safeschoolsforalex.org Open in urlscan Pro
35.208.139.109 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://r20.rs6.net/tn.jsp?f=001i-YYxsOcQmTPGhNca2s9I4-DrVopyo5uXgrS4VOBZN2u49A6CtQcdwsc1ll_j9r7pmDgzDBMJN2Zh6khGYjc...
Effective URL:
https://safeschoolsforalex.org/donate/
Submission: On April 06 via manual (April 6th 2021, 8:05:48 am UTC) from GB

Summary HTTP 219 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 20 IPs in 3 countries across 14 domains to perform 219 HTTP transactions. The main IP is 35.208.139.109, located in Council Bluffs, United States and belongs to GOOGLE-2, US. The main domain is safeschoolsforalex.org.
TLS certificate: Issued by R3 on March 30th 2021. Valid for: 3 months.

This is the only time safeschoolsforalex.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	208.75.122.11 208.75.122.11	40444 (ASN-CC) (ASN-CC)
1 45	35.208.139.109 35.208.139.109	19527 (GOOGLE-2) (GOOGLE-2)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	151.101.112.174 151.101.112.174	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
3	2606:4700:e6:... 2606:4700:e6::ac40:ca1c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
44	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
3	35.186.235.23 35.186.235.23	15169 (GOOGLE) (GOOGLE)
6	2600:1901:0:7... 2600:1901:0:7a0b::	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:400c:c02::5c	15169 (GOOGLE) (GOOGLE)
12	130.211.34.183 130.211.34.183	15169 (GOOGLE) (GOOGLE)
30	151.101.1.21 151.101.1.21	54113 (FASTLY) (FASTLY)
12	151.101.14.133 151.101.14.133	54113 (FASTLY) (FASTLY)
9	151.101.65.35 151.101.65.35	54113 (FASTLY) (FASTLY)
219	20

1 208.75.122.11 (United States) 1 redirects

ASN40444 (ASN-CC, US)
PTR: rs6.net

r20.rs6.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 35.208.139.109 (Council Bluffs, United States) 1 redirects

ASN19527 (GOOGLE-2, US)
PTR: 109.139.208.35.bc.googleusercontent.com

safeschoolsforalex.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.112.174 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

secure.actblue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e6::ac40:ca1c (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.235.23 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 23.235.186.35.bc.googleusercontent.com

cdn4.mxpnl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1901:0:7a0b:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

sessions.bugsnag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:400c:c02::5c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 130.211.34.183 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 183.34.211.130.bc.googleusercontent.com

api-js.mixpanel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 151.101.1.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 151.101.14.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.65.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	google.com www.google.com pay.google.com play.google.com	1 MB
45	safeschoolsforalex.org 1 redirects safeschoolsforalex.org	5 MB
39	paypal.com www.paypal.com t.paypal.com	844 KB
26	gstatic.com fonts.gstatic.com www.gstatic.com	702 KB
12	paypalobjects.com www.paypalobjects.com	400 KB
12	mixpanel.com api-js.mixpanel.com	1 KB
10	actblue.com secure.actblue.com	1009 KB
6	bugsnag.com sessions.bugsnag.com	361 B
5	google-analytics.com www.google-analytics.com	68 KB
4	fontawesome.com kit.fontawesome.com ka-f.fontawesome.com	23 KB
3	mxpnl.com cdn4.mxpnl.com	76 KB
3	googleapis.com fonts.googleapis.com	2 KB
1	googletagmanager.com www.googletagmanager.com	38 KB
1	rs6.net 1 redirects r20.rs6.net	355 B
219	14

	Domain	Requested by
45	safeschoolsforalex.org	1 redirects safeschoolsforalex.org
39	play.google.com	www.gstatic.com
30	www.paypal.com	secure.actblue.com www.paypal.com www.paypalobjects.com
19	www.gstatic.com	www.google.com www.gstatic.com pay.google.com
12	www.paypalobjects.com	www.paypal.com www.paypalobjects.com
12	api-js.mixpanel.com	cdn4.mxpnl.com
10	secure.actblue.com	safeschoolsforalex.org secure.actblue.com
9	t.paypal.com	secure.actblue.com
9	pay.google.com	secure.actblue.com pay.google.com www.gstatic.com
7	fonts.gstatic.com	fonts.googleapis.com www.google.com
6	sessions.bugsnag.com	secure.actblue.com
6	www.google.com	safeschoolsforalex.org www.gstatic.com www.google.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.gstatic.com
3	cdn4.mxpnl.com	secure.actblue.com
3	ka-f.fontawesome.com	kit.fontawesome.com
3	fonts.googleapis.com	safeschoolsforalex.org
1	kit.fontawesome.com	safeschoolsforalex.org
1	www.googletagmanager.com	safeschoolsforalex.org
1	r20.rs6.net	1 redirects
219	19

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.instagram.com
safe-schools-for-alex.myshopify.com
www.clcent.com

Subject Issuer	Validity	Valid
safeschoolsforalex.org R3	`2021-03-30` - `2021-06-28`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
secure.actblue.com Sectigo RSA Extended Validation Secure Server CA	`2019-10-22` - `2021-10-21`	2 years	crt.sh
www.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-13` - `2021-10-12`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.mxpnl.com RapidSSL RSA CA 2018	`2019-07-29` - `2021-07-28`	2 years	crt.sh
*.bugsnag.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-18` - `2021-05-18`	a year	crt.sh
*.mixpanel.com GeoTrust RSA CA 2018	`2020-04-20` - `2022-04-21`	2 years	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-01-12` - `2022-02-12`	a year	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2019-12-09` - `2021-12-13`	2 years	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2020-11-17` - `2021-11-21`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://safeschoolsforalex.org/donate/
Frame ID: 26A9E79A6D67F4783D7B89A2F6B34663
Requests: 63 HTTP requests in this frame

Frame: https://secure.actblue.com/cf/embed/form/KMxXxKiVxoLoon9rachiV2qU?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB1
Frame ID: 2953EA64824362FAA65055D657C0122D
Requests: 17 HTTP requests in this frame

Frame: https://secure.actblue.com/cf/embed/form/W31qHZSc7E8q3iUJ1HQTKzMa?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB2
Frame ID: 90FE6751FA9A9FEDCD3C386218D3908B
Requests: 17 HTTP requests in this frame

Frame: https://secure.actblue.com/cf/embed/form/wrVHW89us7i3x6gJNZXeE6U5?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB3
Frame ID: 6235BB99F302E6ED9E9B953680C7414E
Requests: 17 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcTdDsaAAAAAPu3Pu0CEzkk4IQCqv1oJ-QkPy4J&co=aHR0cHM6Ly9zYWZlc2Nob29sc2ZvcmFsZXgub3JnOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&cb=4pic2qsk05hw
Frame ID: 7714E1758E92C9C365996CDFCA8C83EE
Requests: 9 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
Frame ID: 9BFCE4AEE8A0E33BB8F9E96F1F4F9826
Requests: 15 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
Frame ID: B646F93E303DDD06AD0E5B7D0755FB3A
Requests: 15 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
Frame ID: CB1698340DDB2FF1F6FEAC7AF5EAD5A8
Requests: 15 HTTP requests in this frame

Frame: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImM5NjI5MmQ0ZGZfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=8cd7dbc256_mdg6mdu6mza&sessionID=12d47ddde1_mdg6mdu6mza&buttonSessionID=53c623aa8c_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
Frame ID: 21726AB88E891F2955F6630DEC9542F3
Requests: 6 HTTP requests in this frame

Frame: data://truncated
Frame ID: AEB1EF152E9AD45E926F4776EA3F448F
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 35DB1FC3743C73D6F2F7366E463A5F76
Requests: 2 HTTP requests in this frame

Frame: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImQxZTRmNDQxMjRfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=29d857053f_mdg6mdu6mza&sessionID=46f88c2602_mdg6mdu6mza&buttonSessionID=b58e3de472_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
Frame ID: 9FCB1C4443A54EBD7DD28BC471E36379
Requests: 6 HTTP requests in this frame

Frame: data://truncated
Frame ID: 84F06FFAA8E79CC524E77A530E4F29E2
Requests: 2 HTTP requests in this frame

Frame: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImZkZGNiNDk5Y2JfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=c218113fd3_mdg6mdu6mza&sessionID=26ada4626c_mdg6mdu6mza&buttonSessionID=c0d95eb744_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
Frame ID: F7618E932C056509A2910159F90B79D3
Requests: 6 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html?frameId=ae2f5512-20b0-4383-ad83-b96a29c7ebb2&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
Frame ID: 0F9571E3AA139038254735A11DBA434F
Requests: 4 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html?frameId=c27a1cff-7826-413e-a352-9355254cc155&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
Frame ID: FDFBCB3A2CBBB3E2C5E3EC04D3F255A5
Requests: 4 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html?frameId=aa181e2b-7927-4e93-8b42-07d6d66dcf4e&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
Frame ID: E44A4E41AA9E5B0A49919DFBDCCEFE76
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://r20.rs6.net/tn.jsp?f=001i-YYxsOcQmTPGhNca2s9I4-DrVopyo5uXgrS4VOBZN2u49A6CtQcdwsc1ll_j9r7... HTTP 302
https://safeschoolsforalex.org/donate HTTP 301
https://safeschoolsforalex.org/donate/ Page URL

Detected technologies

WooCommerce (Ecommerce) Expand

Overall confidence: 100%
Detected patterns

meta generator /WooCommerce ([\d.]+)/i

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i
meta generator /WooCommerce ([\d.]+)/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i
meta generator /WooCommerce ([\d.]+)/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i
meta generator /WooCommerce ([\d.]+)/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

219
Requests

100 %
HTTPS

60 %
IPv6

14
Domains

19
Subdomains

20
IPs

3
Countries

9158 kB
Transfer

20254 kB
Size

10
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/SafeSchoolsForAlex/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/alexsafeschools
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/safeschoolsforalex
Title: Instagram

Search URL Search Domain Scan URL

URL: https://safe-schools-for-alex.myshopify.com/collections/all
Title: Store

Search URL Search Domain Scan URL

URL: https://www.clcent.com/
Title: CLC Ent

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://r20.rs6.net/tn.jsp?f=001i-YYxsOcQmTPGhNca2s9I4-DrVopyo5uXgrS4VOBZN2u49A6CtQcdwsc1ll_j9r7pmDgzDBMJN2Zh6khGYjcysuMM3Hb9hPSUHdljh9rQDdop9_P5qcjPkqK-yqajoZHmNoG_Qr0YMjd-fdXPOikuMCgWUCI1PjX&c=OwL_W_kdEaO8nJYKv4usmC0yy4dB4t_a7D8KrHWEomNiDZHBVcUJFg==&ch=NblYBlXNuKaE6O6Dd1bQWxfZBfsjSUpHQFyJPGgfH4DCdA98w45bMg== HTTP 302
https://safeschoolsforalex.org/donate HTTP 301
https://safeschoolsforalex.org/donate/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

219 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
safeschoolsforalex.org/donate/
Redirect Chain

http://r20.rs6.net/tn.jsp?f=001i-YYxsOcQmTPGhNca2s9I4-DrVopyo5uXgrS4VOBZN2u49A6CtQcdwsc1ll_j9r7pmDgzDBMJN2Zh6khGYjcysuMM3Hb9hPSUHdljh9rQDdop9_P5qcjPkqK-yqajoZHmNoG_Qr0YMjd-fdXPOikuMCgWUCI1PjX&c=OwL...
https://safeschoolsforalex.org/donate
https://safeschoolsforalex.org/donate/

40 KB
9 KB

125ms
124ms

Document
text/html

35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 24bfa05b536e030f694b6cdd3e40427b1a6c1131f90c14abaf92f6495509b3f2

Request headers

:method: GET
:authority: safeschoolsforalex.org
:scheme: https
:path: /donate/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Tue, 06 Apr 2021 08:05:29 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-cache-enabled: True
link: <https://safeschoolsforalex.org/wp-json/>; rel="https://api.w.org/", <https://safeschoolsforalex.org/wp-json/wp/v2/pages/12844>; rel="alternate"; type="application/json", <https://safeschoolsforalex.org/?p=12844>; rel=shortlink
x-httpd: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-proxy-cache: HIT
content-encoding: br

Redirect headers

server: nginx
date: Tue, 06 Apr 2021 08:05:28 GMT
content-type: text/html; charset=UTF-8
location: https://safeschoolsforalex.org/donate/
x-cache-enabled: True
x-redirect-by: WordPress
x-httpd: 1
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-proxy-cache: MISS
x-proxy-cache-info: 0 NC:000000 UP:

