nyt-backend: lire-ui
etag: "i3R44A"
content-type: application/javascript
x-cloud-trace-context: b388ccb471bbaa6cf2120a539e360eb6
cache-control: public, max-age=600
x-nyt-edge-cache: HIT
accept-ranges: bytes
x-cache-hits: 4

GET
H2 200 tags.js Show response
dd.nytimes.com/ 206 KB
43 KB 248ms
25ms Script
text/javascript 143.204.215.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/tags.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-54.fra53.r.cloudfront.net

Software

Apache /

Resource Hash

5795c162503a8a8db1b67d8e38ff5b901d6278579c73750bb6641a69f54baad5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
via: 1.1 da6955a1993e1118f32bcb48c6630c20.cloudfront.net (CloudFront), 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
date: Thu, 13 Oct 2022 17:28:16 GMT
x-amz-cf-pop: FRA60-P2, FRA53-C1
age: 2932
x-cache: Hit from cloudfront
content-length: 43000
last-modified: Fri, 30 Sep 2022 11:57:45 GMT
server: Apache
etag: "33929-5e9e3b3bbc8ac-gzip"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: sLNrrmczIX9swNPjpmUqUIgh-twjJTU43OkmLWeOf6RzFp7I4ezoxw==
expires: Thu, 13 Oct 2022 18:28:16 GMT

GET
H2 200 pubads_impl_2022100602.js Show response
securepubads.g.doubleclick.net/gpt/ 380 KB
128 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022100602.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea6e8403bf62c55c1954717c65e41068390e120cab9878cb6851b64cf4b011d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 17:38:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2308
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131300
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 15:58:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Oct 2023 17:38:40 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 1 KB
371 B 113ms
45ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7b8ecfd11e8086450c73ba71ec182da2ef46cb8602cfdaccf9640efe20fdcb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 346
x-xss-protection: 0
expires: Thu, 13 Oct 2022 18:17:08 GMT

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 21ms
20ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.nytimes.com
access-control-max-age: 300
age: 5
cache-control: max-age=30
content-length: 0
date: Thu, 13 Oct 2022 18:17:08 GMT
samizdat-x-canary: false
samizdat-x-instance: f1226829
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google, 1.1 varnish
x-b3-traceid: 1b5fc18479f5d21e-dc1e5af4f282f09-0
x-cache: HIT
x-cache-hits: 2
x-datadog-trace-id: 1b5fc18479f5d21e-dc1e5af4f282f09-0
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 17
x-nyt-audience-target-flat: EU:PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: HE
x-samizdat-query-exe-id: 89320c59e0270145
x-samizdat-query-field-errors: 0
x-served-by: cache-hhn4047-HHN
x-timer: S1665685029.864153,VS0,VE1

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 21ms
20ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.nytimes.com
access-control-max-age: 300
age: 5
cache-control: max-age=30
content-length: 0
date: Thu, 13 Oct 2022 18:17:08 GMT
samizdat-x-canary: false
samizdat-x-instance: f1226829
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google, 1.1 varnish
x-b3-traceid: 1b5fc18479f5d21e-dc1e5af4f282f09-0
x-cache: HIT
x-cache-hits: 3
x-datadog-trace-id: 1b5fc18479f5d21e-dc1e5af4f282f09-0
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 17
x-nyt-audience-target-flat: EU:PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: HE
x-samizdat-query-exe-id: b7370b5258e11d5c
x-samizdat-query-field-errors: 0
x-served-by: cache-hhn4047-HHN
x-timer: S1665685029.917497,VS0,VE1

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 22ms
22ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.nytimes.com
access-control-max-age: 300
age: 5
cache-control: max-age=30
content-length: 0
date: Thu, 13 Oct 2022 18:17:08 GMT
samizdat-x-canary: false
samizdat-x-instance: f1226829
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google, 1.1 varnish
x-b3-traceid: 1b5fc18479f5d21e-dc1e5af4f282f09-0
x-cache: HIT
x-cache-hits: 4
x-datadog-trace-id: 1b5fc18479f5d21e-dc1e5af4f282f09-0
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 17
x-nyt-audience-target-flat: EU:PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: HE
x-samizdat-query-exe-id: 9b8fd18ce266f7f6
x-samizdat-query-field-errors: 0
x-served-by: cache-hhn4047-HHN
x-timer: S1665685029.986697,VS0,VE0

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 104 B
830 B 143ms
143ms XHR
application/json 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3ccd6eae50f5d14dc244.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

b6c3cebe16410a231e7cce2f2377fc4f504b51e29b0c6e326b6779c41b1e94a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 1f79abf3465d8d3e-7ff3a3c6581d81f0-1
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: 60322e7246c8250a
samizdat-x-canary: false
x-served-by: cache-hhn4033-HHN
x-nyt-country: DE
x-timer: S1665685029.886971,VS0,VE113
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: HE
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: private, no-store
x-nyt-audience-target-flat: EU:PM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Thu, 13 Oct 2022 18:17:08 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: 0c504020
x-envoy-upstream-service-time: 19
server: envoy
access-control-allow-credentials: true
x-datadog-trace-id: 1f79abf3465d8d3e-7ff3a3c6581d81f0-1
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 meter.js Show response
meter-svc.nytimes.com/ 532 B
1 KB 591ms
229ms XHR
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://meter-svc.nytimes.com/meter.js?sourceApp=vi&url=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share&referer=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share&pageviewID=zNByGf8DHDOlMCh0D_x4oV6P

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3ccd6eae50f5d14dc244.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-207-181-173.compute-1.amazonaws.com

Software

envoy /

Resource Hash

2dfb55ac3a2f61ca39ead41ece3fec15996f9f52f3af66fe6506072ab4fc349c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:09 GMT
via: 1.1 google
x-envoy-decorator-operation: meter-svc.nytimes.com:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
server: envoy
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: Set-Cookie
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 121
access-control-allow-headers: DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Cookie, Accept, x-requested-by, x-api-key, *
content-length: 532

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 62 B
318 B 139ms
133ms XHR
application/json 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3ccd6eae50f5d14dc244.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

078a5d6e227e8d58076090356e2b36a3999c610e88ca735fe3eceeeb72a4477c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 480930cd39573239-2b6d75aef1ce1797-0
age: 0
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: 0680f2baba40849c
samizdat-x-canary: false
x-served-by: cache-hhn4033-HHN
x-nyt-country: DE
x-timer: S1665685029.949808,VS0,VE108
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: HE
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: EU:PM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Thu, 13 Oct 2022 18:17:09 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: 522b1b38
x-envoy-upstream-service-time: 18
content-length: 77
server: envoy
access-control-allow-credentials: true
x-datadog-trace-id: 480930cd39573239-2b6d75aef1ce1797-0
accept-ranges: bytes
timing-allow-origin: *

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 42 KB
8 KB 192ms
191ms XHR
application/json 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3ccd6eae50f5d14dc244.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

da252488b1d5ecf21cd3f091e793bd799ba3be1b7241683000bf5eac8e72b990

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 71ec6c5bf3b4ab7a-1736b9689ed1885d-0
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: 35b3acfa3538b9f1
samizdat-x-canary: false
x-served-by: cache-hhn4033-HHN
x-nyt-country: DE
x-timer: S1665685029.012645,VS0,VE165
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Fastly-Unique-Id, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: HE
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: private, no-store
x-nyt-audience-target-flat: EU:PM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Thu, 13 Oct 2022 18:17:09 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: 178864e1
x-envoy-upstream-service-time: 71
last-modified: Thu, 13 Oct 2022 18:17:09 GMT
server: envoy
access-control-allow-credentials: true
x-datadog-trace-id: 71ec6c5bf3b4ab7a-1736b9689ed1885d-0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 comments-f7b001ea51f91aa285b7.js Show response
www.nytimes.com/vi-assets/static-assets/ 50 KB
16 KB 64ms
23ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/comments-f7b001ea51f91aa285b7.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

7754ccb725249f74c6a391fec764a248ca75116ea7e49f1c859563238930bb94

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 95230
x-guploader-uploadid: ADPycdspj7uIYIVhRUqMilkjXs8u5KXiF-T7tjMXEBeX4MoG0DBW8ADA6E_xCCeTzSJZSc73fbuHA9Otv6wuVJjcipSfrFuKaup7
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:49:58 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685029.079173,VS0,VE1
etag: "742b8bb70b301c479472974bf5f3f8ad"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665589250368789
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/comments-f7b001ea51f91aa285b7.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2247
expires: Thu, 12 Oct 2023 15:49:58 GMT
date: Thu, 13 Oct 2022 18:17:09 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 15294
last-modified: Wed, 12 Oct 2022 15:40:50 GMT
server: UploadServer
x-goog-hash: crc32c=kqiXWw==, md5=dCuLtwswHEeUcpdL9fP4rQ==
x-gdpr: 1
x-goog-stored-content-length: 51444
accept-ranges: bytes

GET
H2 200 data-layer Show response
a.nytimes.com/svc/nyt/ 2 KB
2 KB 401ms
147ms XHR
application/json 174.129.223.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share&caller_id=nyt-vi&jkcb=1665685029086&referrer=&sourceApp=nyt-vi

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3ccd6eae50f5d14dc244.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

174.129.223.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-174-129-223-242.compute-1.amazonaws.com

Software

envoy /

Resource Hash

ef6b033d8369652e0b122fb15470549721f907917a57f40aa35e037836c308d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:09 GMT
content-encoding: gzip
x-envoy-decorator-operation: a.nytimes.com:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
server: envoy
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: 9c04c36758e069fed20a0115a17b24c8
cache-control: private
access-control-allow-credentials: true
x-envoy-upstream-service-time: 39
access-control-allow-headers: Content-Type, x-requested-by
expires: Thu, 13 Oct 2022 18:17:09 GMT

GET
H2 200 purr-cache
purr.nytimes.com/v1/ 0
0 411ms
132ms Fetch
text/html 174.129.223.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://purr.nytimes.com/v1/purr-cache