GET
H2 200 modules.ttf
safeschoolsforalex.org/wp-content/plugins/bloom/core/admin/fonts/ 90 KB
91 KB 125ms
125ms Font
application/octet-stream 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/bloom/core/admin/fonts/modules.ttf
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: d201a2c3118a00c82cc48e89815f5139f23956bbe248107dcf522acc77b97c09

Request headers

Origin: https://safeschoolsforalex.org
Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
last-modified: Fri, 02 Apr 2021 02:55:54 GMT
server: nginx
etag: "606687ba-168f0"
x-proxy-cache-info: DT:1
content-type: application/octet-stream
cache-control: max-age=15552000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 92400
expires: Sun, 03 Oct 2021 08:05:29 GMT

GET
H2 200 sbi-styles.min.css
safeschoolsforalex.org/wp-content/plugins/instagram-feed/css/ 16 KB
3 KB 341ms
337ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: df15236d4098113e3479fc540a9bd1046ca6029f5508098e9c4245a0e12fab05

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 02:55:55 GMT
server: nginx
etag: W/"606687bb-41cd"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 style.min.css
safeschoolsforalex.org/wp-includes/css/dist/block-library/ 57 KB
8 KB 341ms
337ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-includes/css/dist/block-library/style.min.css?ver=5.7
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:00 GMT
server: nginx
etag: W/"6049a4c0-e358"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 vendors-style.css
safeschoolsforalex.org/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/ 3 KB
1 KB 341ms
338ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/vendors-style.css?ver=4.4.3
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: ae707ec81b142f04b6d5f785a5d4f7e8301bdb62a95288dee1f3e58930d21c7a

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:13 GMT
server: nginx
etag: W/"6049a4cd-ccc"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 style.css
safeschoolsforalex.org/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/ 167 KB
17 KB 341ms
338ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/style.css?ver=4.4.3
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2924ea36a075d22f18a9fac2ad9a0e3a8aa2bf9195ba462ff626df6bcd05e97a

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:13 GMT
server: nginx
etag: W/"6049a4cd-29a8a"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 style.css
safeschoolsforalex.org/wp-content/plugins/constant-contact-forms/assets/css/ 14 KB
4 KB 341ms
338ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/constant-contact-forms/assets/css/style.css?ver=1.10.1
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 52f300eb6c5da21fd086ca1bf5e6b9f46fd3eb4d53de40683a2cf6e59681d3e3

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Wed, 30 Dec 2020 19:47:12 GMT
server: nginx
etag: W/"5fecd940-3809"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 woocommerce-layout.css
safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/css/ 18 KB
3 KB 342ms
338ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=5.1.0
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 48052f6267b2e21fb086ad26457c715b3b8b5e8c6fcbcdea42589da06b05e9be

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:13 GMT
server: nginx
etag: W/"6049a4cd-4605"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 woocommerce.css
safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/css/ 61 KB
8 KB 342ms
338ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=5.1.0
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 37811d4d55ec74751bcaa643b3a9798f1d577ac2910b63c6ca202c2e36544e05

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:13 GMT
server: nginx
etag: W/"6049a4cd-f553"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 css
fonts.googleapis.com/ 22 KB
1 KB 17ms
14ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap

Requested by

Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cc5fd132061a74f7734ff3ff5e31d6fc9e9ecf30798d98f9f1ac0bceb37fb7db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 07:42:03 GMT
server: ESF
date: Tue, 06 Apr 2021 08:05:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Apr 2021 08:05:29 GMT

GET
H2 200 style.css
safeschoolsforalex.org/wp-content/themes/Divi/ 804 KB
68 KB 341ms
339ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/themes/Divi/style.css?ver=4.9.3
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 242297298a4af891b89bc1c18f5e5229013dc8f1b341924009eba87998f70a89

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 02:58:59 GMT
server: nginx
etag: W/"60668873-c9087"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 dashicons.min.css
safeschoolsforalex.org/wp-includes/css/ 58 KB
35 KB 341ms
339ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-includes/css/dashicons.min.css?ver=5.7
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8273f0538929ede9599e3cfea8142a252a7d0cb6dbacb230bf188490dde79d4b

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Tue, 12 Jan 2021 22:55:59 GMT
server: nginx
etag: W/"5ffe28ff-e682"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 classic-styles.css
safeschoolsforalex.org/wp-content/plugins/seamless-donations/css/ 2 KB
910 B 341ms
339ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/seamless-donations/css/classic-styles.css?ver=5.7
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: ecfd7d14f210ce60bc77a77a0611a4860baba5fd3aefb32ce077ec55ec837584

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:04 GMT
server: nginx
etag: W/"6049a4c4-999"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 jquery.min.js Show response
safeschoolsforalex.org/wp-includes/js/jquery/ 87 KB
30 KB 342ms
340ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Tue, 12 Jan 2021 22:55:59 GMT
server: nginx
etag: W/"5ffe28ff-15d98"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 jquery-migrate.min.js Show response
safeschoolsforalex.org/wp-includes/js/jquery/ 11 KB
4 KB 342ms
340ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Tue, 12 Jan 2021 22:55:59 GMT
server: nginx
etag: W/"5ffe28ff-2bd8"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 seamless-donations.js Show response
safeschoolsforalex.org/wp-content/plugins/seamless-donations/js/ 16 KB
3 KB 342ms
340ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/seamless-donations/js/seamless-donations.js?ver=5.7
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 09f2339d48475b6576f2a626626f676ab4712b63aef868522a4726ee1e0bea7a

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:04 GMT
server: nginx
etag: W/"6049a4c4-41b9"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 uuid.js Show response
safeschoolsforalex.org/wp-content/plugins/seamless-donations/library/node-uuid/ 8 KB
3 KB 342ms
340ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/seamless-donations/library/node-uuid/uuid.js?ver=5.7
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 762df474becdf79f7b43c500a50584ec02235a547685b547adeab187b3625f82

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:04 GMT
server: nginx
etag: W/"6049a4c4-1f4d"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 19ms
15ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-158520291-1

Requested by

Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ca07be610951217827ec9b7e002118150553d2862e2ce4229bf71820a8e9ec91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39084
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 06 Apr 2021 08:05:29 GMT

GET
H2 200 1be06d5575.js Show response
kit.fontawesome.com/ 11 KB
4 KB 64ms
45ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/1be06d5575.js

Requested by

Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01c03dc65917472f8fc9158ddd35db988d1d69d59b5b445a673b6b5b6631b3dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Origin: https://safeschoolsforalex.org
Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: gzip
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-cache-status: REVALIDATED
strict-transport-security: max-age=31536000; preload
cf-request-id: 0947d025b600002b228f0be000000001
x-request-id: FnL4Jfd0cLGxr5Flvf4B
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
cf-ray: 63b982e92ebb2b22-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token

GET
H2 200 et-core-unified-12844-16173830654532.min.css
safeschoolsforalex.org/wp-content/et-cache/12844/ 10 KB
2 KB 341ms
339ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/et-cache/12844/et-core-unified-12844-16173830654532.min.css
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: abd0f491a689f77e49cebb91b01843bdf10550c6d8a72aa6cbff7476b0541b4d

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 17:04:26 GMT
server: nginx
etag: W/"60674e9a-2746"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 ssfa-site-logo.png
safeschoolsforalex.org/wp-content/uploads/2021/03/ 12 KB
12 KB 273ms
270ms Image
image/png 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://safeschoolsforalex.org/wp-content/uploads/2021/03/ssfa-site-logo.png
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: ef8bba674c8abfbca8ca3b8522a3ccadc65e6d545dd7ad9b79d8235a7477548e

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
last-modified: Wed, 31 Mar 2021 06:57:23 GMT
server: nginx
etag: "60641d53-2f02"
x-proxy-cache-info: DT:1
content-type: image/png
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 12034
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 actblue.js Show response
secure.actblue.com/cf/assets/ 26 KB
9 KB 47ms
10ms Script
application/javascript 151.101.112.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/assets/actblue.js

Requested by

Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.174 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6ac06927301509c34186b5afbae45aab433d118bdba3f3199b6bfb7435bdc03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified: Mon, 05 Apr 2021 18:53:13 GMT
age: 38198
etag: W/"662c-178a361b5a8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
x-start: 2021-04-06 08:05:29.646
cache-control: max-age=600, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 8442
x-xss-protection: 1; mode=block

GET
H3-Q050 200 css
fonts.googleapis.com/ 7 KB
643 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin

Requested by

Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e4b20c06a20b7c958a8ebc8d7dd6766a94be7adfb473f4f68e2217b08620fda4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 07:40:47 GMT
server: ESF
date: Tue, 06 Apr 2021 08:05:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Apr 2021 08:05:29 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ 4 KB
653 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700&ver=1.3.12

Requested by

Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

016b91219c6ed7712bdfed0dfa714b53c5df005847771cddf79e2a3a5d5679ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 07:30:38 GMT
server: ESF
date: Tue, 06 Apr 2021 08:05:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Apr 2021 08:05:29 GMT

GET
H2 200 style.css
safeschoolsforalex.org/wp-content/plugins/bloom/css/ 93 KB
10 KB 129ms
124ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/bloom/css/style.css?ver=1.3.12
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 846190311422b8501d25e7fa82a6f03640979882b59b875da0c038877bd15151

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 02:55:54 GMT
server: nginx
etag: W/"606687ba-1756f"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 ctct-plugin-recaptcha-v2.min.js Show response
safeschoolsforalex.org/wp-content/plugins/constant-contact-forms/assets/js/ 2 KB
957 B 139ms
134ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/constant-contact-forms/assets/js/ctct-plugin-recaptcha-v2.min.js?ver=1.10.1
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: edb6f141b07ff242615990a494d2414642dd43cf2b2adc831829cb780c249d05

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Wed, 30 Dec 2020 19:47:12 GMT
server: nginx
etag: W/"5fecd940-695"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 910 B
674 B 17ms
14ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=renderReCaptcha&render=explicit&ver=1.10.1

Requested by

Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7e054c0da8f57ec42fe7e07950ef558945abd596a3adadbccecbbc169d56cc0b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 577
x-xss-protection: 1; mode=block
expires: Tue, 06 Apr 2021 08:05:29 GMT

GET
H2 200 ctct-plugin-frontend.min.js Show response
safeschoolsforalex.org/wp-content/plugins/constant-contact-forms/assets/js/ 4 KB
2 KB 149ms
144ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/constant-contact-forms/assets/js/ctct-plugin-frontend.min.js?ver=1.10.1
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7492bcaf89227f32ce7d709ec7a16644041d2782ec5fec2f810f2b040f475b87

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Wed, 30 Dec 2020 19:47:12 GMT
server: nginx
etag: W/"5fecd940-103f"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 jquery.blockUI.min.js Show response
safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/js/jquery-blockui/ 9 KB
3 KB 157ms
152ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 255c7a1fa69437e6e19994bcd662189c05d12bf98f2eecdee9f31690942336e4

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:13 GMT
server: nginx
etag: W/"6049a4cd-2503"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 add-to-cart.min.js Show response
safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/js/frontend/ 3 KB
1 KB 165ms
160ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=5.1.0
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:13 GMT
server: nginx
etag: W/"6049a4cd-bdd"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 js.cookie.min.js Show response
safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/js/js-cookie/ 2 KB
1 KB 173ms
169ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:13 GMT
server: nginx
etag: W/"6049a4cd-72a"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 woocommerce.min.js Show response
safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/js/frontend/ 2 KB
917 B 181ms
176ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.1.0
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6a2fd8165871a31946da9b2cb6ecc55a0dcbcdbc8b34be6ec4cc9eaafd7ab783

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:13 GMT
server: nginx
etag: W/"6049a4cd-812"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 cart-fragments.min.js Show response
safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/js/frontend/ 3 KB
1 KB 187ms
182ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.1.0
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9c7c023f91428234ca0ea4df1199758686f4dcd04da96ba63571788fb3389c0b

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:13 GMT
server: nginx
etag: W/"6049a4cd-b7a"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 custom.unified.js Show response
safeschoolsforalex.org/wp-content/themes/Divi/js/ 487 KB
116 KB 212ms
207ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/themes/Divi/js/custom.unified.js?ver=4.9.3
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 22a2bafdd84fb9b135c603a453dc001e1c3dc97891b8a310d9b2b9a99814e35f

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 02:58:59 GMT
server: nginx
etag: W/"60668873-79a8b"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 es6-promise.auto.min.js Show response
safeschoolsforalex.org/wp-content/plugins/bloom/core/admin/js/ 7 KB
3 KB 227ms
222ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/bloom/core/admin/js/es6-promise.auto.min.js?ver=4.9.3
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7b3a7e4265228a39bea0d22ac1aedb86219a7b521a831827f7f4579ca5ae4156

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 02:55:54 GMT
server: nginx
etag: W/"606687ba-1aa1"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
661 B 19ms
15ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LcTdDsaAAAAAPu3Pu0CEzkk4IQCqv1oJ-QkPy4J&ver=4.9.3

Requested by

Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4ae7dd540cfd0caeceb65acd010bf4e477b6ab4266fc6983e412fd3e8a9cdce0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 586
x-xss-protection: 1; mode=block
expires: Tue, 06 Apr 2021 08:05:29 GMT

GET
H2 200 recaptcha.js Show response
safeschoolsforalex.org/wp-content/plugins/bloom/core/admin/js/ 2 KB
903 B 229ms
224ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/bloom/core/admin/js/recaptcha.js?ver=4.9.3
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6c1510ef35e8322bf3c09c53aa955cd3b0a9e5ac65d15dd518c84ffc4b511c9f

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 02:55:54 GMT
server: nginx
etag: W/"606687ba-6a0"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 common.js Show response
safeschoolsforalex.org/wp-content/plugins/bloom/core/admin/js/ 1 KB
738 B 236ms
232ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/bloom/core/admin/js/common.js?ver=4.9.3
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 02:55:54 GMT
server: nginx
etag: W/"606687ba-53f"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 wp-embed.min.js Show response
safeschoolsforalex.org/wp-includes/js/ 1 KB
911 B 243ms
239ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-includes/js/wp-embed.min.js?ver=5.7
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 04 Feb 2021 03:07:46 GMT
server: nginx
etag: W/"601b6502-592"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 jquery.uniform.min.js Show response
safeschoolsforalex.org/wp-content/plugins/bloom/js/ 8 KB
3 KB 252ms
248ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/bloom/js/jquery.uniform.min.js?ver=1.3.12
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8a41d60f7762f2db0792fd909c3c09725f93d8fe1e94efcb2ca04293921e277a

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 02:55:54 GMT
server: nginx
etag: W/"606687ba-2074"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 custom.js Show response
safeschoolsforalex.org/wp-content/plugins/bloom/js/ 28 KB
6 KB 260ms
256ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/bloom/js/custom.js?ver=1.3.12
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 279f6b481748c18d498dd5ad4cb01aee8aaab9fe2845094491f2632d4b99b686

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 02:55:54 GMT
server: nginx
etag: W/"606687ba-7187"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 idle-timer.min.js Show response
safeschoolsforalex.org/wp-content/plugins/bloom/js/ 2 KB
1 KB 267ms
263ms Script
application/javascript 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/bloom/js/idle-timer.min.js?ver=1.3.12
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 92c35f839d90ea55730d05ce3ea859cb598cd85eb20be3ed55621bb8baa3aa36

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Fri, 02 Apr 2021 02:55:54 GMT
server: nginx
etag: W/"606687ba-9d6"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 woocommerce-smallscreen.css
safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/css/ 7 KB
1 KB 280ms
276ms Stylesheet
text/css 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=5.1.0
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: a7a83e60e7e3b8cadeed69327ba498b4cd68605db6e408729fa1b946758e7501

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
content-encoding: br
last-modified: Thu, 11 Mar 2021 05:04:13 GMT
server: nginx
etag: W/"6049a4cd-1b83"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.3/css/ 59 KB
12 KB 39ms
20ms Fetch
text/css 2606:4700:e6::ac40:ca1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.3/css/free.min.css?token=1be06d5575
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/1be06d5575.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2819ca1f7ad1af7ba53c4edfdfd395c547bcb16d29892a234d7860c689ed929

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
via: 1.1 68589ba2b1a9a54786dcb97934f8038c.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1185411
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0947d02794000005f5349ea000000001
last-modified: Wed, 17 Mar 2021 02:23:57 GMT
server: cloudflare
etag: W/"390b4210e10c744c3c597500bcf0b31a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yUy09Hw0TaELDi7MjCsg%2F8m1RSX2aoDmiL9nalTEW4L1WhA0GQG6oQefHHGPlbkcDWFLYu3ze4rzSfUVP75MQyJK1jD%2Ffk4o3mlVs9Y4L%2BVuN1ewrPFOjRQBNeg5Ks7A3g%3D%3D"}],"max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: LHR62-C3
cf-ray: 63b982ec19d805f5-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 5GfH1OPtkxDcNlcKiH0lkAMwrPb_a0liF7hMmv_WXxaSDAgnuKgqMA==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.3/css/ 26 KB
4 KB 34ms
16ms Fetch
text/css 2606:4700:e6::ac40:ca1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-shims.min.css?token=1be06d5575
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/1be06d5575.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 362daeaf1f7e05fee9a609e549f148aacbe518c166fbd96ead69057e295742af

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
via: 1.1 7d1508836f92a5f0f979c23535e9c7af.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1185411
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0947d02794000005f564010000000001
last-modified: Wed, 17 Mar 2021 02:23:57 GMT
server: cloudflare
etag: W/"8a99ce81ec2f89fbca03f2c8cf1a3679"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0132KMHawzQ9nVeygdcOWrBYjdwkDyhxZmGBz%2FQhqmi%2BoGYF8MHGqskjJAi8nI%2BKdCb43ezyxHqmkVSDZmCXEy%2BQw8ydUfBEuPwsiuXSIju0AVtE85d%2BPkTU0ntYYQGqKQ%3D%3D"}],"max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: LHR62-C3
cf-ray: 63b982ec19db05f5-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: QMtWLK9oJccmQGr8SbiiwT0j7hgLfXniSZ59AgHZK5YURyjKeP3zIg==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v5.15.3/css/ 3 KB
2 KB 34ms
15ms Fetch
text/css 2606:4700:e6::ac40:ca1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-font-face.min.css?token=1be06d5575
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/1be06d5575.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc39faeca56080ddf58d15275b2fe0cfa3bc1ec8afd82508555b25555ec95086

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
via: 1.1 68589ba2b1a9a54786dcb97934f8038c.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1185411
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0947d02794000005f571058000000001
last-modified: Wed, 17 Mar 2021 02:23:57 GMT
server: cloudflare
etag: W/"22be82a519ceafc43258d8f58a37fcf5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hm5uTvdA9fwcWkIHG3FYeykUSMXHDTbEsSLwHGR246dOkDmkpCsvotiJHAFIwPybnMbIgltZmQ85Sj4PQ2GiXbiWnynDd8dP36eyeVBBI8uCBr0BfvCoDl9CVc%2FaIOYAXA%3D%3D"}],"max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: LHR62-C3
cf-ray: 63b982ec19dc05f5-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: C6A1xj9Aw3Box4rNIXQ7Jw9K4CYZV4UKeDXfb-jDy6K0i_iCAlmX_w==

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 5ms
5ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://safeschoolsforalex.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 338512
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H2 200 modules.ttf
safeschoolsforalex.org/wp-content/themes/Divi/core/admin/fonts/ 90 KB
91 KB 272ms
271ms Font
application/octet-stream 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/themes/Divi/core/admin/fonts/modules.ttf
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/wp-content/themes/Divi/style.css?ver=4.9.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: d201a2c3118a00c82cc48e89815f5139f23956bbe248107dcf522acc77b97c09

Request headers

Origin: https://safeschoolsforalex.org
Referer: https://safeschoolsforalex.org/wp-content/themes/Divi/style.css?ver=4.9.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
last-modified: Fri, 02 Apr 2021 02:58:59 GMT
server: nginx
etag: "60668873-168f0"
x-proxy-cache-info: DT:1
content-type: application/octet-stream
cache-control: max-age=15552000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 92400
expires: Sun, 03 Oct 2021 08:05:29 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://safeschoolsforalex.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 00:24:16 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:47 GMT
server: sffe
age: 459673
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
expires: Fri, 01 Apr 2022 00:24:16 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://safeschoolsforalex.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 338512
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H3-Q050 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ 23 KB
23 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://safeschoolsforalex.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 04:06:34 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 446335
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
expires: Fri, 01 Apr 2022 04:06:34 GMT

GET
H2 200 SafeSchools.png
safeschoolsforalex.org/wp-content/uploads/2020/02/ 3 MB
3 MB 197ms
196ms Image
image/png 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://safeschoolsforalex.org/wp-content/uploads/2020/02/SafeSchools.png
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2afbe6beaf1d4baf33463cfb2116530809aff74094741440f83a2850d4e7f7dc

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
last-modified: Mon, 10 Feb 2020 18:05:46 GMT
server: nginx
etag: "5e419b7a-3667d0"
x-proxy-cache-info: DT:1
content-type: image/png
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 3565520
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 2.png
safeschoolsforalex.org/wp-content/uploads/2021/02/ 565 KB
566 KB 224ms
223ms Image
image/png 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://safeschoolsforalex.org/wp-content/uploads/2021/02/2.png
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8b4e355d55d0ed72e0991a3005611a44cfaec9796ad71698cb3bfe184ccb6ec5

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
last-modified: Fri, 12 Feb 2021 23:23:59 GMT
server: nginx
etag: "60270e0f-8d4af"
x-proxy-cache-info: DT:1
content-type: image/png
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 578735
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 1.png
safeschoolsforalex.org/wp-content/uploads/2021/02/ 192 KB
192 KB 224ms
223ms Image
image/png 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://safeschoolsforalex.org/wp-content/uploads/2021/02/1.png
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: b497497fee027bbeff9e4a353db845cb5cb5835a03e5fb5b842c2adc5d8f3fe6

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
last-modified: Fri, 12 Feb 2021 23:24:22 GMT
server: nginx
etag: "60270e26-2fefd"
x-proxy-cache-info: DT:1
content-type: image/png
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 196349
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 ss4a_logo_white_200.png
safeschoolsforalex.org/wp-content/uploads/2018/06/ 8 KB
8 KB 224ms
223ms Image
image/png 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://safeschoolsforalex.org/wp-content/uploads/2018/06/ss4a_logo_white_200.png
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/donate/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5ebe5571f5f7c5087ab450b4f84b7ac68ebc76cbc740bf1b3041a609b305f8cc

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
last-modified: Thu, 06 Feb 2020 20:20:18 GMT
server: nginx
etag: "5e3c7502-1ef1"
x-proxy-cache-info: DT:1
content-type: image/png
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 7921
expires: Wed, 06 Apr 2022 08:05:29 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
17 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-158520291-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
date: Tue, 06 Apr 2021 08:05:29 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17432
expires: Tue, 06 Apr 2021 10:05:29 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ 332 KB
130 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=renderReCaptcha&render=explicit&ver=1.10.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://safeschoolsforalex.org
Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60157
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132755
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 04:06:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Apr 2022 15:22:52 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
69 B 13ms
13ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&a=11320991&t=pageview&_s=1&dl=https%3A%2F%2Fsafeschoolsforalex.org%2Fdonate%2F&ul=en-us&de=UTF-8&dt=Donate%204221%20-%20Safe%20Schools%20For%20Alex&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1155153393&gjid=2075740543&cid=2139440756.1617696330&tid=UA-158520291-1&_gid=816145748.1617696330&_r=1&gtm=2ou3o0&z=244841393

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://safeschoolsforalex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 06 Apr 2021 08:05:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://safeschoolsforalex.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KMxXxKiVxoLoon9rachiV2qU Show response
secure.actblue.com/cf/embed/form/ Frame 2953 55 KB
12 KB 10ms
10ms Document
text/html 151.101.112.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/embed/form/KMxXxKiVxoLoon9rachiV2qU?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB1

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/actblue.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.174 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d3bf2dfd679bb242e84071dccad82d64b09906652b2762c9ccc4a14b1d5bafff

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://safeschoolsforalex.org;
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: secure.actblue.com
:scheme: https
:path: /cf/embed/form/KMxXxKiVxoLoon9rachiV2qU?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://safeschoolsforalex.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://safeschoolsforalex.org/

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-security-policy: frame-ancestors https://safeschoolsforalex.org;
content-type: text/html; charset=utf-8
etag: W/"dc52-cY5NGBFtjaCl2Jyuaj4DbQe8iTc"
x-form-app: kittens! [Server: node: us]
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
content-encoding: gzip
accept-ranges: bytes
date: Tue, 06 Apr 2021 08:05:29 GMT
age: 33510
vary: Accept-Encoding
set-cookie: skip_prefill_check=true; Secure
x-start: 2021-04-06 08:05:29.901
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
content-length: 11722