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3ccd6eae50f5d14dc244.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

174.129.223.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-174-129-223-242.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:09 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: purr.nytimes.com:443/*
server: envoy
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: 22699eec90ba412f4fdf322f8bf4a8b9
cache-control: private
access-control-allow-credentials: true
x-envoy-upstream-service-time: 20
content-length: 0
expires: Thu, 13 Oct 2022 18:17:09 GMT

GET
H2 200 clientSideCapsule-9d3febcd970181c1f247.js Show response
www.nytimes.com/vi-assets/static-assets/ 471 KB
116 KB 49ms
26ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/clientSideCapsule-9d3febcd970181c1f247.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0492c230d8045dc740ba8a03392c886a43fae4fe75426195d36340fea5cc97d5

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 96920
x-guploader-uploadid: ADPycdshZjuGm1IADHYJ0ai6647ANYmfO-wWau51v5Z7xv3QPPgrzl7iyOhkCednV0Ut41HXdVHaJ1RfoyJkP1lfceqV0w
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:49:58 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685029.153763,VS0,VE1
etag: "dc953fda60d99053ed9ec7e6575cfbd4"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665527733644728
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/clientSideCapsule-9d3febcd970181c1f247.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2001
expires: Thu, 12 Oct 2023 15:21:49 GMT
date: Thu, 13 Oct 2022 18:17:09 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 118482
last-modified: Wed, 12 Oct 2022 15:21:10 GMT
server: UploadServer
x-goog-hash: crc32c=KVBHcw==, md5=3JU/2mDZkFPtnsfmV1z71A==
x-gdpr: 1
x-goog-stored-content-length: 482342
accept-ranges: bytes

POST
H2 200 track
a.et.nytimes.com/ 0
0 145ms
144ms Ping
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-181-173.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 6 KB
2 KB 130ms
31ms XHR
application/json 2a02:26f0:3400:180::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=ATH8A-MAMN8-XPXCH-N5KAX-8D239&d=www.nytimes.com&t=5552283&v=1.720.0&sl=0&si=911ad6c0-c959-4965-ae5e-288a187b2c64-rjpesj&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3400:180::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6906039b44a54721a862b104fa8ec90efb810fe0bc099084b33bcb27bcdd61dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Thu, 13 Oct 2022 18:17:10 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 1566

POST
H2 200 / Show response
dd.nytimes.com/js/ 231 B
617 B 161ms
29ms XHR
application/json 143.204.215.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/js/

Requested by

Host: dd.nytimes.com
URL: https://dd.nytimes.com/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-54.fra53.r.cloudfront.net

Software

DataDome /

Resource Hash

7c5807592f903f6dd7aaa3512e5a1a029e01a16b61a5369d4c0983a8e3edff36

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 18:17:10 GMT
via: 1.1 d16428714e022976873ccc980fdc1288.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: DataDome
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 231
x-amz-cf-id: -gH-9oB7qBhdTghZlrRjg8OofxfWIgYVD7jvmge4pB07DZEwlE6cEQ==
expires: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 245ms
0ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022100602.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 242ms
0ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022100602.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 84 KB
20 KB 315ms
238ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4301523040472857&correlator=3386658172408592&eid=31068498&output=ldjh&gdfp_req=1&vrg=2022100602&ptt=17&impl=fif&npa=1&iu_parts=29390238%2Cnyt%2Cus%2Cpolitics&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&ifi=1&adks=1133286891&sfv=1-0-38&fsapi=false&prev_scp=div%3Dtop%26pos%3Dtop%26request_time%3D2793&cust_params=als_test_clientside%3Dweb_none_medium_20221013181708%26mktg%3Dtype_anon%252Clogf%252Cabf%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1665682871925%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26per%3Dleoleonarda%252Ctrumpdonaldj%26org%3Dfederalistsociety%252Crepublicanparty%26des%3Dconservatismuspolitics%252Ccourtsandthejudiciary%252Ccampaignfinance%252Cunitedstatespoliticsandgovernm%252Ccorporatesocialresponsibility%252Ccontenttypepersonalprofile%26auth%3Dkennethpvogel%26coll%3Dusnews%252Cuspolitics%26artlen%3Dxlong%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dus%26si_section%3Dus%26id%3D100000008556084%26pt%3Dnt1%252Cnt10%252Cnt14%252Cnt2%252Cnt21%252Cpt11%252Cpt19%252Cpt20%26gscat%3Dneg_citi_aa%252Cneg_debeer%252Cneg_ibmtest%252Cneg_chanel%252Cneg_chan2%252Cneg_bofa%252Cneg_gg1%252Cneg_google%252Cneg_mttl%252Cgs_politics%252Cneg_mastercard%252Cneg_ts%252Cneg_rms%252Cgb_safe%252Cneg_rolex%252Cneg_mtb%252Cneg_capitalone%252Cneg_sabic%252Cneg_ibm%252Cgs_politics_american%252Cneg_am%252Cneg_trpavd%252Cgs_politics_misc%252Cgs_society%252Cgs_business_misc%252Cgs_law_misc%252Cgs_business%252Cgv_safe%252Cgs_t%26is_viral%3Dmedium%26tt%3D104%26mt%3DMT3%252CMT7%26abra_dfp%3Dmkt_dfp_hd_paywall_zip_0_control%252Cdfp_prebid_price_0722_0_control%252Cdfp_messaging_flexframe_ctr_0_control%252Cdfp_live_0722_1_top%252Cdfp_higher_ads_0622_0_control%252Cdfp_amzn_2_adslot_priority%252Cdfp_als_home_1_als%252Cdfp_als_1_als%252Cdfp_adslot4v2_1_external%26sov%3D3%26page_view_id%3DzNByGf8DHDOlMCh0D_x4oV6P%26purr%3Dnpa%26uap%3Dbrowser%26aid%3D-xDFAE8cnOgqnBWZmbaL1u%26bt%3D%26typ_materials%3D%2523news%2523&sc=1&cookie_enabled=1&abxe=1&dt=1665685030616&lmt=1665682872&dlt=1665685027673&idt=2690&adxs=0&adys=76&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share&frm=20&vis=1&psz=1600x90&msz=1600x0&fws=4&ohw=1600&ga_vid=895880919.1665685031&ga_sid=1665685031&ga_hid=161734563&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022100602.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d5ef6858a2c8a5be2ad64da747533794b13dbbbf8a08aed9abfc071e8298ba0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20591
x-xss-protection: 0
google-lineitem-id: 6070801887
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138399565031
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 556 B
318 B 305ms
229ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4301523040472857&correlator=3386658172408592&eid=31068498&output=ldjh&gdfp_req=1&vrg=2022100602&ptt=17&impl=fif&npa=1&iu_parts=29390238%2Cnyt%2Cus%2Cpolitics&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=150x50&ifi=2&adks=1723209830&sfv=1-0-38&fsapi=false&prev_scp=div%3Dsponsor%26pos%3Dsponsor%26request_time%3D2798&cust_params=als_test_clientside%3Dweb_none_medium_20221013181708%26mktg%3Dtype_anon%252Clogf%252Cabf%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1665682871925%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26per%3Dleoleonarda%252Ctrumpdonaldj%26org%3Dfederalistsociety%252Crepublicanparty%26des%3Dconservatismuspolitics%252Ccourtsandthejudiciary%252Ccampaignfinance%252Cunitedstatespoliticsandgovernm%252Ccorporatesocialresponsibility%252Ccontenttypepersonalprofile%26auth%3Dkennethpvogel%26coll%3Dusnews%252Cuspolitics%26artlen%3Dxlong%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dus%26si_section%3Dus%26id%3D100000008556084%26pt%3Dnt1%252Cnt10%252Cnt14%252Cnt2%252Cnt21%252Cpt11%252Cpt19%252Cpt20%26gscat%3Dneg_citi_aa%252Cneg_debeer%252Cneg_ibmtest%252Cneg_chanel%252Cneg_chan2%252Cneg_bofa%252Cneg_gg1%252Cneg_google%252Cneg_mttl%252Cgs_politics%252Cneg_mastercard%252Cneg_ts%252Cneg_rms%252Cgb_safe%252Cneg_rolex%252Cneg_mtb%252Cneg_capitalone%252Cneg_sabic%252Cneg_ibm%252Cgs_politics_american%252Cneg_am%252Cneg_trpavd%252Cgs_politics_misc%252Cgs_society%252Cgs_business_misc%252Cgs_law_misc%252Cgs_business%252Cgv_safe%252Cgs_t%26is_viral%3Dmedium%26tt%3D104%26mt%3DMT3%252CMT7%26abra_dfp%3Dmkt_dfp_hd_paywall_zip_0_control%252Cdfp_prebid_price_0722_0_control%252Cdfp_messaging_flexframe_ctr_0_control%252Cdfp_live_0722_1_top%252Cdfp_higher_ads_0622_0_control%252Cdfp_amzn_2_adslot_priority%252Cdfp_als_home_1_als%252Cdfp_als_1_als%252Cdfp_adslot4v2_1_external%26sov%3D3%26page_view_id%3DzNByGf8DHDOlMCh0D_x4oV6P%26purr%3Dnpa%26uap%3Dbrowser%26aid%3D-xDFAE8cnOgqnBWZmbaL1u%26bt%3D%26typ_materials%3D%2523news%2523&sc=1&cookie_enabled=1&abxe=1&dt=1665685030651&lmt=1665682872&dlt=1665685027673&idt=2690&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share&frm=20&vis=1&psz=150x16&msz=0x0&fws=132&ohw=1600&ga_vid=895880919.1665685031&ga_sid=1665685031&ga_hid=161734563&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022100602.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d8eb8edb34facda0ac2650cea1675d2b3206d353c91b361f77bc6cebce60c31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 86E5 6 KB
4 KB 380ms
57ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022100602.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 18:17:11 GMT
expires: Fri, 13 Oct 2023 18:17:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 1006 B
806 B 192ms
176ms XHR
application/json 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3ccd6eae50f5d14dc244.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

90daf02c636450bc0cfd2bcc2409cd8ef537da3aaaf683a12c341fdc0f8ff08a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 18b23e5bf1c5994f-7017077132f53c85-0
age: 0
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: faffb78a98a00bb1
samizdat-x-canary: false
x-served-by: cache-hhn4033-HHN
x-nyt-country: DE
x-timer: S1665685031.929961,VS0,VE113
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Personalize, Origin
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: HE
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: EU:PM
x-nyt-edge-cache: HIT
x-cache-hits: 142
x-samizdat-query-sup-code
date: Thu, 13 Oct 2022 18:17:11 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: HIT
samizdat-x-instance: a035f4c3
x-envoy-upstream-service-time: 19
content-length: 536
last-modified: Tue, 22 Feb 2022 17:40:55 GMT
server: envoy
access-control-allow-credentials: true
x-datadog-trace-id: 18b23e5bf1c5994f-7017077132f53c85-0
accept-ranges: bytes
timing-allow-origin: *

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 48ms
37ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type, nyt-app-type, nyt-app-version, nyt-token
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.nytimes.com
access-control-max-age: 300
age: 7
cache-control: max-age=30
content-length: 0
date: Thu, 13 Oct 2022 18:17:10 GMT
samizdat-x-canary: false
samizdat-x-instance: f1226829
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google, 1.1 varnish
x-b3-traceid: 1b5fc18479f5d21e-dc1e5af4f282f09-0
x-cache: HIT
x-cache-hits: 6
x-datadog-trace-id: 1b5fc18479f5d21e-dc1e5af4f282f09-0
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 17
x-nyt-audience-target-flat: EU:PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: HE
x-samizdat-query-exe-id: 82446e7c03728b4f
x-samizdat-query-field-errors: 0
x-served-by: cache-hhn4047-HHN
x-timer: S1665685031.859578,VS0,VE1

GET
H2 200 / Show response
mwcm.nytimes.com/capi/metered_assets/ 56 KB
14 KB 457ms
428ms Fetch
application/json 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://mwcm.nytimes.com/capi/metered_assets/?smid=tw-share&plat=web&mc=0&mr=0&ma=0&counted=false&granted=false&gwtype=REGIWALL&us=anon&context-type=&areas=barOne&areas=truncator&areas=gateway

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-3ccd6eae50f5d14dc244.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

3ffd50fa13c896bfe9b14e84acde25bcb538f3f432b0cf92f841e6b893ce94d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; preload; includeSubdomains
content-encoding: gzip
x-envoy-decorator-operation: capi-prd.growth-mc.nyti.nyt.net:443/*
date: Thu, 13 Oct 2022 18:17:11 GMT
via: 1.1 varnish
x-cache: MISS
x-envoy-upstream-service-time: 298
x-served-by: cache-hhn4033-HHN
server: envoy
x-cmots-campaign-names: {"barOne":"MAG_web_nonsub_all_monthly-sale_1","gateway":"MAG_web_nonsub_all_monthly-sale_1","truncator":"MAG-web_all_non-mobile-all_welcome-killset"}
x-timer: S1665685031.375344,VS0,VE399
vary: x-nyt-user-status, x-nyt-country, x-nyt-continent, x-nyt-device, X-NYT-Currency, x-nyt-ipsegments-edu-b2b, x-nyt-last-known-type, Accept-Encoding, Fastly-SSL, Accept-Encoding,x-nyt-user-status, Origin
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: c53cca517a58c93de6dfee0b4ede4183
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-nyt-route: mwcm-muassets
accept-ranges: bytes
access-control-allow-headers: Content-Type, x-requested-by, *
x-cache-hits: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 95ms
20ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 13 Oct 2022 17:01:59 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 4512
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Thu, 13 Oct 2022 19:01:59 GMT

GET
H2 200 franklin-normal-600.75739ac267f076931c6da9740386ee6b.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 21ms
21ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-600.75739ac267f076931c6da9740386ee6b.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

29706c4ab8f4d48b33ccb0ea813f8afb5f7ac569f623536b96fba6cf1fc60e9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 20 Apr 2023 17:48:45 GMT
date: Thu, 13 Oct 2022 18:17:11 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 15208106
x-guploader-uploadid: ADPycdv1qBkqdX17fCPMnF6mvvgsPEfyJLCC8A-2_Sb_tgxkZWkbM3GUe_MdfpqHSJeurNJTcdV8rfyStNBLs2E-ZbC08A
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20196
x-served-by: cache-hhn4026-HHN
last-modified: Wed, 20 Apr 2022 13:09:40 GMT
server: UploadServer
x-timer: S1665685031.492455,VS0,VE0
etag: "75739ac267f076931c6da9740386ee6b"
x-goog-generation: 1650460180595156
x-goog-hash: crc32c=Jc81Jw==, md5=dXOawmfwdpMcbal0A4buaw==
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20196
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 17720

GET
H3

200

activityi;dc_pre=CLz9-6To3foCFQ2z7QodxkMJbw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=290346128.1665685031;u17=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus... Show response
5290727.fls.doubleclick.net/ Frame 9392
Redirect Chain

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=290346128.1665685031;u17=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2F...
https://5290727.fls.doubleclick.net/activityi;dc_pre=CLz9-6To3foCFQ2z7QodxkMJbw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=290346128.1665685031;u17=https%3A%2F%2Fw...

617 B
425 B

118ms
66ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5290727.fls.doubleclick.net/activityi;dc_pre=CLz9-6To3foCFQ2z7QodxkMJbw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=290346128.1665685031;u17=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share;u5=;u18=anon;~oref=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

449b52e7fc21c41a4a6ebc6d76f8c34f669bfc17e0f02be5c454f50576a56a0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 400
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 18:17:11 GMT
expires: Thu, 13 Oct 2022 18:17:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 18:17:11 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5290727.fls.doubleclick.net/activityi;dc_pre=CLz9-6To3foCFQ2z7QodxkMJbw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=290346128.1665685031;u17=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share;u5=;u18=anon;~oref=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 37 KB
15 KB 74ms
21ms Script
application/x-javascript 2600:9000:223c:7400:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:7400:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 300706e57de1a7af148bd670379c4b39bb36dda8160e42d92747a3139af37816

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 16:42:31 GMT
content-encoding: gzip
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
last-modified: Wed, 20 Jul 2022 00:50:34 GMT
server: nginx
x-amz-cf-pop: FRA56-P2
age: 5680
etag: W/"62d7515a-933f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-id: CvRAhwh5WSo3iFisHDb0xhDziuY7_7BbvKXqPCGwy-RioYUpDY536A==
expires: Thu, 13 Oct 2022 18:42:31 GMT

GET
H2 200 show-ads.js Show response
a1.nyt.com/analytics/ 45 B
715 B 76ms
21ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.nyt.com/analytics/show-ads.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Mon, 23 Aug 2021 07:13:52 GMT
date: Thu, 13 Oct 2022 18:17:11 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 57862
x-guploader-uploadid: ADPycdsibVoXQmfd_2bN94DYNLqt1DJtInYzNKiC2H0RY7L8wwJ89rTfbLZTZZzJ0YQC7bfkadEVWDLh0sGiDYJJaQ
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 65
x-served-by: cache-hhn4033-HHN
last-modified: Thu, 17 Dec 2020 21:19:35 GMT
server: UploadServer
x-timer: S1665685032.592602,VS0,VE0
etag: "1d291da792456bd015b664ee1119a5e0"
vary: Accept-Encoding
x-goog-generation: 1608239975905841
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=nM1/Pw==, md5=HSkdp5JFa9AVtmTuERml4A==
access-control-expose-headers: Content-Type
cache-control: public,max-age=86400
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 45
accept-ranges: bytes
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 2513

GET
H2 200 nyt.js Show response
cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/ 4 KB
2 KB 286ms
94ms Script
text/javascript 2606:4700:20::681a:69b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/nyt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:69b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dadde92340126226fab77a5a6cef5da6509a1f5abec49e2a159d948f3c7f577

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:11 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 13 Oct 2022 18:10:54 GMT
server: cloudflare
age: 377
cf-polished: origSize=4735
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvhOsnj%2Fp%2B14zhgB%2BGhztHOPoQ7YELfEdZzDhXGnWCNSzgeygpMcoVy8rc8FL3%2Ff7TbX6ognkexNl3dEp13x7kpyUzFXTEt98nY3uGxct%2F57H51yac0wSYRwi0%2Bb5%2FfSKAxEgOXaLH59kIaEkTAonhDI"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 759a12188c6ebf8a-WAW

GET
H2 200 /
insight.adsrvr.org/track/pxl/ 70 B
261 B 157ms
44ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=bomn82o&ct=0:s2f54xh&fmt=3&ttl=43200&gtmcb=1307625667
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 13 Oct 2022 18:17:11 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 container.html Show response
b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 639B 6 KB
3 KB 69ms
21ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022100602.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 18:17:11 GMT
expires: Fri, 13 Oct 2023 18:17:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dc_pre=CLz9-6To3foCFQ2z7QodxkMJbw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-cou...
adservice.google.com/ddm/fls/z/ Frame 9392 42 B
63 B 105ms
61ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLz9-6To3foCFQ2z7QodxkMJbw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share;u5=;u18=anon;~oref=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share