GET
H2 200 W31qHZSc7E8q3iUJ1HQTKzMa Show response
secure.actblue.com/cf/embed/form/ Frame 90FE 53 KB
12 KB 8ms
8ms Document
text/html 151.101.112.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/embed/form/W31qHZSc7E8q3iUJ1HQTKzMa?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB2

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/actblue.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.174 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0e56c010fa1b2a51777afba49b6f8246f05d85c159b4cafdac802f9261d744bb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://safeschoolsforalex.org;
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: secure.actblue.com
:scheme: https
:path: /cf/embed/form/W31qHZSc7E8q3iUJ1HQTKzMa?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://safeschoolsforalex.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://safeschoolsforalex.org/

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-security-policy: frame-ancestors https://safeschoolsforalex.org;
content-type: text/html; charset=utf-8
etag: W/"d543-Kvoliv9iv4RxaNz/WlS3gH01G7A"
x-form-app: kittens! [Server: node: us]
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
content-encoding: gzip
accept-ranges: bytes
date: Tue, 06 Apr 2021 08:05:29 GMT
age: 33510
vary: Accept-Encoding
set-cookie: skip_prefill_check=true; Secure
x-start: 2021-04-06 08:05:29.901
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
content-length: 11701

GET
H2 200 wrVHW89us7i3x6gJNZXeE6U5 Show response
secure.actblue.com/cf/embed/form/ Frame 6235 53 KB
12 KB 10ms
10ms Document
text/html 151.101.112.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/embed/form/wrVHW89us7i3x6gJNZXeE6U5?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB3

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/actblue.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.174 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6df9c612b80b372af8d344719a1db75bd19dbbfa952d3425faa8a5624822cbd7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://safeschoolsforalex.org;
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: secure.actblue.com
:scheme: https
:path: /cf/embed/form/wrVHW89us7i3x6gJNZXeE6U5?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://safeschoolsforalex.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://safeschoolsforalex.org/

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-security-policy: frame-ancestors https://safeschoolsforalex.org;
content-type: text/html; charset=utf-8
etag: W/"d4fa-u2h+uTo4O2rmKjtk6cRVoymwXOg"
x-form-app: kittens! [Server: node: us]
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
content-encoding: gzip
accept-ranges: bytes
date: Tue, 06 Apr 2021 08:05:29 GMT
age: 33510
vary: Accept-Encoding
set-cookie: skip_prefill_check=true; Secure
x-start: 2021-04-06 08:05:29.902
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
content-length: 11694

GET
H3-Q050 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 7714 19 KB
10 KB 26ms
26ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcTdDsaAAAAAPu3Pu0CEzkk4IQCqv1oJ-QkPy4J&co=aHR0cHM6Ly9zYWZlc2Nob29sc2ZvcmFsZXgub3JnOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&cb=4pic2qsk05hw

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

27c270c0d311ffb9c9394850a4e01b896c08e66852ce145a59e7c93a37b80cac

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-11XQ3FVEhizdeFgHGKgndg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LcTdDsaAAAAAPu3Pu0CEzkk4IQCqv1oJ-QkPy4J&co=aHR0cHM6Ly9zYWZlc2Nob29sc2ZvcmFsZXgub3JnOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&cb=4pic2qsk05hw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://safeschoolsforalex.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://safeschoolsforalex.org/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 06 Apr 2021 08:05:29 GMT
content-security-policy: script-src 'report-sample' 'nonce-11XQ3FVEhizdeFgHGKgndg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10215
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 / Show response
safeschoolsforalex.org/ 210 B
487 B 485ms
485ms XHR
application/json 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL

https://safeschoolsforalex.org/?wc-ajax=get_refreshed_fragments

Requested by

Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),

Reverse DNS

109.139.208.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

3e799d21e1116a135fcd10c071506f34b99cf79d93b5548199e1376f88b62434

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Referer: https://safeschoolsforalex.org/donate/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: br
x-content-type-options: nosniff
content-type: application/json; charset=UTF-8
server: nginx
vary: Accept-Encoding
x-proxy-cache-info: DT:1
x-cache-enabled: True
access-control-allow-origin: https://safeschoolsforalex.org
x-httpd: 1
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3-Q050 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ 22 KB
23 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,100,100italic,300,300italic,400italic,700,700italic,900,900italic&subset=latin

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://safeschoolsforalex.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 22:16:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
age: 467369
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
expires: Thu, 31 Mar 2022 22:16:00 GMT

GET
H2 200 ET-Bloom.woff
safeschoolsforalex.org/wp-content/plugins/bloom/css/fonts/ 6 KB
6 KB 202ms
201ms Font
font/woff 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://safeschoolsforalex.org/wp-content/plugins/bloom/css/fonts/ET-Bloom.woff?gd6mr8
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/wp-content/plugins/bloom/css/style.css?ver=1.3.12
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 89b6fc20e99da6c304c84e47abe126d4f7eb31e5366e97b451a9aca07181ddb3

Request headers

Origin: https://safeschoolsforalex.org
Referer: https://safeschoolsforalex.org/wp-content/plugins/bloom/css/style.css?ver=1.3.12
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
last-modified: Fri, 02 Apr 2021 02:55:54 GMT
server: nginx
etag: "606687ba-172c"
x-proxy-cache-info: DT:1
content-type: font/woff
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 5932
expires: Wed, 06 Apr 2022 08:05:30 GMT

GET
H2 200 11abb70a3645f506dd83.js Show response
secure.actblue.com/cf/assets/embedForm/ Frame 90FE 1 MB
322 KB 8ms
8ms Script
application/javascript 151.101.112.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/W31qHZSc7E8q3iUJ1HQTKzMa?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.174 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10adc36ee685bbfefa2aa592e96f3ab9ffdc50a86fb594a65a665ab9e8a302d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/cf/embed/form/W31qHZSc7E8q3iUJ1HQTKzMa?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:29 GMT
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified: Mon, 05 Apr 2021 18:55:52 GMT
age: 38185
etag: W/"10b193-178a36422c0"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
x-start: 2021-04-06 08:05:29.990
cache-control: max-age=31557600, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 329362
x-xss-protection: 1; mode=block

GET
H2 200 mixpanel-2-latest.min.js Show response
cdn4.mxpnl.com/libs/ Frame 90FE 75 KB
25 KB 28ms
7ms Script
text/javascript 35.186.235.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/W31qHZSc7E8q3iUJ1HQTKzMa?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.235.23 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.235.186.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 07bf87548212f24057ba352fed5ec567dab724b44a7fc88ddc393cbc7706d033

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 07:58:12 GMT
content-encoding: gzip
age: 438
x-guploader-uploadid: ABg5-UwnJouLFXsjgmQvoNvmQ-P0hr1wjNjzEhlvvybDaRrLByHutdbEMdvrFPngSdmJQx83BU0-ReDRS5O4bOOBBmY
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 25572
last-modified: Thu, 28 Jan 2021 18:21:54 GMT
server: UploadServer
etag: "765779983eed1c9fc2821b4507eea08b"
vary: Accept-Encoding
x-goog-hash: crc32c=kP//+g==, md5=dld5mD7tHJ/CghtFB+6giw==
x-goog-generation: 1611858114590219
access-control-allow-origin: *
cache-control: public,max-age=600
x-goog-stored-content-length: 25572
accept-ranges: bytes
content-type: text/javascript
expires: Tue, 06 Apr 2021 08:08:12 GMT

GET
H2 200 11abb70a3645f506dd83.js Show response
secure.actblue.com/cf/assets/embedForm/ Frame 2953 1 MB
322 KB 11ms
7ms Script
application/javascript 151.101.112.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/KMxXxKiVxoLoon9rachiV2qU?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.174 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10adc36ee685bbfefa2aa592e96f3ab9ffdc50a86fb594a65a665ab9e8a302d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/cf/embed/form/KMxXxKiVxoLoon9rachiV2qU?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified: Mon, 05 Apr 2021 18:55:52 GMT
age: 38185
etag: W/"10b193-178a36422c0"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
x-start: 2021-04-06 08:05:30.005
cache-control: max-age=31557600, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 329362
x-xss-protection: 1; mode=block

GET
H2 200 mixpanel-2-latest.min.js Show response
cdn4.mxpnl.com/libs/ Frame 2953 75 KB
25 KB 23ms
14ms Script
text/javascript 35.186.235.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/KMxXxKiVxoLoon9rachiV2qU?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.235.23 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.235.186.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 07bf87548212f24057ba352fed5ec567dab724b44a7fc88ddc393cbc7706d033

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 07:58:12 GMT
content-encoding: gzip
age: 438
x-guploader-uploadid: ABg5-UwnJouLFXsjgmQvoNvmQ-P0hr1wjNjzEhlvvybDaRrLByHutdbEMdvrFPngSdmJQx83BU0-ReDRS5O4bOOBBmY
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 25572
last-modified: Thu, 28 Jan 2021 18:21:54 GMT
server: UploadServer
etag: "765779983eed1c9fc2821b4507eea08b"
vary: Accept-Encoding
x-goog-hash: crc32c=kP//+g==, md5=dld5mD7tHJ/CghtFB+6giw==
x-goog-generation: 1611858114590219
access-control-allow-origin: *
cache-control: public,max-age=600
x-goog-stored-content-length: 25572
accept-ranges: bytes
content-type: text/javascript
expires: Tue, 06 Apr 2021 08:08:12 GMT

GET
H2 200 11abb70a3645f506dd83.js Show response
secure.actblue.com/cf/assets/embedForm/ Frame 6235 1 MB
322 KB 10ms
7ms Script
application/javascript 151.101.112.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/wrVHW89us7i3x6gJNZXeE6U5?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.174 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10adc36ee685bbfefa2aa592e96f3ab9ffdc50a86fb594a65a665ab9e8a302d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/cf/embed/form/wrVHW89us7i3x6gJNZXeE6U5?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified: Mon, 05 Apr 2021 18:55:52 GMT
age: 38185
etag: W/"10b193-178a36422c0"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
x-start: 2021-04-06 08:05:30.012
cache-control: max-age=31557600, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 329362
x-xss-protection: 1; mode=block

GET
H2 200 mixpanel-2-latest.min.js Show response
cdn4.mxpnl.com/libs/ Frame 6235 75 KB
25 KB 25ms
22ms Script
text/javascript 35.186.235.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/wrVHW89us7i3x6gJNZXeE6U5?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.235.23 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.235.186.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 07bf87548212f24057ba352fed5ec567dab724b44a7fc88ddc393cbc7706d033

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 07:58:12 GMT
content-encoding: gzip
age: 438
x-guploader-uploadid: ABg5-UwnJouLFXsjgmQvoNvmQ-P0hr1wjNjzEhlvvybDaRrLByHutdbEMdvrFPngSdmJQx83BU0-ReDRS5O4bOOBBmY
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 25572
last-modified: Thu, 28 Jan 2021 18:21:54 GMT
server: UploadServer
etag: "765779983eed1c9fc2821b4507eea08b"
vary: Accept-Encoding
x-goog-hash: crc32c=kP//+g==, md5=dld5mD7tHJ/CghtFB+6giw==
x-goog-generation: 1611858114590219
access-control-allow-origin: *
cache-control: public,max-age=600
x-goog-stored-content-length: 25572
accept-ranges: bytes
content-type: text/javascript
expires: Tue, 06 Apr 2021 08:08:12 GMT

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ Frame 7714 50 KB
25 KB 9ms
7ms Stylesheet
text/css 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcTdDsaAAAAAPu3Pu0CEzkk4IQCqv1oJ-QkPy4J&co=aHR0cHM6Ly9zYWZlc2Nob29sc2ZvcmFsZXgub3JnOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&cb=4pic2qsk05hw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 07:35:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Mar 2021 04:06:11 GMT
server: sffe
age: 1822
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25479
x-xss-protection: 0
expires: Wed, 06 Apr 2022 07:35:08 GMT

GET
H3-Q050 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ Frame 7714 332 KB
130 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 15:22:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60158
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132755
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 04:06:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Apr 2022 15:22:52 GMT

OPTIONS
H2 200 /
sessions.bugsnag.com/ Frame 0
0 157ms
143ms Preflight 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Protocol: H2
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Origin: https://secure.actblue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods: POST
access-control-allow-origin: *
date: Tue, 06 Apr 2021 08:05:30 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