Requested by

Host: 5290727.fls.doubleclick.net
URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=CLz9-6To3foCFQ2z7QodxkMJbw;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=4852336223233;gtm=2wgaa0;auiddc=290346128.1665685031;u17=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share;u5=;u18=anon;~oref=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5290727.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 18:17:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
201 B 610ms
109ms Image
image/gif 52.73.164.105
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=nytimes.com&p=nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html&u=B4vppYjSYKYkynat&d=nytimes.com&g=16698&g0=us%2CPolitics%2Cwashington_desk&g1=Kenneth%20P.%20Vogel&n=1&f=00001&c=0&x=0&m=0&y=1490&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=5055&t=1yvbfBAdlD6BKjk3IDLCugDDYt5Pq&V=136&i=Leonard%20Leo%20Pushed%20the%20Courts%20Right.%20Now%20He%E2%80%99s%20Aiming%20at%20American%20Society.&tz=0&_acct=anon&sn=1&sv=BpkAfTCz1YaoCgeVwADItVhNCL4_fO&sd=1&im=06679ef3&_
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.73.164.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-73-164-105.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 13 Oct 2022 18:17:12 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 96ms
47ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=161734563&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html&dr=&ul=en-us&de=UTF-8&dt=Leonard%20Leo%20Pushed%20the%20Courts%20Right.%20Now%20He%E2%80%99s%20Aiming%20at%20American%20Society.%20-%20The%20New%20York%20Times&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&cn=&cs=tw-share&cm=social&cc=&_u=YAhAAEABAAAAACgBM~&jid=1803166058&gjid=449324883&cid=895880919.1665685031&tid=UA-58630905-2&_gid=1415980725.1665685032&_r=1&gtm=2wgaa0P528B3&cg1=us&cg2=politics&cg3=article&cg4=news&cd1=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html&cd2=https%3A%2F%2Fwww.nytimes.com%2F2022%2F10%2F12%2Fus%2Fpolitics%2Fleonard-leo-courts-dark-money.html%3Fsmid%3Dtw-share&cd3=%3Fsmid%3Dtw-share&cd4=U.S.&cd9=9&cd10=tw-share&cd12=Politics&cd13=twitter&cd14=washington_desk&cd15=earned&cd16=social&cd17=100000008556084&cd18=Kenneth%20P.%20Vogel&cd19=Leonard%20Leo%20Pushed%20the%20Courts%20Right.%20Now%20He%E2%80%99s%20Aiming%20at%20American%20Society.&cd20=&cd21=Article&cd23=U.S.&cd25=Politics&cd26=2022&cd27=2022-10-12-14&cd28=Wednesday&cd29=14&cd30=1665672434289&cd32=U.S.%20News%2CU.S.%20Politics&cd33=SECTION%2CSECTION&cd34=NEWS&cd36=12dc-leo&cd37=3615&cd38=Washington&cd42=nyt-vi&cd43=Conservatism%20(US%20Politics)%2CCourts%20and%20the%20Judiciary%2CCampaign%20Finance%2CUnited%20States%20Politics%20and%20Government%2CCorporate%20Social%20Responsibility%2CContent%20Type%3A%20Personal%20Profile&cd44=Federalist%20Society%2CRepublican%20Party&cd45=Leo%2C%20Leonard%20A%2CTrump%2C%20Donald%20J&cd48=October&cd49=heave_over_1600&cd51=nyt-vi&cd52=&cd53=Washington&cd54=washington_desk&cd55=0&cd56=anon&cd57=0&cd58=0&cd59=&cd60=&cd61=0&cd63=-xDFAE8cnOgqnBWZmbaL1u&cd65=anon&cd67=0&cd95=&cd122=&cd123=&cd124=&cd125=&cd126=&cd127=&cd129=NaN&cd135=&cd139=&cd141=&cd142=&cd162=&cd163=&cd164=-xDFAE8cnOgqnBWZmbaL1u&z=260296013

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 18:17:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 265ms
262ms Ping
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-181-173.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 146 B
831 B 202ms
120ms Fetch
application/json 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/story-6caed7f094c9840a4a38.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

c91b38dc4d51603266fea7ecc689e901e2ea260b0ca5219eb1a97196487d5598

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
nyt-app-type: project-vi
Content-Type: text/plain;charset=UTF-8

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: b03edb4ccdd4c42-61953711c5fb7ec1-0
age: 0
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: e62a07e01b284572
samizdat-x-canary: false
x-served-by: cache-hhn4033-HHN
x-nyt-country: DE
x-timer: S1665685032.165557,VS0,VE112
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: HE
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: EU:PM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Thu, 13 Oct 2022 18:17:12 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: 5f2e30f2
x-envoy-upstream-service-time: 17
content-length: 127
server: envoy
access-control-allow-credentials: true
x-datadog-trace-id: b03edb4ccdd4c42-61953711c5fb7ec1-0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 65568.js Show response
cdn.brandmetrics.com/scripts/bundle/ 43 KB
14 KB 139ms
0ms Script
text/javascript 2606:4700:20::681a:69b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/nyt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:69b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1058cc7e5f45a3d3e526894e8f71720fd4e714d2931331054c48fd51b6a52514

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:12 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 13 Oct 2022 18:07:57 GMT
server: cloudflare
age: 555
cf-polished: origSize=44411
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L7SqcUGic0Jl2X4BmOdANF1cAL40FFBvtCM%2BMfPS4jcrqhtI3H3UPzyudrTiwk6NaZhGiRhHQTdpKU%2FG6LPZj6TmvtEPtsqDo2E%2FkAHvJtyDbkD%2BkSNzg7%2BsF5fNDd5T0AQGjv4bHe0jCM2MGz%2FsNr1E"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 759a121a7897bf8a-WAW

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 58ms
0ms Preflight 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: nyt-app-type, nyt-app-version, nyt-token
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.nytimes.com
access-control-max-age: 300
age: 14568
cache-control: max-age=30
content-length: 0
date: Thu, 13 Oct 2022 18:17:12 GMT
samizdat-x-canary: false
samizdat-x-instance: 5d69b332
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google, 1.1 varnish
x-b3-traceid: 23bb1b175c842be9-3c2e6e9ea1d7a83e-0
x-cache: HIT
x-cache-hits: 1
x-datadog-trace-id: 23bb1b175c842be9-3c2e6e9ea1d7a83e-0
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 34
x-nyt-audience-target-flat: EU:PM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: HE
x-samizdat-query-exe-id: 95099d4a67498270
x-samizdat-query-field-errors: 0
x-served-by: cache-hhn4047-HHN
x-timer: S1665685032.028777,VS0,VE1

GET
H2 200 css
fonts.googleapis.com/ Frame 639B 7 KB
1 KB 237ms
31ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b28bb10d1b574db881cdd742dbe4593c1344f78e3ba378350c51cbfcaec51da1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 18:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 16:36:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 18:17:12 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 639B 22 KB
7 KB 225ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 10:39:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 113865
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 12 Oct 2023 10:39:27 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 639B 6 KB
771 B 241ms
36ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700&lang=de

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3a3e39fca849dd5ca088dcb3176b67eb7258689b1e4b63f7f410e8479a7bf64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 18:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 18:04:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 18:17:12 GMT

GET
H2 200 14831738072326492778
tpc.googlesyndication.com/simgad/ Frame 639B 3 KB
3 KB 226ms
22ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14831738072326492778?

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00cbd77067ec5e17df26c2bab2bb050ab6e0518598826993f80f5c68b67de24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 04:49:52 GMT
x-content-type-options: nosniff
age: 307640
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3039
x-xss-protection: 0
last-modified: Tue, 26 Jul 2022 15:46:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 10 Oct 2023 04:49:52 GMT

GET
H2 200 16186348496096825922
tpc.googlesyndication.com/simgad/ Frame 639B 9 KB
9 KB 230ms
27ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16186348496096825922?

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b9e7c9899fda37a0b55a539279040246a30e742e4a5a57fbb7617f4eafd4e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 05:07:31 GMT
x-content-type-options: nosniff
age: 306581
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9297
x-xss-protection: 0
last-modified: Mon, 25 Jul 2022 17:17:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 10 Oct 2023 05:07:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 639B 152 KB
47 KB 240ms
41ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 18:17:12 GMT

GET
H2 200 c.js Show response
collector.brandmetrics.com/ 0
76 B 551ms
280ms Script
text/javascript 20.50.2.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://collector.brandmetrics.com/c.js?siteid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com&rnd=5355121
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.50.2.28 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:12 GMT
content-length: 0
content-type: text/javascript;charset=utf-8

GET
H2 200 vendors~emailsignup-30eed3a8c21352863fdf.js Show response
www.nytimes.com/vi-assets/static-assets/ 15 KB
5 KB 41ms
28ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~emailsignup-30eed3a8c21352863fdf.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b3cf6278d4d8ecb31295bd5cd8ce69fb8ce97934a958dddea00d1ecd9de2289a

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 95234
x-guploader-uploadid: ADPycdtkIC2cmvgBZLizao0rFSxCNQ82QgPfY35Xa7p3TIA1l-6pgRxDYcO8SjpJG45gllTCVznVdyjs3K2lxzICObLgtQ
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:49:59 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685032.325067,VS0,VE1
etag: "c9008b04a16d162975c5e72605fca691"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665548514890394
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~emailsignup-30eed3a8c21352863fdf.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1333
expires: Thu, 12 Oct 2023 15:49:58 GMT
date: Thu, 13 Oct 2022 18:17:12 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 4487
last-modified: Wed, 12 Oct 2022 15:40:51 GMT
server: UploadServer
x-goog-hash: crc32c=jP4sIw==, md5=yQCLBKFtFil1xecmBfymkQ==
x-gdpr: 1
x-goog-stored-content-length: 15440
accept-ranges: bytes

GET
H2 200 emailsignup-3245c1a5bf30fd543737.js Show response
www.nytimes.com/vi-assets/static-assets/ 3 KB
2 KB 40ms
26ms Script
application/javascript 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/emailsignup-3245c1a5bf30fd543737.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

68cbd761014eab89cbd55b58494a2a0ce47ccd8e63e6e946630a0f689857aa5c

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 97434
x-guploader-uploadid: ADPycdvnXOp-RUE2QzhfFLT1dE_2I0VH3vj8Kal8BTf1qP1ei7O2IkAUZMuSlCoRCd5yrtcGkyB1dZLJ7Pf8h9Xi_y4pdw
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-12 15:49:58 UTC
x-served-by: cache-hhn4033-HHN
x-timer: S1665685032.325036,VS0,VE1
etag: "16455597dd62aade52f4fef8f3bd8d79"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1665437995939794
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/emailsignup-3245c1a5bf30fd543737.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1400
expires: Thu, 12 Oct 2023 15:13:18 GMT
date: Thu, 13 Oct 2022 18:17:12 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 1292
last-modified: Wed, 12 Oct 2022 15:08:11 GMT
server: UploadServer
x-goog-hash: crc32c=XVbmHg==, md5=FkVVl91iqt5S9P74872NeQ==
x-gdpr: 1
x-goog-stored-content-length: 3185
accept-ranges: bytes