POST
H2 202 / Show response
sessions.bugsnag.com/ Frame 90FE 21 B
140 B 146ms
145ms XHR
application/json 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version: 1
Referer: https://secure.actblue.com/
Bugsnag-Sent-At: 2021-04-06T08:05:30.088Z
Bugsnag-Api-Key: 04c1a9de88bb73e22614162ba813a0b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 google
bugsnag-session-uuid: 1db51d2b-816d-4a75-bedc-47437aca9011
alt-svc: clear
content-length: 21
content-type: application/json

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ Frame 90FE 88 KB
29 KB 107ms
80ms Script
application/javascript 2a00:1450:400c:c02::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c02::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f56889f38649f7a285472092d4062222f3a00ccf1f210882f190617776ce6036

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-embwh2DWTFJKxneRh+JZEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-embwh2DWTFJKxneRh+JZEw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private, max-age=600
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-embwh2DWTFJKxneRh+JZEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-embwh2DWTFJKxneRh+JZEw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:30 GMT

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 90FE 1 B
347 B 44ms
29ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330131

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:29 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
alt-svc: clear
content-length: 1

OPTIONS
H2 200 /
sessions.bugsnag.com/ Frame 0
0 143ms
142ms Preflight 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Protocol: H2
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Origin: https://secure.actblue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods: POST
access-control-allow-origin: *
date: Tue, 06 Apr 2021 08:05:30 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

POST
H2 202 / Show response
sessions.bugsnag.com/ Frame 2953 21 B
111 B 143ms
143ms XHR
application/json 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version: 1
Referer: https://secure.actblue.com/
Bugsnag-Sent-At: 2021-04-06T08:05:30.150Z
Bugsnag-Api-Key: 04c1a9de88bb73e22614162ba813a0b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 google
bugsnag-session-uuid: 44fec999-b889-4099-8426-d406e7cc1dbf
alt-svc: clear
content-length: 21
content-type: application/json

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ Frame 2953 88 KB
29 KB 75ms
75ms Script
application/javascript 2a00:1450:400c:c02::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c02::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f56889f38649f7a285472092d4062222f3a00ccf1f210882f190617776ce6036

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-oF2eRXKyAocDvC492Y13bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-oF2eRXKyAocDvC492Y13bA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"InstantbuyFrontendHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendHttp/external"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=600
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-oF2eRXKyAocDvC492Y13bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-oF2eRXKyAocDvC492Y13bA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="InstantbuyFrontendHttp"
expires: Tue, 06 Apr 2021 08:05:30 GMT

GET
H2 200 X3MsyQYDkOLOhDnqVVm8eRLEblD7c4QySnIqJmYjKqs.js Show response
www.google.com/js/bg/ Frame 7714 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/X3MsyQYDkOLOhDnqVVm8eRLEblD7c4QySnIqJmYjKqs.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f732cc9060390e2ce8439ea5559bc7912c46e50fb7384324a722a2666232aab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcTdDsaAAAAAPu3Pu0CEzkk4IQCqv1oJ-QkPy4J&co=aHR0cHM6Ly9zYWZlc2Nob29sc2ZvcmFsZXgub3JnOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&cb=4pic2qsk05hw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 09:23:00 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:00:00 GMT
server: sffe
age: 427350
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5745
x-xss-protection: 0
expires: Fri, 01 Apr 2022 09:23:00 GMT

GET
H2 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 7714 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/styles__ltr.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 30 Mar 2021 16:01:47 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 576223
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Tue, 06 Apr 2021 16:01:47 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7714 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 338513
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Sat, 02 Apr 2022 10:03:37 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7714 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 19:40:13 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
age: 476717
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
expires: Thu, 31 Mar 2022 19:40:13 GMT

OPTIONS
H2 200 /
sessions.bugsnag.com/ Frame 0
0 143ms
143ms Preflight 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Protocol: H2
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Origin: https://secure.actblue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods: POST
access-control-allow-origin: *
date: Tue, 06 Apr 2021 08:05:30 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

POST
H2 202 / Show response
sessions.bugsnag.com/ Frame 6235 21 B
110 B 145ms
145ms XHR
application/json 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version: 1
Referer: https://secure.actblue.com/
Bugsnag-Sent-At: 2021-04-06T08:05:30.229Z
Bugsnag-Api-Key: 04c1a9de88bb73e22614162ba813a0b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 google
bugsnag-session-uuid: 0c3ee80e-6256-46d9-b3ba-ff6bc862cb13
alt-svc: clear
content-length: 21
content-type: application/json

GET
H3-Q050 200 pay.js Show response
pay.google.com/gp/p/js/ Frame 6235 88 KB
28 KB 106ms
69ms Script
application/javascript 2a00:1450:400c:c02::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c02::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f56889f38649f7a285472092d4062222f3a00ccf1f210882f190617776ce6036

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hf05fSbVDNdThK1DY8XjHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-hf05fSbVDNdThK1DY8XjHg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=600
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-hf05fSbVDNdThK1DY8XjHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-hf05fSbVDNdThK1DY8XjHg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport
strict-transport-security: max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:30 GMT

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 2953 1 B
72 B 26ms
26ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330285

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:29 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 11
alt-svc: clear
content-length: 1

GET
H3-Q050 200 webworker.js
www.google.com/recaptcha/api2/ Frame 7714 102 B
180 B 16ms
15ms Other
text/javascript 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=5mNs27FP3uLBP3KBPib88r1g

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

755fc16c048c7375eb92052140a46cdb3aeb33046799cb298a0c1e3292b23071

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcTdDsaAAAAAPu3Pu0CEzkk4IQCqv1oJ-QkPy4J&co=aHR0cHM6Ly9zYWZlc2Nob29sc2ZvcmFsZXgub3JnOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&cb=4pic2qsk05hw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 06 Apr 2021 08:05:30 GMT

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 90FE 1 B
71 B 32ms
32ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330302

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:29 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
alt-svc: clear
content-length: 1

GET
H2 204 music-play-on
secure.actblue.com/api/cf/prefill/ Frame 90FE 0
0 7ms
7ms Fetch 151.101.112.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/api/cf/prefill/music-play-on?public_token=W31qHZSc7E8q3iUJ1HQTKzMa&t=1617696330303&v=3

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.174 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/cf/embed/form/W31qHZSc7E8q3iUJ1HQTKzMa?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-start: 2021-04-06 08:05:30.307
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000
accept-ranges: bytes
x-xss-protection: 1; mode=block
retry-after: 0

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 2953 1 B
68 B 30ms
30ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330307

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:30 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 11
alt-svc: clear
content-length: 1

GET
H2 204 safe-schools-for-alex-2
secure.actblue.com/api/cf/prefill/ Frame 2953 0
0 7ms
6ms Fetch 151.101.112.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/api/cf/prefill/safe-schools-for-alex-2?public_token=KMxXxKiVxoLoon9rachiV2qU&t=1617696330308&v=3

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.174 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/cf/embed/form/KMxXxKiVxoLoon9rachiV2qU?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-start: 2021-04-06 08:05:30.313
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000
accept-ranges: bytes
x-xss-protection: 1; mode=block
retry-after: 0

GET
H2 204 school-incident-report
secure.actblue.com/api/cf/prefill/ Frame 6235 0
0 7ms
7ms Fetch 151.101.112.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/api/cf/prefill/school-incident-report?public_token=wrVHW89us7i3x6gJNZXeE6U5&t=1617696330331&v=3

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.174 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/cf/embed/form/wrVHW89us7i3x6gJNZXeE6U5?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-start: 2021-04-06 08:05:30.336
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000
accept-ranges: bytes
x-xss-protection: 1; mode=block
retry-after: 0

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 90FE 1 B
70 B 23ms
23ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330335

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:29 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
alt-svc: clear
content-length: 1

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 2953 1 B
71 B 30ms
29ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330351

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:30 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 15
alt-svc: clear
content-length: 1

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 6235 1 B
71 B 33ms
32ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330370

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:30 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 17
alt-svc: clear
content-length: 1

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 6235 1 B
71 B 32ms
31ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330372

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:30 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 16
alt-svc: clear
content-length: 1

GET
H3-Q050 200 payframe Show response
pay.google.com/gp/p/ui/ Frame 9BFC 20 KB
8 KB 217ms
216ms Document
text/html 2a00:1450:400c:c02::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c02::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9c79addf900da4c848c985f6da6aab30e7f66a6513fa0c8662f4dbdd0f9e083b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9Jhr4Jd4BGBDC0TqDXiXlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-9Jhr4Jd4BGBDC0TqDXiXlQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pay.google.com
:scheme: https
:path: /gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.actblue.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=212=RvB4Fgr6OJJRk3t6hgTV4i085MEp-lrsBDjslkLQ17akVaU5jQViinP5eGU1vEZmti01b5Si-d357iAuldi5538qrGYsi33tXtYaQRSXmjWikIL74ErNEZAqPLJbcjfed-xFd9obkYO7_TFSVOBvK9WAHOab3Q5mFfjA8PfXRJE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://secure.actblue.com/

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
expires: Tue, 06 Apr 2021 08:05:30 GMT
date: Tue, 06 Apr 2021 08:05:30 GMT
cache-control: private, max-age=3600
strict-transport-security: max-age=31536000
report-to: {"group":"InstantbuyFrontendBuyflowPayframeUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayframeUi/external"}]}
content-security-policy: script-src 'report-sample' 'nonce-9Jhr4Jd4BGBDC0TqDXiXlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-9Jhr4Jd4BGBDC0TqDXiXlQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
cross-origin-opener-policy-report-only: same-origin; report-to="InstantbuyFrontendBuyflowPayframeUi"
cross-origin-resource-policy: same-site
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 90FE 1 B
68 B 29ms
29ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330439

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:30 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
alt-svc: clear
content-length: 1

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 90FE 279 KB
85 KB 59ms
11ms Script
application/javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10c05af4d7751702a2146165871317978a80b6ee332bdfc06260e02ac512fd83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 3343
via: 1.1 varnish
x-cache: HIT
p3p: true
paypal-debug-id: 9a0b54f8c813e
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 86468
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696330.492352,VS0,VE2
x-frame-options: SAMEORIGIN
date: Tue, 06 Apr 2021 08:05:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 06 Apr 2021 08:09:47 GMT
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"151c4-8fW7MFz9JdCdRtmD+xI+C4m3yXc"
accept-ranges: bytes
x-cache-hits: 1

GET
H3-Q050 200 payframe Show response
pay.google.com/gp/p/ui/ Frame B646 20 KB
8 KB 204ms
204ms Document
text/html 2a00:1450:400c:c02::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c02::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

004d80209f0cb3030430c3a9c211f11a3c44278599193e680623d95f0e9dd695

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yDEdbU4QzwWaiXc6QVcZVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-yDEdbU4QzwWaiXc6QVcZVQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pay.google.com
:scheme: https
:path: /gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.actblue.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=212=RvB4Fgr6OJJRk3t6hgTV4i085MEp-lrsBDjslkLQ17akVaU5jQViinP5eGU1vEZmti01b5Si-d357iAuldi5538qrGYsi33tXtYaQRSXmjWikIL74ErNEZAqPLJbcjfed-xFd9obkYO7_TFSVOBvK9WAHOab3Q5mFfjA8PfXRJE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://secure.actblue.com/

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
expires: Tue, 06 Apr 2021 08:05:30 GMT
date: Tue, 06 Apr 2021 08:05:30 GMT
cache-control: private, max-age=3600
strict-transport-security: max-age=31536000
content-security-policy: script-src 'report-sample' 'nonce-yDEdbU4QzwWaiXc6QVcZVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-yDEdbU4QzwWaiXc6QVcZVQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
cross-origin-opener-policy-report-only: same-origin; report-to="InstantbuyFrontendBuyflowPayframeUi"
cross-origin-resource-policy: same-site
report-to: {"group":"InstantbuyFrontendBuyflowPayframeUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayframeUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 2953 1 B
68 B 23ms
23ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330447

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:30 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
alt-svc: clear
content-length: 1

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 2953 279 KB
86 KB 51ms
10ms Script
application/javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10c05af4d7751702a2146165871317978a80b6ee332bdfc06260e02ac512fd83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 3343
via: 1.1 varnish
x-cache: HIT
p3p: true
paypal-debug-id: 9a0b54f8c813e
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 86468
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696330.492346,VS0,VE2
x-frame-options: SAMEORIGIN
date: Tue, 06 Apr 2021 08:05:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 06 Apr 2021 08:09:47 GMT
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"151c4-8fW7MFz9JdCdRtmD+xI+C4m3yXc"
accept-ranges: bytes
x-cache-hits: 1

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 6235 1 B
68 B 29ms
29ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330453