GET
H2 200 imperial-normal-700.024693f96c8f2c457e4a6a8d02a636b7.woff2
g1.nyt.com/fonts/family/imperial/ 25 KB
26 KB 23ms
23ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/imperial/imperial-normal-700.024693f96c8f2c457e4a6a8d02a636b7.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a931fed0c94dffa9e7b8c2211bbef72da62d20b73cd718be5d515bd8962cf078

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.d05a02583ca20b8afd5115f3ef8f1b8d134f743d.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Wed, 19 Apr 2023 01:12:28 GMT
date: Thu, 13 Oct 2022 18:17:12 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 15354282
x-guploader-uploadid: ADPycdt9Y-ZJ1VzExRe-xlrYIsar2OcW0pZuASehzAjni3nxVRdTmnQ08jQzKWhXLBcf3bo3SCiZ6szBYGmR-xwwE9kPpA
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 25680
x-served-by: cache-hhn4026-HHN
last-modified: Wed, 15 Sep 2021 19:43:04 GMT
server: UploadServer
x-timer: S1665685032.443266,VS0,VE0
etag: "024693f96c8f2c457e4a6a8d02a636b7"
x-goog-generation: 1631734984530255
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=VQvFEQ==, md5=AkaT+WyPLEV+SmqNAqY2tw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 25680
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 12609

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 639B 0
0 59ms
58ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuv5XajYXqX_wrkXHHbzYHh1rNs-iJZU1s58G-wCeuDS_egczoadNank4413Z8qwBDw2WKvyctf2yE9uGejUI8DDQLmV63z8AjLjWYCh9T2tLB6qT49wixpqtY9prUntGlJnIapCiMZtslomPUX3-yXY0gEadn79QGxrLG7dYkOjYH0dNPOgyRLZLzNXZQab7bVTzzBA6ZYRRmSdhYoG5Quwc_nFvYmDjopR362nnnS-gu3PT6RjJx4V9UM-hrCGjoFL__3EkzyQstSqj9J0hSiqHOLg888ww9rq76or7upahyXZkC8RmgsVdjIwl1Zi2HnQqUpG7PyYCwsvSvhbBIUmKi_OHZqXWaC7FJ1J8hZSu19Nmbmzg&sai=AMfl-YQ2B80uE5_M28QyXdfiUaYDdu-59mHKVPec2pB3AFNFpPyb8KJcvv7iRaPBS_8tTE0wvcNoEqXQ1tAbkyn0ZV8KvDG2XYXDtirUYiJT4j-eQDe7-ESC4nVgu_hNDkZ1iNo9&sig=Cg0ArKJSzCPA9i0jcN8FEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

POST
H2 200 track
a.et.nytimes.com/ 0
0 168ms
143ms Ping
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-181-173.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 audio-off.svg
static01.nytimes.com/ads/adplatforms/user-interface-elements/video-icons/ Frame 639B 880 B
996 B 247ms
32ms Image
image/svg+xml 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nytimes.com/ads/adplatforms/user-interface-elements/video-icons/audio-off.svg

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

19195533133b2d5cf2cc8fc1d489120e453dd814075b3a95a09db6c339c6d1d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Sat, 30 Jul 2022 05:15:39 GMT
date: Thu, 13 Oct 2022 18:17:12 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 478890
x-guploader-uploadid: ADPycds2YXHKVOjZtJU1k7jUyUPtLbdlbosrA0W-Z4hBIhGA71PFoWF7By75rf4YUnrfOYUuxRlSE4ZNOQWJlbDxgnr5rvjhSr_H
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 520
x-served-by: cache-iad-kiad7000154-IAD, cache-hhn4033-HHN
last-modified: Wed, 11 Mar 2020 20:20:43 GMT
server: UploadServer
x-timer: S1665685033.722097,VS0,VE0
etag: "61f5aa96fb4cd2d84623ea97b5ec005e"
vary: Accept-Encoding
x-goog-generation: 1583958043035944
content-type: image/svg+xml
access-control-allow-origin: *
x-goog-hash: crc32c=sSTh/w==, md5=YfWqlvtM0thGI+qXtewAXg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 880
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 8415, 364

GET
H2 200 pause.svg
static01.nytimes.com/ads/adplatforms/user-interface-elements/video-icons/ Frame 639B 702 B
878 B 248ms
33ms Image
image/svg+xml 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nytimes.com/ads/adplatforms/user-interface-elements/video-icons/pause.svg

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

c9fb083529541e219ad17a00cb201b3dba9dabcdcc01eae4eb9ac04b8cb72216

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Tue, 02 Aug 2022 07:11:51 GMT
date: Thu, 13 Oct 2022 18:17:12 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 212717
x-guploader-uploadid: ADPycdsL-xJjlxmKQYa1uPsXgmzpbFPEGf6SYXQAv2s38V4yE-wKvwjbqhMClW5n-Q7lCZuGzx-wtVgTmbn8DQQvMBd6MzKMEjIV
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 435
x-served-by: cache-iad-kiad7000089-IAD, cache-hhn4033-HHN
last-modified: Wed, 11 Mar 2020 20:20:42 GMT
server: UploadServer
x-timer: S1665685033.722144,VS0,VE0
etag: "67652da3a119c795c417355d9e1ac31a"
vary: Accept-Encoding
x-goog-generation: 1583958042997649
content-type: image/svg+xml
access-control-allow-origin: *
x-goog-hash: crc32c=GdvCsQ==, md5=Z2Uto6EZx5XEFzVdnhrDGg==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 702
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1886, 449

GET
H3 404 ads
b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 639B 2 KB
2 KB 175ms
159ms Image
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/ads

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6ca9ef214e2aea76e3bf27ae551646a09759c3a1358776b6ba5b0ad89fe1ded

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:12 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1586
x-xss-protection: 0

GET
H2 200 franklin-normal-500.woff
g1.nyt.com/fonts/family/franklin/ Frame 639B 26 KB
26 KB 53ms
37ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.woff

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

88011d782fa21da0ec301e49080fa9950973db277a33674d252f0fe1e333f61f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
Origin: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 13 Jul 2023 00:05:50 GMT
date: Thu, 13 Oct 2022 18:17:12 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 8014282
x-guploader-uploadid: ADPycduQH5CwNkhRPR9NaAiHi_j2EAJxFFL8Y8xRRw90uZsqxgXhWVqqyNqoWLOQWT_qkmiPCKtsgBMycyZtq6gYiBDSlgQEMvw7
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26600
x-served-by: cache-hhn4026-HHN
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1665685033.522827,VS0,VE0
etag: "cb85480c30b6ca5f53f673993211036f"
x-goog-generation: 1651598151041619
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=kksIKQ==, md5=y4VIDDC2yl9T9nOZMhEDbw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 26600
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 260

GET
H2 200 franklin-normal-800.woff
g1.nyt.com/fonts/family/franklin/ Frame 639B 31 KB
31 KB 57ms
42ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-800.woff

Requested by

Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

7bf092f4cf7d479f28b7f4bc8e22d1a5bb6086945bca468c2d714c7d1328433f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
Origin: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Wed, 11 Oct 2023 02:10:34 GMT
date: Thu, 13 Oct 2022 18:17:12 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 230798
x-guploader-uploadid: ADPycdtSd1Kw6YvdqJQkCmocxqoJC0O6NO8xWraNYEb6bh6IPlL_AQWq-Y07UIWNEvtm60lRSoiQztq8sUpAT1NBc4vwrl8xYp4O
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 31384
x-served-by: cache-hhn4026-HHN
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1665685033.522875,VS0,VE1
etag: "932fec957ef6d36632bd5494d05ad13b"
x-goog-generation: 1651598151076474
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=yaFDcQ==, md5=ky/slX7202YyvVSU0FrROw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 31384
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 1

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 639B 13 KB
13 KB 256ms
47ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:26:22 GMT
x-content-type-options: nosniff
age: 82250
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Oct 2023 19:26:22 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 142ms
138ms Ping
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-181-173.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 206 101683_1_MKTG_Games_SpellingBeev2_2022_wg_360p.mp4
vp.nyt.com/video/2022/07/25/ Frame 639B 2 MB
2 MB 89ms
44ms Media
video/mp4 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vp.nyt.com/video/2022/07/25/101683_1_MKTG_Games_SpellingBeev2_2022_wg_360p.mp4
Requested by: Host: b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: e2afe2918359382ef85085d45f10bf0c29c86765bb2877dcc066e091b605d31e

Request headers

Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Range: bytes=0-

Response headers

expires: Mon, 01 Aug 2022 04:00:42 GMT
date: Thu, 13 Oct 2022 18:17:12 GMT
via: 1.1 varnish, 1.1 varnish
age: 1838
x-guploader-uploadid: ADPycdtl1ZrOUBbDv5QgVAT8egO6-g_EYoVLaxfP_OfqhDT2lXFNahgikpXj3zVim4R2dm1442sPCwmJzzaTPmoWcjBYsIldTTvy
x-cache: MISS, HIT
x-goog-storage-class: REGIONAL
Content-Range: bytes 0-1635823/1635824
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Content-Length: 1635824
x-served-by: cache-chi-kigq8000092-CHI, cache-hhn4033-HHN
last-modified: Mon, 25 Jul 2022 16:38:24 GMT
server: UploadServer
x-timer: S1665685033.576727,VS0,VE1
etag: "dd7047f9d93a5d81bdc3cf317a5ba158"
x-goog-generation: 1658767104677021
content-type: video/mp4
access-control-allow-origin: *
x-goog-hash: crc32c=6Nm8Tg==, md5=3XBH+dk6XYG9w88xeluhWA==
cache-control: max-age=60, s-maxage=86400, stale-if-error=86400
access-control-allow-methods: GET, HEAD, OPTIONS
x-goog-stored-content-length: 1635824
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 639B 0
0 89ms
88ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst3UJySGfE4cCvJiU_pX3msdt_lAKJYsGU8j_7Q_FNhfLIn92NES6orz4eZ7ICE1GEa8CsRmTlXWjCtauJHu9ajzo02JipJYpTHDj_RNSpNWBc5MVCNeTjs7HriJxK1lmZODKADaIEGNAXbfTorN8jUfLjCelLqliXaaxtGYYfnmZ2vYbDrtJhA7Zsam09PvZzGSVx-5g8SiaWEHIf32UQL35F0jBEDQ8C6_eVY0EeGjFLOCWPhHq8w1DzSHYV5idjyfU8qHT0VADvk5QKjn8yJZIZiJ1fjXPLLAXTSOoqiAl6hpVBOVROuQei5QKpZ4voNs9Hq0AAILDQpL38&sai=AMfl-YT6v_Pzw53D2VNuoqouvA8i3us8b5rMusJKPyKd6lZi850xnGXy4PwsTZKUwC9HIWgawtupQzfnfh-unWtNGU3px-4PS93pVjToahBeH2SC7pSoQ0u6mFgMiZWgBWb7iiQa&sig=Cg0ArKJSzDG8aem0dOs3EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 13 Oct 2022 18:17:12 GMT

GET
DATA 200
OK truncated
/ Frame 639B 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0d873d95875fd621a02740d02259a5584e8f17aa9ab478bc6e223e5bfee4972

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 .status
a.et.nytimes.com// 0
0 140ms
138ms Fetch
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com//.status
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-181-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept: */*
Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
content-type: text/plain;charset=UTF-8

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 107ms
57ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022100602&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022100602.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0b5ec20638081f04cf6b13a93e6653b6fefdb38d2842159918c6d8d95c39c5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11160
x-xss-protection: 0

GET
H2 200 loader.js Show response
platform.iteratehq.com/ 1 KB
1 KB 686ms
224ms Script
application/javascript 2606:4700:e6::ac40:c516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/loader.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abd820e8546a62ad3cf5c3a0f60db3d32d170c2fd9a89fef2ac56b84543f0234

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:13 GMT
x-amz-version-id: OJUkE8UCij2FX.lcKAyargsofaOGjMcp
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: 1FQ06N7SGD5AD00P
age: 139
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: CAZD/55+v+VJNmD3PftXTJQD0Z+ISAHc4i60kQddmX/qEbW+OCASadzLwnBagWtXVlqj4wh0wPY=
last-modified: Fri, 30 Sep 2022 15:23:47 GMT
server: cloudflare
etag: W/"26f625ef72cab6b1345f0c11a14a9f14"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1bp%2BxhHpa1UDAHAcMVxGjR160a2CPld%2FsytObYmMxQQjfhqImSs2YtEPI1B9BGi4Yza5ywqRfVo3cvw%2FMmwnFeWqasLlefjGfYIaeLax9tGifJcelCENl3aZm9C4fDhgwkefJ68Id3eRy2%2FpweGzgXyq8o8%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 759a12231fa7b407-HKG

POST /
02179915.akstat.io/ 0
0

POST
H2 200 track
a.et.nytimes.com/ 0
0 140ms
137ms Ping
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-181-173.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 109ms
32ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022100602.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 18:17:13 GMT

GET
H/1.1

200
OK

results.txt Show response
3fznufyx2wqy6y2ikyuq-piy2sf-20cac2430-clientnsv4-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=piy2sf35d
https://3fznufyx2wqy6y2ikyuq-piy2sf-20cac2430-clientnsv4-s.akamaihd.net/eum/results.txt

8 B
312 B

265ms
19ms

XHR
text/plain

23.213.161.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://3fznufyx2wqy6y2ikyuq-piy2sf-20cac2430-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 23.213.161.144 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-144.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Thu, 13 Oct 2022 18:17:13 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://3fznufyx2wqy6y2ikyuq-piy2sf-20cac2430-clientnsv4-s.akamaihd.net/eum/results.txt
Access-Control-Allow-Origin: *
Date: Thu, 13 Oct 2022 18:17:13 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

results.txt Show response
eaarwyaaaibeakqce3ydkaaaczruqvrj-piy2sf-3a47096c6-clienttons-s.akamaihd.net/eum/
Redirect Chain

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=piy2sf35d
https://eaarwyaaaibeakqce3ydkaaaczruqvrj-piy2sf-3a47096c6-clienttons-s.akamaihd.net/eum/results.txt

8 B
312 B

270ms
20ms

XHR
text/plain

2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://eaarwyaaaibeakqce3ydkaaaczruqvrj-piy2sf-3a47096c6-clienttons-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Server: 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Thu, 13 Oct 2022 18:17:13 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://eaarwyaaaibeakqce3ydkaaaczruqvrj-piy2sf-3a47096c6-clienttons-s.akamaihd.net/eum/results.txt
Access-Control-Allow-Origin: *
Date: Thu, 13 Oct 2022 18:17:13 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B847 13 KB
5 KB 21ms
19ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2310
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 17:38:43 GMT
expires: Fri, 13 Oct 2023 17:38:43 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame ECBF 783 B
1 KB 81ms
30ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3f3ff62b4e4805fc640f72c92b0a68019559b7f97e41dedfceb7531527e52ccc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9cEH-90hd-w_3_DwzpHDtQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-9cEH-90hd-w_3_DwzpHDtQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 18:17:13 GMT
expires: Thu, 13 Oct 2022 18:17:13 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js Show response
pagead2.googlesyndication.com/bg/ Frame B847 36 KB
15 KB 64ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ZEudAwKmaTNpvGbgtwbUkI0ybKz2KwCtXmqAoF5myvk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

644b9d0302a6693369bc66e0b706d4908d326cacf62b00ad5e6a80a05e66caf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 18:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83890
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15800
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Oct 2023 18:59:03 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame ECBF 0
0 56ms
56ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022100602&jk=4301523040472857&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B847 0
10 B 30ms
26ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?YIv9Wg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:13 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 match-prod-02a8363ef31e3609753a.js Show response
platform.iteratehq.com/ 83 KB
29 KB 447ms
228ms Script
application/javascript 2606:4700:e6::ac40:c516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/match-prod-02a8363ef31e3609753a.js

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:e6::ac40:c516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5331ea0d4a1f9ba6779874bea0f69effa3cc029e12d38e78d6c6873726ea81a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:17:13 GMT
x-amz-version-id: lGn3_QMtClgLVv57NX9JxcYwRt8ToGZa
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: JEANCCSE9DA11M7G
age: 1133330
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 82FESMeeJ5gMSoakggQuBCoK+VHmuSino2WrEsDkMZyk9wuuZc9uF0C+aR60zu8wYwZ2MWlsRDI=
last-modified: Fri, 30 Sep 2022 15:23:44 GMT
server: cloudflare
etag: W/"4a2587dc6259b35963eef0bfd646c86d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nQAPeUvfYkFWiXkUbk5YgGBsKN4nHJN8XDZaIVXxPxwiK9TOHupbJ1l8vhytzEmM89sZYVXaAh58DuPrSA7g4Wic1sTpgaF4yhmwmKN2mTQCk5vC6GtnpEvHMrS%2F0BqodklVHAqx2XJ9V8qR%2Fp3%2BgAmF%2BKVV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 759a1225de483dac-HKG

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 639B 42 B
64 B 95ms
53ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssoD3GrFqnMysjJ8ktVFwIIknm-IgH31pWCdjr48b3Qc7BpqZwSu-j5TNrygToLaToTJSDDG1RLGKHK6YE9KwFjUpruGLFAVCscIZXb_MjPHiTId4Ca&sig=Cg0ArKJSzAY8vnToG1b2EAE&id=lidar2&mcvt=1000&p=77,0,347,1600&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221012&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=7&adk=1133286891&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1665685031797&rpt=782&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 18:17:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 57ms
57ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022100602&jk=4301523040472857&bg=!fH-lfzvNAAYeOJy_Pjg7ACkAdvg8WgRPz17I9sGxbknOluNhQn2UDbkU3q9o55siDG0w4Z2vrWP-qgIAAABoUgAAAAFoAQcKAIPTs0LGbEA0AlLqmjNfZOM5KFZkVFfFxHbmEiSb5rky8t8XKjrM9984lzvUnJsd4aYsPb-_wFBDCDzHKhjwORGmpr7HaYH5d3yVrqCNi-jE3laRqp_bH8B1AXD3X6vgOD-ZEAN-9aKgKALcsylJ2dOXqahnVs6H9cSmCvuPD5g49RVtNJkCpkbIBMYqSDcNvryS-K2zkVmKKfBnQp763fpnaNjJsUYmZlCxjRRL7BBLfUFjy9Yx1HXcLaHKc9AMuMtB0RMCIreO64pOM5mRvqNTEQDcfiOf9DkdBmovH0xlyqKmQ_HnAJ7rj2Po6Tgzaqcv57Fsgi2QmF3tjKa0oR1e4GimPH_DhoSEuDyil3BWnEI8FFvbeRGtLb3_OetS79m1TFjoLRv-3i5BAognJA5F8_YQGtd4acvgFtMy324YUBfBFJssSPVRZgsL8ngV0-6ml8PdLP8no0xEIFx5Ic_oPxUw0zrWe38vEldzh50uMhxfQXqNYp3kZAQsZK299oNTu4DQgPYU6agTjq0v2Cai7HeQXUV1XrwzaqvaUtr9TdBOftYyE6x3pn7449JzG6pDejSyY2-lavbC9L08uajOxflUPrtm-v4i_Fmy6nDlHI1IarXRy2tD8fRYYp0fBPVW43fwj67s8LmoMm8nRSnj6lPKpDR_2evlZzW789-meiSo1IzL8gGxk6HL-1BznFs3ipoq8WYzsbF8WsysZ2InSGZyl-dySacaqeHzAFwz85LJplEQGQhZ7cOEa-U7CfwduNDfoFPw0Z-4cn_LwbiRYgVd9t4TtyXgkEUpIQfCNJp4IZ6jDDqo6igsHL8-TN9Vj_xL4eqPK9_eIUpMEt9k1zrcLdITog5LaSg9Sl3AWb_adhZCa-bgYJ2xIv_Y5XpKbr5G6cxvaipvSnbppXRu33mBs2ji69anC5fjym08urc_T9uABDfco1G5PEe1U9KhCNWBYeRmB9QuVCfk4vcu00cCSTW37Cn18Pl6ZoSdof-h0rkIPUOwX2hiDc5-QR7nZsOnxvt2E-K0OayJy1xg3hoBR-7BTnllrPHZebmpyAessN6atrjr-4zTZA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