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:30 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
alt-svc: clear
content-length: 1

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 6235 279 KB
85 KB 11ms
10ms Script
application/javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10c05af4d7751702a2146165871317978a80b6ee332bdfc06260e02ac512fd83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 3343
via: 1.1 varnish
x-cache: HIT
p3p: true
paypal-debug-id: 9a0b54f8c813e
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 86468
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.523957,VS0,VE1
x-frame-options: SAMEORIGIN
date: Tue, 06 Apr 2021 08:05:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 06 Apr 2021 08:09:47 GMT
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"151c4-8fW7MFz9JdCdRtmD+xI+C4m3yXc"
accept-ranges: bytes
x-cache-hits: 2

POST
H3-Q050 200 reload Show response
www.google.com/recaptcha/api2/ Frame 7714 9 KB
7 KB 105ms
104ms XHR
application/json 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LcTdDsaAAAAAPu3Pu0CEzkk4IQCqv1oJ-QkPy4J

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d384c29b58051f4beb7d3ae0a593f41d462bffeb8dab997e7615997dccd73c5c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcTdDsaAAAAAPu3Pu0CEzkk4IQCqv1oJ-QkPy4J&co=aHR0cHM6Ly9zYWZlc2Nob29sc2ZvcmFsZXgub3JnOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&cb=4pic2qsk05hw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6692
x-xss-protection: 1; mode=block
expires: Tue, 06 Apr 2021 08:05:30 GMT

GET
H3-Q050 200 payframe Show response
pay.google.com/gp/p/ui/ Frame CB16 20 KB
8 KB 209ms
209ms Document
text/html 2a00:1450:400c:c02::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c02::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

51f68f5036b2e8c67e1e8cd04a95a113b41e2ed769f2135ba52303d40ee200a4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TPMMf/pjDy8/8x5IVatl0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-TPMMf/pjDy8/8x5IVatl0w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pay.google.com
:scheme: https
:path: /gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.actblue.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=212=RvB4Fgr6OJJRk3t6hgTV4i085MEp-lrsBDjslkLQ17akVaU5jQViinP5eGU1vEZmti01b5Si-d357iAuldi5538qrGYsi33tXtYaQRSXmjWikIL74ErNEZAqPLJbcjfed-xFd9obkYO7_TFSVOBvK9WAHOab3Q5mFfjA8PfXRJE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://secure.actblue.com/

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
expires: Tue, 06 Apr 2021 08:05:30 GMT
date: Tue, 06 Apr 2021 08:05:30 GMT
cache-control: private, max-age=3600
strict-transport-security: max-age=31536000
report-to: {"group":"InstantbuyFrontendBuyflowPayframeUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayframeUi/external"}]}
content-security-policy: script-src 'report-sample' 'nonce-TPMMf/pjDy8/8x5IVatl0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-TPMMf/pjDy8/8x5IVatl0w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
cross-origin-opener-policy-report-only: same-origin; report-to="InstantbuyFrontendBuyflowPayframeUi"
cross-origin-resource-policy: same-site
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 / Show response
api-js.mixpanel.com/track/ Frame 6235 1 B
70 B 24ms
23ms XHR
application/json 130.211.34.183
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?ip=1&_=1617696330535

Requested by

Host: cdn4.mxpnl.com
URL: https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

183.34.211.130.bc.googleusercontent.com

Software

envoy /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Tue, 06 Apr 2021 08:05:30 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 8
alt-svc: clear
content-length: 1

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ Frame 90FE 14 KB
5 KB 19ms
19ms Script
application/x-javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=secure.actblue.com&t=xo&v=5.0.218&source=payments_sdk&client_id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&vault=false

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

de37a43b26501cc526346354470d48851385d6a0182ecf910bc93d682c7b9a54

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-ODFjbIMBLTQqyHZG6KmZiDc3QtCXjfikNlGXi3PZGwc2Y/93' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-ODFjbIMBLTQqyHZG6KmZiDc3QtCXjfikNlGXi3PZGwc2Y/93' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
age: 43248
x-cache: HIT
paypal-debug-id: 821869c8c19b7
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 4827
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.566371,VS0,VE2
x-frame-options: SAMEORIGIN
date: Tue, 06 Apr 2021 08:05:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish
cache-control: public, max-age=3600
etag: W/"361e-g7OzCY9FPjqZqz8vb4a+M1WTl2U"
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 buttons Show response
www.paypal.com/smart/ Frame 2172 238 KB
101 KB 311ms
310ms Document
text/html 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImM5NjI5MmQ0ZGZfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=8cd7dbc256_mdg6mdu6mza&sessionID=12d47ddde1_mdg6mdu6mza&buttonSessionID=53c623aa8c_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5e50b03d4f213b0fcb22754724c16321e766f39a944847665e9942a9af2817a4

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.paypal.com
:scheme: https
:path: /smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImM5NjI5MmQ0ZGZfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=8cd7dbc256_mdg6mdu6mza&sessionID=12d47ddde1_mdg6mdu6mza&buttonSessionID=53c623aa8c_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.actblue.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://secure.actblue.com/

Response headers

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
etag: W/"3b901-roIAq6aR4LrkjcbnC9K6yFqRk/w"
p3p: true
paypal-debug-id: c7a2ca0261e4e
set-cookie: tsrce=smartcomponentnodeweb; Domain=.paypal.com; Path=/; Expires=Fri, 09 Apr 2021 08:05:30 GMT; HttpOnly; Secure; SameSite=None l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Tue, 06 Apr 2021 08:35:30 GMT; HttpOnly; Secure; SameSite=None ts=vreXpYrS%3D1712390730%26vteXpYrS%3D1617698130%26vr%3Da63713cc1780a275918a0db5fe1bead8%26vt%3Da63713cc1780a275918a0db5fe1bead7%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Fri, 05 Apr 2024 08:05:30 GMT; HttpOnly; Secure; SameSite=None ts_c=vr%3Da63713cc1780a275918a0db5fe1bead8%26vt%3Da63713cc1780a275918a0db5fe1bead7; Path=/; Domain=paypal.com; Expires=Fri, 05 Apr 2024 08:05:30 GMT; Secure; SameSite=None x-cdn=fastly:HHN; Domain=paypal.com; Path=/; Secure
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-xss-protection: 1; mode=block
dc: phx-origin-www-1.paypal.com
accept-ranges: none
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4022-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1617696331.589134,VS0,VE300
vary: Accept-Encoding
content-encoding: br

GET
DATA 200
OK truncated
/ Frame AEB1 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame AEB1 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ Frame 2953 14 KB
5 KB 11ms
11ms Script
application/x-javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

de37a43b26501cc526346354470d48851385d6a0182ecf910bc93d682c7b9a54

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-ODFjbIMBLTQqyHZG6KmZiDc3QtCXjfikNlGXi3PZGwc2Y/93' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-ODFjbIMBLTQqyHZG6KmZiDc3QtCXjfikNlGXi3PZGwc2Y/93' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
age: 43248
x-cache: HIT
paypal-debug-id: 821869c8c19b7
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 4827
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.597207,VS0,VE1
x-frame-options: SAMEORIGIN
date: Tue, 06 Apr 2021 08:05:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish
cache-control: public, max-age=3600
etag: W/"361e-g7OzCY9FPjqZqz8vb4a+M1WTl2U"
accept-ranges: bytes
x-cache-hits: 2

GET
DATA 200
OK truncated
/ Frame 35DB 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 35DB 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 buttons Show response
www.paypal.com/smart/ Frame 9FCB 238 KB
103 KB 215ms
214ms Document
text/html 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImQxZTRmNDQxMjRfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=29d857053f_mdg6mdu6mza&sessionID=46f88c2602_mdg6mdu6mza&buttonSessionID=b58e3de472_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a32aafa4c2f16795ce7e3cf6c650aa36fa6bb644eed76646783c5e0339d167b1

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.paypal.com
:scheme: https
:path: /smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImQxZTRmNDQxMjRfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=29d857053f_mdg6mdu6mza&sessionID=46f88c2602_mdg6mdu6mza&buttonSessionID=b58e3de472_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.actblue.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://secure.actblue.com/

Response headers

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
etag: W/"3b901-PRyQvt3pt9WaJgoZZ0nt/zexZIk"
p3p: true
paypal-debug-id: 1e3289cc22d75
set-cookie: tsrce=smartcomponentnodeweb; Domain=.paypal.com; Path=/; Expires=Fri, 09 Apr 2021 08:05:30 GMT; HttpOnly; Secure; SameSite=None l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Tue, 06 Apr 2021 08:35:30 GMT; HttpOnly; Secure; SameSite=None ts=vreXpYrS%3D1712390730%26vteXpYrS%3D1617698130%26vr%3Da63713cf1780ad0464735657ff294dd7%26vt%3Da63713cf1780ad0464735657ff294dd6%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Fri, 05 Apr 2024 08:05:30 GMT; HttpOnly; Secure; SameSite=None ts_c=vr%3Da63713cf1780ad0464735657ff294dd7%26vt%3Da63713cf1780ad0464735657ff294dd6; Path=/; Domain=paypal.com; Expires=Fri, 05 Apr 2024 08:05:30 GMT; Secure; SameSite=None x-cdn=fastly:HHN; Domain=paypal.com; Path=/; Secure
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4022-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1617696331.613792,VS0,VE205
vary: Accept-Encoding
content-encoding: br

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ Frame 6235 14 KB
5 KB 10ms
9ms Script
application/x-javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

de37a43b26501cc526346354470d48851385d6a0182ecf910bc93d682c7b9a54

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-ODFjbIMBLTQqyHZG6KmZiDc3QtCXjfikNlGXi3PZGwc2Y/93' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-ODFjbIMBLTQqyHZG6KmZiDc3QtCXjfikNlGXi3PZGwc2Y/93' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
age: 43248
x-cache: HIT
paypal-debug-id: 821869c8c19b7
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 4827
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.633319,VS0,VE1
x-frame-options: SAMEORIGIN
date: Tue, 06 Apr 2021 08:05:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish
cache-control: public, max-age=3600
etag: W/"361e-g7OzCY9FPjqZqz8vb4a+M1WTl2U"
accept-ranges: bytes
x-cache-hits: 3

GET
DATA 200
OK truncated
/ Frame 84F0 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 84F0 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 buttons Show response
www.paypal.com/smart/ Frame F761 238 KB
100 KB 214ms
214ms Document
text/html 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImZkZGNiNDk5Y2JfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=c218113fd3_mdg6mdu6mza&sessionID=26ada4626c_mdg6mdu6mza&buttonSessionID=c0d95eb744_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8c64ff47897e1ade658e348ae318a8d7cd43ac5131efe1a1ca3693996630e8eb

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.paypal.com
:scheme: https
:path: /smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImZkZGNiNDk5Y2JfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=c218113fd3_mdg6mdu6mza&sessionID=26ada4626c_mdg6mdu6mza&buttonSessionID=c0d95eb744_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.actblue.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://secure.actblue.com/

Response headers

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
etag: W/"3b900-wJTU92xeEercEY87fB9BKlLPJ1o"
p3p: true
paypal-debug-id: 7343999c2654
set-cookie: tsrce=smartcomponentnodeweb; Domain=.paypal.com; Path=/; Expires=Fri, 09 Apr 2021 08:05:30 GMT; HttpOnly; Secure; SameSite=None l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Tue, 06 Apr 2021 08:35:30 GMT; HttpOnly; Secure; SameSite=None ts=vreXpYrS%3D1712390730%26vteXpYrS%3D1617698130%26vr%3Da63713f11780ad04598bf0f2ff153c96%26vt%3Da63713f11780ad04598bf0f2ff153c95%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Fri, 05 Apr 2024 08:05:30 GMT; HttpOnly; Secure; SameSite=None ts_c=vr%3Da63713f11780ad04598bf0f2ff153c96%26vt%3Da63713f11780ad04598bf0f2ff153c95; Path=/; Domain=paypal.com; Expires=Fri, 05 Apr 2024 08:05:30 GMT; Secure; SameSite=None x-cdn=fastly:HHN; Domain=paypal.com; Path=/; Secure
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4022-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1617696331.649123,VS0,VE201
vary: Accept-Encoding
content-encoding: br

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ Frame 90FE 66 KB
18 KB 83ms
14ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/tagmanager/pptm.js?id=secure.actblue.com&t=xo&v=5.0.218&source=payments_sdk&client_id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&vault=false