POST
H2 200 track
a.et.nytimes.com/ 0
0 140ms
139ms Ping
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-181-173.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H3 200 embed Show response
iteratehq.com/api/v1/surveys/ 64 B
857 B 158ms
133ms Fetch
application/json 2606:4700:e6::ac40:c416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/match-prod-02a8363ef31e3609753a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:e6::ac40:c416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea939bd13d79a17cc436d4c3e102d4060cb7ebf0e8e61918f3d034580dff02b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNTQ0MTI5MzQxfQ.UI13nEXGs0udbZxhjyFLruAEed42XwFO4fZlCqOgY1o
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 13 Oct 2022 18:17:14 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GB2BPVsFk6Y9yTizmcjciITsbnEq9WNNGk%2FOSUTZuty661Gr8x6H3OVIcYO4goaDFx5qIba4833Mp8AokCjkUOk8y8aK%2Fe0xkt8dO8cBi2C2o6DE35axoPEal3NdcuF94%2F8cgVpPrjwX%2B5V3"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 759a1229a8939186-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 207ms
147ms Preflight 2606:4700:e6::ac40:c416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 759a12289e2091cf-FRA
content-length: 0
date: Thu, 13 Oct 2022 18:17:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CIRAgXn%2BzP6emfRZjzzr6mmo6cpB2zdCt6OwS9r8BuuF8BIt3oinUNitRVevGxbkS9PSdScDDwUtcYdDyKfrSUzN7wckqB7JlbLgei1EnbU6aX22AyS5PqwcQSpskf73Y%2B%2FPnvE%2BlhOjd61I"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H3 200 embed Show response
iteratehq.com/api/v1/surveys/ 298 B
1003 B 138ms
137ms Fetch
application/json 2606:4700:e6::ac40:c416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/match-prod-02a8363ef31e3609753a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:e6::ac40:c416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e05ed54f96ef1749b566355bcd906ea8e617d01d7b49a17a3fd1cdaead2809ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNTQ0MTI5MzQxfQ.UI13nEXGs0udbZxhjyFLruAEed42XwFO4fZlCqOgY1o
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 13 Oct 2022 18:17:14 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXl3%2Fx2HQKVOwrsavyoJr2lDQScXqGx9wLa50wlhi02GmIOA7JTHG4LVKYzgOi2cOsZKrUkurpIqTU2x7VMp2m%2BfxS8ETn8q8T6SHRATGr%2FBDyAHotSmUhDYoqHBUxexRpVkq%2BAJw37%2Ba8di"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 759a122b5d409186-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H3 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 129ms
129ms Preflight 2606:4700:e6::ac40:c416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:e6::ac40:c416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 759a122a8b099186-FRA
content-length: 0
date: Thu, 13 Oct 2022 18:17:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BpJSGgKibhtbVd17woLpvSt1csy3ctgWl%2FG52YkoRKPCMLwfuECcX7NfppaUAvXZbzx31wrNblQSUJ5KTGoMvBkNzKe0kUa3a6uwVOFMq9Glvy8sb42ZGGJxzQgPyx5xHSWQRPkuOk6ZvQbQ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 track
a.et.nytimes.com/ 0
0 141ms
141ms Ping
application/json 52.207.181.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.207.181.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-181-173.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 02179915.akstat.io
URL: https://02179915.akstat.io/

Domain: 02179915.akstat.io
URL: https://02179915.akstat.io/

Verdicts & Comments Add Verdict or Comment

138 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bloombergbusiness.com/	1970-01-20 15:27:21	Name: sailthru_hid Value: 385da71d80f1a663254be6ae5c35ca2b6277c72f0c69768c87030c34222bf99b88a6571042e9b903814d8a55
.bloombergbusiness.com/	1970-01-20 06:41:35	Name: sailthru_bid Value: 29363474.380344
.nytimes.com/	1970-01-20 15:27:01	Name: nyt-a Value: -xDFAE8cnOgqnBWZmbaL1u
.nytimes.com/	1970-01-20 06:41:46	Name: nyt-gdpr Value: 1
.nytimes.com/	1970-01-20 15:27:01	Name: nyt-purr Value: cfhspnahhudnh
.nytimes.com/	1970-01-20 06:41:46	Name: nyt-us Value: 0
.nytimes.com/	1970-01-20 06:41:46	Name: nyt-geo Value: DE
.nytimes.com/	1969-12-31 23:59:59	Name: nyt-b3-traceid Value: 402f154071b245ce9a66d3a9db097afd
.et.nytimes.com/	1970-01-20 06:41:26	Name: sessionActive Value: true
.et.nytimes.com/	1970-01-20 15:27:01	Name: sessionIndex Value: 1\|1665685028105\|-xDFAE8cnOgqnBWZmbaL1u\|1665685028105
.et.nytimes.com/	1970-01-20 06:42:51	Name: et-ppvid Value: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html=zNByGf8DHDOlMCh0D_x4oV6P
.nytimes.com/	1970-01-20 16:17:25	Name: nyt-m Value: B9AD7278201EEE3F40A6B091F02D7E31&ifv=i.0&g=i.0&imu=i.1&vr=l.4.0.0.0.0&iga=i.0&e=i.1667289600&t=i.0&igf=i.0&iir=i.0&rc=i.1&iub=i.0&igd=i.0&iru=i.1&fv=i.0&prt=i.0&iue=i.0&er=i.1665685029&ft=i.0&cav=i.1&ird=i.0&s=s.core&vp=i.0&igu=i.1&ier=i.0&ira=i.0&v=i.0&pr=l.4.0.0.0.0&imv=i.0&uuid=s.1dd00e91-b2b1-4e49-bf82-efaabd951724&n=i.2&ica=i.0
.a.nytimes.com/	1969-12-31 23:59:59	Name: jkidd-s Value: referrer=&landing=&start=1665685029406&isNew=1&pageIndex=1
.a.nytimes.com/	1970-01-20 15:27:01	Name: jkidd-p Value: prevPage=&currPage=
.nytimes.com/	1970-01-20 06:41:45	Name: b2b_cig_opt Value: %7B%22isCorpUser%22%3Afalse%7D
.nytimes.com/	1970-01-20 06:41:45	Name: edu_cig_opt Value: %7B%22isEduUser%22%3Afalse%7D
.nytimes.com/	1970-01-20 15:27:01	Name: nyt-jkidd Value: uid=0&lastRequest=1665685029406&activeDays=%5B0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C1%5D&adv=1&a7dv=1&a14dv=1&a21dv=1&lastKnownType=anon&newsStartDate=&entitlements=
.nytimes.com/	1970-01-20 16:10:55	Name: purr-cache Value: <K0<r<C_<G_<S0
.nytimes.com/	1970-01-20 08:51:01	Name: _gcl_au Value: 1.1.290346128.1665685031
.nytimes.com/	1970-01-20 15:27:01	Name: datadome Value: dJTdhK9hn3m8eSbhd4T.YicLKE8V8Qa8Kl7SQBrT~ynnqXuJyWqp_46yx.jywrt~6v~pw6bEmLbVsrA-Z9KNX23d_4dF.n_Any5MIVX45eyLj-F-hVwP2MUMqMHeX6a
.nytimes.com/	1970-01-20 16:03:01	Name: __gads Value: ID=8711f64629d2c4e9-22fcfc19fed50011:T=1665685030:S=ALNI_MbyFBrJOPnjxdf4IK9zwy1MM7zgZg
.nytimes.com/	1970-01-20 16:03:01	Name: __gpi Value: UID=00000b10c074b398:T=1665685030:RT=1665685030:S=ALNI_MZbOKGXHEwj18C7tA2lAusEKyNflQ
.doubleclick.net/	1970-01-20 16:03:01	Name: IDE Value: AHWqTUnrQrFVFuIRn2WFmghrtxiGtyJCTewwP18S-x-d05s7AIzGBnUKgu0DLm5-Uuk
.nytimes.com/	1970-01-20 16:10:13	Name: _cb Value: B4vppYjSYKYkynat
.nytimes.com/	1970-01-20 16:10:13	Name: _chartbeat2 Value: .1665685031873.1665685031873.1.BpkAfTCz1YaoCgeVwADItVhNCL4_fO.1
.nytimes.com/	1970-01-20 06:41:26	Name: _cb_svref Value: null
.nytimes.com/	1970-01-20 16:17:25	Name: walley Value: GA1.2.895880919.1665685031
.nytimes.com/	1970-01-20 06:42:51	Name: walley_gid Value: GA1.2.1415980725.1665685032
.nytimes.com/	1970-01-20 06:41:25	Name: _gat_UA-58630905-2 Value: 1
.nytimes.com/	1970-01-20 06:51:29	Name: RT Value: "z=1&dm=nytimes.com&si=16800d6d-ef4b-4582-8f38-434ae1133ca7&ss=l97duwbf&sl=1&tt=4n0&bcn=%2F%2F02179915.akstat.io%2F&ld=4n5"
.nytimes.com/	1970-01-20 16:17:25	Name: iter_id Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2MzQ4NTYyYTUwZDE3MjAwMDE5M2I3MDMiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNjY1Njg1MDM0fQ.6BXFXWW0zfutnCxAKzOjPrEGWxT8nLzWpuc1AD6Sv8I