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4a13970158327ddd25459421c79fa7af53822e4b4d9cd8efb1395a91122676c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568689
x-cache: HIT, HIT
paypal-debug-id: 115684b0e6e17
dc: phx-origin-www-2.paypal.com
vary: Accept-Encoding
content-length: 17886
x-served-by: cache-sjc10048-SJC, cache-fra19168-FRA
last-modified: Tue, 30 Mar 2021 17:54:56 GMT
x-timer: S1617696331.727732,VS0,VE0
etag: W/"606365f0-1081a"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 138177, 27

GET
H2 200 ts
t.paypal.com/ Frame 90FE 42 B
404 B 221ms
153ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ANGJ83G9Z8QXZ8-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&fltp=analytics&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=ActBlue%20Embedded%20Form%3A%20music-play-on%2FAB2&dh=1200&dw=1600&bh=350&bw=1120&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1617696330656&g=-120&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fcf%2Fembed%2Fform%2FW31qHZSc7E8q3iUJ1HQTKzMa%3Fhost_origin%3Dhttps%253A%252F%252Fsafeschoolsforalex.org%26embed_id%3DAB2&ru=https%3A%2F%2Fsafeschoolsforalex.org%2F
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/W31qHZSc7E8q3iUJ1HQTKzMa?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 varnish
server: akka-http/10.1.11
x-timer: S1617696331.727625,VS0,VE146
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slcb.slc
expires: Tue, 06 Apr 2021 08:05:30 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4074-HHN

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ Frame 2953 66 KB
18 KB 86ms
20ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4a13970158327ddd25459421c79fa7af53822e4b4d9cd8efb1395a91122676c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568689
x-cache: HIT, HIT
paypal-debug-id: 115684b0e6e17
dc: phx-origin-www-2.paypal.com
vary: Accept-Encoding
content-length: 17886
x-served-by: cache-sjc10048-SJC, cache-fra19168-FRA
last-modified: Tue, 30 Mar 2021 17:54:56 GMT
x-timer: S1617696331.728053,VS0,VE0
etag: W/"606365f0-1081a"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 138177, 28

GET
H2 200 ts
t.paypal.com/ Frame 2953 42 B
677 B 217ms
151ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ANGJ83G9Z8QXZ8-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&fltp=analytics&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=ActBlue%20Embedded%20Form%3A%20safe-schools-for-alex-2%2FAB1&dh=1200&dw=1600&bh=0&bw=0&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1617696330657&g=-120&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fcf%2Fembed%2Fform%2FKMxXxKiVxoLoon9rachiV2qU%3Fhost_origin%3Dhttps%253A%252F%252Fsafeschoolsforalex.org%26embed_id%3DAB1&ru=https%3A%2F%2Fsafeschoolsforalex.org%2F
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/KMxXxKiVxoLoon9rachiV2qU?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 varnish
server: akka-http/10.1.11
x-timer: S1617696331.727770,VS0,VE145
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slcb.slc
expires: Tue, 06 Apr 2021 08:05:30 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4074-HHN

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ Frame 6235 66 KB
18 KB 69ms
21ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4a13970158327ddd25459421c79fa7af53822e4b4d9cd8efb1395a91122676c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568689
x-cache: HIT, HIT
paypal-debug-id: 115684b0e6e17
dc: phx-origin-www-2.paypal.com
vary: Accept-Encoding
content-length: 17886
x-served-by: cache-sjc10048-SJC, cache-fra19168-FRA
last-modified: Tue, 30 Mar 2021 17:54:56 GMT
x-timer: S1617696331.728064,VS0,VE0
etag: W/"606365f0-1081a"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 138177, 29

GET
H2 200 ts
t.paypal.com/ Frame 6235 42 B
401 B 212ms
165ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ANGJ83G9Z8QXZ8-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&fltp=analytics&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=ActBlue%20Embedded%20Form%3A%20school-incident-report%2FAB3&dh=1200&dw=1600&bh=0&bw=0&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1617696330677&g=-120&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fcf%2Fembed%2Fform%2FwrVHW89us7i3x6gJNZXeE6U5%3Fhost_origin%3Dhttps%253A%252F%252Fsafeschoolsforalex.org%26embed_id%3DAB3&ru=https%3A%2F%2Fsafeschoolsforalex.org%2F
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/wrVHW89us7i3x6gJNZXeE6U5?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Apr 2021 08:05:30 GMT
via: 1.1 varnish
server: akka-http/10.1.11
x-timer: S1617696331.727838,VS0,VE159
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
expires: Tue, 06 Apr 2021 08:05:30 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4074-HHN

GET
H3-Q050 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AM... Frame B646 138 KB
49 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39290fa58dbf5ff7916f29029dd0a2245e1dd916e5d94da50ed86148c0410ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50086
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:13 GMT

GET
H3-Q050 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AM... Frame 9BFC 138 KB
49 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39290fa58dbf5ff7916f29029dd0a2245e1dd916e5d94da50ed86148c0410ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50086
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:13 GMT

GET
H3-Q050 200 m=byfTOb,lsjVmc,LEikZe Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame B646 36 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=byfTOb,lsjVmc,LEikZe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc155759e8e2b38b61e51b238afd8feb7d61b08bc931695c51239330a82bcec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53056
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13449
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:14 GMT

GET
H3-Q050 200 m=byfTOb,lsjVmc,LEikZe Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame 9BFC 36 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc155759e8e2b38b61e51b238afd8feb7d61b08bc931695c51239330a82bcec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53056
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13449
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:14 GMT

GET
H3-Q050 200 m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame B646 72 KB
26 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e3b8d5c0f179a349103a20d9ee98aeed426bcef75c02ecc0ceb71d94f1c54a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53055
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26784
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:15 GMT

GET
H3-Q050 200 m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame 9BFC 72 KB
26 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e3b8d5c0f179a349103a20d9ee98aeed426bcef75c02ecc0ceb71d94f1c54a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53055
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26784
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:15 GMT

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame 0F95 291 KB
90 KB 15ms
14ms Document
text/html 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html?frameId=ae2f5512-20b0-4383-ad83-b96a29c7ebb2&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a67735aa5b579aa63a3e5ff7ce82e8d94c09d56849c15ef1849827097c3ff239

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: www.paypalobjects.com
:scheme: https
:path: /muse/analytics/index.html?frameId=ae2f5512-20b0-4383-ad83-b96a29c7ebb2&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.actblue.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://secure.actblue.com/

Response headers

content-encoding: gzip
content-type: text/html
etag: W/"606365ef-48b64"
last-modified: Tue, 30 Mar 2021 17:54:55 GMT
paypal-debug-id: 110439c7559e4
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Apr 2021 08:05:30 GMT
age: 568691
x-served-by: cache-sjc10054-SJC, cache-fra19168-FRA
x-cache: HIT, HIT
x-cache-hits: 239082, 29
x-timer: S1617696331.790769,VS0,VE0
vary: Accept-Encoding
cache-control: public,max-age=3600
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 92325

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame FDFB 291 KB
90 KB 21ms
20ms Document
text/html 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html?frameId=c27a1cff-7826-413e-a352-9355254cc155&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a67735aa5b579aa63a3e5ff7ce82e8d94c09d56849c15ef1849827097c3ff239

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: www.paypalobjects.com
:scheme: https
:path: /muse/analytics/index.html?frameId=c27a1cff-7826-413e-a352-9355254cc155&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.actblue.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://secure.actblue.com/

Response headers

content-encoding: gzip
content-type: text/html
etag: W/"606365ef-48b64"
last-modified: Tue, 30 Mar 2021 17:54:55 GMT
paypal-debug-id: 110439c7559e4
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Apr 2021 08:05:30 GMT
age: 568691
x-served-by: cache-sjc10054-SJC, cache-fra19168-FRA
x-cache: HIT, HIT
x-cache-hits: 239082, 30
x-timer: S1617696331.792699,VS0,VE0
vary: Accept-Encoding
cache-control: public,max-age=3600
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 92325

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame E44A 291 KB
90 KB 21ms
20ms Document
text/html 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html?frameId=aa181e2b-7927-4e93-8b42-07d6d66dcf4e&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a67735aa5b579aa63a3e5ff7ce82e8d94c09d56849c15ef1849827097c3ff239

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: www.paypalobjects.com
:scheme: https
:path: /muse/analytics/index.html?frameId=aa181e2b-7927-4e93-8b42-07d6d66dcf4e&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.actblue.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://secure.actblue.com/

Response headers

content-encoding: gzip
content-type: text/html
etag: W/"606365ef-48b64"
last-modified: Tue, 30 Mar 2021 17:54:55 GMT
paypal-debug-id: 110439c7559e4
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Apr 2021 08:05:30 GMT
age: 568691
x-served-by: cache-sjc10054-SJC, cache-fra19168-FRA
x-cache: HIT, HIT
x-cache-hits: 239082, 31
x-timer: S1617696331.795486,VS0,VE0
vary: Accept-Encoding
cache-control: public,max-age=3600
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 92325

GET
H3-Q050 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AM... Frame CB16 138 KB
49 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39290fa58dbf5ff7916f29029dd0a2245e1dd916e5d94da50ed86148c0410ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50086
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:13 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame B646 48 KB
17 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
date: Tue, 06 Apr 2021 08:05:30 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17432
expires: Tue, 06 Apr 2021 10:05:30 GMT

GET
H3-Q050 200 pay Show response
pay.google.com/gp/p/ui/ Frame B646 1 MB
346 KB 74ms
73ms XHR
text/html 2a00:1450:400c:c02::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c02::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

758cca18e6a8401fa6888e2eac264744faca69adff0e5672cb1ef2f848aebeac

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PZMzAiYp36JLjYOwebddsQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-PZMzAiYp36JLjYOwebddsQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge
server: ESF
date: Tue, 06 Apr 2021 08:05:30 GMT
x-frame-options: DENY
report-to: {"group":"InstantbuyFrontendBuyflowPayUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayUi/external"}]}
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=3600
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-PZMzAiYp36JLjYOwebddsQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-PZMzAiYp36JLjYOwebddsQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
cross-origin-opener-policy-report-only: unsafe-none; report-to="InstantbuyFrontendBuyflowPayUi"
expires: Tue, 06 Apr 2021 08:05:30 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 9BFC 48 KB
17 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
date: Tue, 06 Apr 2021 08:05:30 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17432
expires: Tue, 06 Apr 2021 10:05:30 GMT

GET
H3-Q050 200 pay Show response
pay.google.com/gp/p/ui/ Frame 9BFC 1 MB
346 KB 77ms
76ms XHR
text/html 2a00:1450:400c:c02::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c02::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2af2d9986f7e52423212938ed542d3b31f1ae0178a7e046f88de6bb4c6b3c14f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yPlH4MYU5WHjugbezQa14w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-yPlH4MYU5WHjugbezQa14w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge
server: ESF
date: Tue, 06 Apr 2021 08:05:30 GMT
x-frame-options: DENY
report-to: {"group":"InstantbuyFrontendBuyflowPayUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayUi/external"}]}
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=3600
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-yPlH4MYU5WHjugbezQa14w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-yPlH4MYU5WHjugbezQa14w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
cross-origin-opener-policy-report-only: unsafe-none; report-to="InstantbuyFrontendBuyflowPayUi"
expires: Tue, 06 Apr 2021 08:05:30 GMT

GET
H2 200 noop.js Show response
www.paypalobjects.com/muse/ Frame 0F95 18 B
329 B 14ms
14ms Fetch
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/noop.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html?frameId=ae2f5512-20b0-4383-ad83-b96a29c7ebb2&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/muse/analytics/index.html?frameId=ae2f5512-20b0-4383-ad83-b96a29c7ebb2&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5231557
x-cache: HIT, HIT
paypal-debug-id: 1a6c1967aca3f
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 38
x-served-by: cache-sjc10057-SJC, cache-fra19168-FRA
last-modified: Thu, 04 Feb 2021 18:25:25 GMT
x-timer: S1617696331.869091,VS0,VE0
etag: "601c3c15-12"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=3600
accept-ranges: bytes
x-cache-hits: 198357, 65

GET
H3-Q050 200 m=byfTOb,lsjVmc,LEikZe Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame CB16 36 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc155759e8e2b38b61e51b238afd8feb7d61b08bc931695c51239330a82bcec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53056
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13449
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:14 GMT

GET
H3-Q050 200 m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame CB16 72 KB
26 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e3b8d5c0f179a349103a20d9ee98aeed426bcef75c02ecc0ceb71d94f1c54a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53055
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26784
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:15 GMT