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://myaccount.nytimes.com/auth/prefetch-assets Message: The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
network	error	URL: https://myaccount.nytimes.com/lire_ui/js/common/abra/index.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com/safeframe/1-0-38/html/ads Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://www.nytimes.com/2022/10/12/us/politics/leonard-leo-courts-dark-money.html?smid=tw-share Message: Access to XMLHttpRequest at 'https://02179915.akstat.io/' from origin 'https://www.nytimes.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://02179915.akstat.io/ Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

02179915.akstat.io
3fznufyx2wqy6y2ikyuq-piy2sf-20cac2430-clientnsv4-s.akamaihd.net
5290727.fls.doubleclick.net
a.et.nytimes.com
a.nytimes.com
a1.nyt.com
adservice.google.com
adservice.google.de
als-svc.nytimes.com
b201fa271537939d49d72526028a2c42.safeframe.googlesyndication.com
c.go-mpulse.net
cdn.brandmetrics.com
collector.brandmetrics.com
dd.nytimes.com
eaarwyaaaibeakqce3ydkaaaczruqvrj-piy2sf-3a47096c6-clienttons-s.akamaihd.net
fonts.googleapis.com
fonts.gstatic.com
g1.nyt.com
insight.adsrvr.org
iteratehq.com
link.mail.bloombergbusiness.com
meter-svc.nytimes.com
mwcm.nytimes.com
myaccount.nytimes.com
pagead2.googlesyndication.com
platform.iteratehq.com
pnytimes.chartbeat.net
purr.nytimes.com
s.go-mpulse.net
samizdat-graphql.nytimes.com
securepubads.g.doubleclick.net
static.chartbeat.com
static01.nyt.com
static01.nytimes.com
tpc.googlesyndication.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
vp.nyt.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.nytimes.com
02179915.akstat.io
142.250.186.166
143.204.215.54
15.197.193.217
151.101.129.164
151.101.65.164
174.129.223.242
20.50.2.28
23.213.161.143
23.213.161.144
2600:9000:223c:7400:18:1fcd:351:7bc1
2606:4700:20::681a:69b
2606:4700:e6::ac40:c416
2606:4700:e6::ac40:c516
2a00:1450:4001:800::2002
2a00:1450:4001:802::2004
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2001
2a00:1450:4001:82b::2008
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a02:26f0:3400:180::11a6
2a02:26f0:3500:16::215:149b
2a02:26f0:480:297::11a6
3.226.166.212
52.207.181.173
52.73.164.105
021d83ded368491a9f0a1671fb7ca0ad89777d49843363c5347387c07d24ecaf
0492c230d8045dc740ba8a03392c886a43fae4fe75426195d36340fea5cc97d5
078a5d6e227e8d58076090356e2b36a3999c610e88ca735fe3eceeeb72a4477c
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
1058cc7e5f45a3d3e526894e8f71720fd4e714d2931331054c48fd51b6a52514
121907192d6464b08b797183be5e0e05bc21c40f189676657e9e3148e44bb771
18ddec635c94f0004919a4c299f1e5bdf1e5cc0efc263669fc343d5cfc6144f3
18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee
19195533133b2d5cf2cc8fc1d489120e453dd814075b3a95a09db6c339c6d1d3
1a4921877a651d0873db28503f132aed42da17b71b686c676d5067d239b1e389
2691e0e8d8dd1f1ddbc3913da712bd7c59bbf25740a371dd50d0be1607421a1e
284b0236a4042298beab7fbd92e85285533473c1316488a1fd2e0aa3522f607a
29706c4ab8f4d48b33ccb0ea813f8afb5f7ac569f623536b96fba6cf1fc60e9b
2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76
2dfb55ac3a2f61ca39ead41ece3fec15996f9f52f3af66fe6506072ab4fc349c
300706e57de1a7af148bd670379c4b39bb36dda8160e42d92747a3139af37816
3dadde92340126226fab77a5a6cef5da6509a1f5abec49e2a159d948f3c7f577
3f3ff62b4e4805fc640f72c92b0a68019559b7f97e41dedfceb7531527e52ccc
3ffd50fa13c896bfe9b14e84acde25bcb538f3f432b0cf92f841e6b893ce94d0
449b52e7fc21c41a4a6ebc6d76f8c34f669bfc17e0f02be5c454f50576a56a0c
48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f
4b9e7c9899fda37a0b55a539279040246a30e742e4a5a57fbb7617f4eafd4e20
4c3803d7a5072fcb6e08e1d85f8748b19a22f8e1adbf7a9414958ddc66df601e
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56151b6f036c712a97f8ab4c39830f8dd3a971e23cd8850ad97577456ea73c6b
564385e5dd8a1058fd759445c33b2c554d409528496b9d91533eeb079f6415de
5795c162503a8a8db1b67d8e38ff5b901d6278579c73750bb6641a69f54baad5
57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
644b9d0302a6693369bc66e0b706d4908d326cacf62b00ad5e6a80a05e66caf9
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
68cbd761014eab89cbd55b58494a2a0ce47ccd8e63e6e946630a0f689857aa5c
6906039b44a54721a862b104fa8ec90efb810fe0bc099084b33bcb27bcdd61dc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7158d44e4125771fd9a4f9ccc746d637488550464d9c3fa44ed9c93158fea178
7754ccb725249f74c6a391fec764a248ca75116ea7e49f1c859563238930bb94
77c51b9b96e69e71adc8642653d1607ddc3a3965b4bd10eac59c2baccadbb798
7bf092f4cf7d479f28b7f4bc8e22d1a5bb6086945bca468c2d714c7d1328433f
7c5807592f903f6dd7aaa3512e5a1a029e01a16b61a5369d4c0983a8e3edff36
7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07
88011d782fa21da0ec301e49080fa9950973db277a33674d252f0fe1e333f61f
8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
90daf02c636450bc0cfd2bcc2409cd8ef537da3aaaf683a12c341fdc0f8ff08a
99f9ce928d01961d64b5fc7dac2df58191816728c2f0e789dd9f8738163f38d1
9a3a5160ccbcba07b73a2d82c9c75dcbeb6429615d68607fa9647f4a94bbc1bf
9d5ef6858a2c8a5be2ad64da747533794b13dbbbf8a08aed9abfc071e8298ba0
9d8eb8edb34facda0ac2650cea1675d2b3206d353c91b361f77bc6cebce60c31
a0b5ec20638081f04cf6b13a93e6653b6fefdb38d2842159918c6d8d95c39c5d
a21a8ba50008bbe4f541f9a96a4e0d9c9eb79d4e1a2b192fca8c0d38501a665c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5331ea0d4a1f9ba6779874bea0f69effa3cc029e12d38e78d6c6873726ea81a
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a931fed0c94dffa9e7b8c2211bbef72da62d20b73cd718be5d515bd8962cf078
abd820e8546a62ad3cf5c3a0f60db3d32d170c2fd9a89fef2ac56b84543f0234
ac4003cf88cbe92cacef3cebee3c05245610bacbd0e1637517f7a2a7793a24ce
b0d873d95875fd621a02740d02259a5584e8f17aa9ab478bc6e223e5bfee4972
b28bb10d1b574db881cdd742dbe4593c1344f78e3ba378350c51cbfcaec51da1
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
b3cf6278d4d8ecb31295bd5cd8ce69fb8ce97934a958dddea00d1ecd9de2289a
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e
b6c3cebe16410a231e7cce2f2377fc4f504b51e29b0c6e326b6779c41b1e94a0
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c91b38dc4d51603266fea7ecc689e901e2ea260b0ca5219eb1a97196487d5598
c9fb083529541e219ad17a00cb201b3dba9dabcdcc01eae4eb9ac04b8cb72216
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d00cbd77067ec5e17df26c2bab2bb050ab6e0518598826993f80f5c68b67de24
d4d5f19a0605c40ba04d4915a7131407dc789126996761bb6c2e2f659c69d39e
d6ca9ef214e2aea76e3bf27ae551646a09759c3a1358776b6ba5b0ad89fe1ded
d7b8ecfd11e8086450c73ba71ec182da2ef46cb8602cfdaccf9640efe20fdcb1
d8e3f0bac129ab6e5a8872b3f141b579fa1875446413112920134e4de99e3677
da252488b1d5ecf21cd3f091e793bd799ba3be1b7241683000bf5eac8e72b990
de032eff92aa5b1b158d6855036a6a41ffe9b7ea52b3e2a98a04147735fd606a
e05ed54f96ef1749b566355bcd906ea8e617d01d7b49a17a3fd1cdaead2809ab
e2afe2918359382ef85085d45f10bf0c29c86765bb2877dcc066e091b605d31e
e3a3e39fca849dd5ca088dcb3176b67eb7258689b1e4b63f7f410e8479a7bf64
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519
ea6e8403bf62c55c1954717c65e41068390e120cab9878cb6851b64cf4b011d0
ea939bd13d79a17cc436d4c3e102d4060cb7ebf0e8e61918f3d034580dff02b9
ee2b394e6f39c52badcd3a3aeba863e0a07e97c19eb1282d132f389d636a14e0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6b033d8369652e0b122fb15470549721f907917a57f40aa35e037836c308d6

www.nytimes.com Open in urlscan Pro 151.101.65.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

115 Requests

97 %HTTPS

59 %IPv6

20 Domains

43 Subdomains

28 IPs

3 Countries

3982 kBTransfer

8490 kBSize

31 Cookies

41 Outgoing links

Page URL History

Redirected requests

115 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.nytimes.com Open in urlscan Pro
151.101.65.164 Public Scan

Screenshot
Live screenshot

Full Image

115
Requests

97 %
HTTPS

59 %
IPv6

20
Domains

43
Subdomains

28
IPs

3
Countries

3982 kB
Transfer

8490 kB
Size

31
Cookies

115 HTTP transactions
1 data transactions