GET
H2 200 f128337a782009724447.chunk.js Show response
www.paypalobjects.com/muse/analytics/chunk/ Frame 0F95 86 KB
25 KB 15ms
14ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/chunk/f128337a782009724447.chunk.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

abdf0f23863f1c13dfcdedf7262f78336c07dc5aa73f35d974d5d1da7decf601

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/muse/analytics/index.html?frameId=ae2f5512-20b0-4383-ad83-b96a29c7ebb2&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568691
x-cache: HIT, HIT
paypal-debug-id: c9c96a6fc1843
dc: phx-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 25677
x-served-by: cache-sjc10047-SJC, cache-fra19168-FRA
last-modified: Tue, 30 Mar 2021 17:54:55 GMT
x-timer: S1617696331.894525,VS0,VE0
etag: W/"606365ef-158c0"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 211315, 28

GET
H2 200 noop.js Show response
www.paypalobjects.com/muse/ Frame FDFB 18 B
135 B 14ms
14ms Fetch
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/noop.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html?frameId=c27a1cff-7826-413e-a352-9355254cc155&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/muse/analytics/index.html?frameId=c27a1cff-7826-413e-a352-9355254cc155&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5231557
x-cache: HIT, HIT
paypal-debug-id: 1a6c1967aca3f
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 38
x-served-by: cache-sjc10057-SJC, cache-fra19168-FRA
last-modified: Thu, 04 Feb 2021 18:25:25 GMT
x-timer: S1617696331.935424,VS0,VE0
etag: "601c3c15-12"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=3600
accept-ranges: bytes
x-cache-hits: 198357, 67

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 57ms
37ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame B646 131 B
223 B 73ms
41ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 54ms
39ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame B646 131 B
223 B 73ms
43ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 47ms
38ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame B646 131 B
223 B 73ms
41ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 42ms
39ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame B646 131 B
223 B 73ms
42ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

POST
H3-Q050 200 log Show response
play.google.com/ Frame B646 131 B
223 B 70ms
40ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 37ms
37ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 38ms
37ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame B646 131 B
614 B 63ms
40ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 9FCB 279 KB
86 KB 9ms
9ms Script
application/javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImQxZTRmNDQxMjRfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=29d857053f_mdg6mdu6mza&sessionID=46f88c2602_mdg6mdu6mza&buttonSessionID=b58e3de472_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10c05af4d7751702a2146165871317978a80b6ee332bdfc06260e02ac512fd83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImQxZTRmNDQxMjRfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=29d857053f_mdg6mdu6mza&sessionID=46f88c2602_mdg6mdu6mza&buttonSessionID=b58e3de472_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 3344
via: 1.1 varnish
x-cache: HIT
p3p: true
paypal-debug-id: 9a0b54f8c813e
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 86468
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.997538,VS0,VE1
x-frame-options: SAMEORIGIN
date: Tue, 06 Apr 2021 08:05:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 06 Apr 2021 08:09:47 GMT
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"151c4-8fW7MFz9JdCdRtmD+xI+C4m3yXc"
accept-ranges: bytes
x-cache-hits: 3

GET
DATA 200
OK truncated
/ Frame 9FCB 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9FCB 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 m=Wt6vjf,_latency,FCpbqb,WhJNk,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame B646 25 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=Das5Le,IZT63,LEikZe,NpD4ec,PrPYRd,Ru0Pgb,SF3gsd,Y2UGcc,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=Wt6vjf,_latency,FCpbqb,WhJNk,EFQ78c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27dfd732e4611a6283da46bdc7ac08f7424fe7d729fe1b34d4fc75746f537366

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53055
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10311
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:16 GMT

GET
H3-Q050 200 m=lwddkf Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame B646 260 B
197 B 8ms
8ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=Das5Le,EFQ78c,FCpbqb,IZT63,LEikZe,NpD4ec,PrPYRd,Ru0Pgb,SF3gsd,WhJNk,Wt6vjf,Y2UGcc,ZyYHPb,_b,_latency,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=lwddkf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26b6a29d18339a5cf68bc6d4e17b6a52c2f0de7cbe79ea9d74a4886e57995561

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53055
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 168
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:16 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame F761 279 KB
85 KB 15ms
15ms Script
application/javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImZkZGNiNDk5Y2JfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=c218113fd3_mdg6mdu6mza&sessionID=26ada4626c_mdg6mdu6mza&buttonSessionID=c0d95eb744_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10c05af4d7751702a2146165871317978a80b6ee332bdfc06260e02ac512fd83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImZkZGNiNDk5Y2JfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=c218113fd3_mdg6mdu6mza&sessionID=26ada4626c_mdg6mdu6mza&buttonSessionID=c0d95eb744_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 3344
via: 1.1 varnish
x-cache: HIT
p3p: true
paypal-debug-id: 9a0b54f8c813e
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 86468
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.004524,VS0,VE1
x-frame-options: SAMEORIGIN
date: Tue, 06 Apr 2021 08:05:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 06 Apr 2021 08:09:47 GMT
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"151c4-8fW7MFz9JdCdRtmD+xI+C4m3yXc"
accept-ranges: bytes
x-cache-hits: 4

GET
DATA 200
OK truncated
/ Frame F761 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F761 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 f128337a782009724447.chunk.js Show response
www.paypalobjects.com/muse/analytics/chunk/ Frame FDFB 86 KB
25 KB 15ms
15ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/chunk/f128337a782009724447.chunk.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

abdf0f23863f1c13dfcdedf7262f78336c07dc5aa73f35d974d5d1da7decf601

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/muse/analytics/index.html?frameId=c27a1cff-7826-413e-a352-9355254cc155&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568691
x-cache: HIT, HIT
paypal-debug-id: c9c96a6fc1843
dc: phx-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 25677
x-served-by: cache-sjc10047-SJC, cache-fra19168-FRA
last-modified: Tue, 30 Mar 2021 17:54:55 GMT
x-timer: S1617696331.014071,VS0,VE0
etag: W/"606365ef-158c0"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 211315, 30

GET
H2 200 noop.js Show response
www.paypalobjects.com/muse/ Frame E44A 18 B
116 B 14ms
14ms Fetch
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/noop.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html?frameId=aa181e2b-7927-4e93-8b42-07d6d66dcf4e&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/muse/analytics/index.html?frameId=aa181e2b-7927-4e93-8b42-07d6d66dcf4e&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5231557
x-cache: HIT, HIT
paypal-debug-id: 1a6c1967aca3f
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 38
x-served-by: cache-sjc10057-SJC, cache-fra19168-FRA
last-modified: Thu, 04 Feb 2021 18:25:25 GMT
x-timer: S1617696331.066171,VS0,VE0
etag: "601c3c15-12"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=3600
accept-ranges: bytes
x-cache-hits: 198357, 68

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ Frame CB16 48 KB
17 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,NpD4ec,Y2UGcc,SF3gsd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
date: Tue, 06 Apr 2021 08:05:31 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17432
expires: Tue, 06 Apr 2021 10:05:31 GMT

GET
H3-Q050 200 pay Show response
pay.google.com/gp/p/ui/ Frame CB16 1 MB
346 KB 77ms
77ms XHR
text/html 2a00:1450:400c:c02::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c02::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

948d0aadb14a64f9a6116543e8b76bf61a5a7f8c60ee56e6843b65ca99fea149

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-NFS01LZ5eQl4TiZdtwAmfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-NFS01LZ5eQl4TiZdtwAmfg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge
server: ESF
date: Tue, 06 Apr 2021 08:05:31 GMT
x-frame-options: DENY
report-to: {"group":"InstantbuyFrontendBuyflowPayUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayUi/external"}]}
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=3600
origin-trial: AmWWqEiPtRKXiIreUsgUyNMptDcKdmLPlGI32DPZjDKK+yBAUi7+FT3r/9RpkTnzHyXYUWiPfirCGMg3Ogzc7gMAAAB3eyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjE0MTI0Nzk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
content-security-policy: script-src 'report-sample' 'nonce-NFS01LZ5eQl4TiZdtwAmfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-NFS01LZ5eQl4TiZdtwAmfg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
cross-origin-opener-policy-report-only: unsafe-none; report-to="InstantbuyFrontendBuyflowPayUi"
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 58ms
44ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame 9BFC 131 B
223 B 40ms
39ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 54ms
45ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame 9BFC 131 B
223 B 43ms
42ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

POST
H3-Q050 200 log Show response
play.google.com/ Frame 9BFC 131 B
223 B 43ms
42ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 47ms
45ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 41ms
41ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame 9BFC 131 B
223 B 41ms
40ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

POST
H3-Q050 200 log Show response
play.google.com/ Frame 9BFC 131 B
223 B 40ms
40ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 38ms
38ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 38ms
38ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame 9BFC 131 B
223 B 40ms
40ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

GET
H3-Q050 200 m=Wt6vjf,_latency,FCpbqb,WhJNk,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame 9BFC 25 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=Das5Le,IZT63,LEikZe,NpD4ec,PrPYRd,Ru0Pgb,SF3gsd,Y2UGcc,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=Wt6vjf,_latency,FCpbqb,WhJNk,EFQ78c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27dfd732e4611a6283da46bdc7ac08f7424fe7d729fe1b34d4fc75746f537366

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53055
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10311
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:16 GMT

GET
H3-Q050 200 m=lwddkf Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame 9BFC 260 B
193 B 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=Das5Le,EFQ78c,FCpbqb,IZT63,LEikZe,NpD4ec,PrPYRd,Ru0Pgb,SF3gsd,WhJNk,Wt6vjf,Y2UGcc,ZyYHPb,_b,_latency,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=lwddkf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26b6a29d18339a5cf68bc6d4e17b6a52c2f0de7cbe79ea9d74a4886e57995561

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53055
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 168
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:16 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 2172 279 KB
85 KB 14ms
13ms Script
application/javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImM5NjI5MmQ0ZGZfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=8cd7dbc256_mdg6mdu6mza&sessionID=12d47ddde1_mdg6mdu6mza&buttonSessionID=53c623aa8c_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10c05af4d7751702a2146165871317978a80b6ee332bdfc06260e02ac512fd83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImM5NjI5MmQ0ZGZfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=8cd7dbc256_mdg6mdu6mza&sessionID=12d47ddde1_mdg6mdu6mza&buttonSessionID=53c623aa8c_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-S63Q8CbBFa7h3YWZ3hZm8wH8nmuE9WStvoO/uXFDW+vV40mz' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 3344
via: 1.1 varnish
x-cache: HIT
p3p: true
paypal-debug-id: 9a0b54f8c813e
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 86468
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.145743,VS0,VE1
x-frame-options: SAMEORIGIN
date: Tue, 06 Apr 2021 08:05:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Tue, 06 Apr 2021 08:09:47 GMT
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"151c4-8fW7MFz9JdCdRtmD+xI+C4m3yXc"
accept-ranges: bytes
x-cache-hits: 5

GET
DATA 200
OK truncated
/ Frame 2172 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 2172 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 f128337a782009724447.chunk.js Show response
www.paypalobjects.com/muse/analytics/chunk/ Frame E44A 86 KB
25 KB 17ms
17ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/chunk/f128337a782009724447.chunk.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

abdf0f23863f1c13dfcdedf7262f78336c07dc5aa73f35d974d5d1da7decf601

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypalobjects.com/muse/analytics/index.html?frameId=aa181e2b-7927-4e93-8b42-07d6d66dcf4e&propertyId=NGJ83G9Z8QXZ8-1&flow=visitor-info&variant=analytics&mrid=NGJ83G9Z8QXZ8&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568691
x-cache: HIT, HIT
paypal-debug-id: c9c96a6fc1843
dc: phx-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 25677
x-served-by: cache-sjc10047-SJC, cache-fra19168-FRA
last-modified: Tue, 30 Mar 2021 17:54:55 GMT
x-timer: S1617696331.163286,VS0,VE0
etag: W/"606365ef-158c0"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 211315, 31

GET
H2 200 ts
t.paypal.com/ Frame 90FE 42 B
465 B 159ms
156ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&es=visitorInfoFlowStarted&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=ActBlue%20Embedded%20Form%3A%20music-play-on%2FAB2&dh=1200&dw=1600&bh=350&bw=1120&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1617696331158&g=-120&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fcf%2Fembed%2Fform%2FW31qHZSc7E8q3iUJ1HQTKzMa%3Fhost_origin%3Dhttps%253A%252F%252Fsafeschoolsforalex.org%26embed_id%3DAB2
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/W31qHZSc7E8q3iUJ1HQTKzMa?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
server: akka-http/10.1.11
x-timer: S1617696331.167408,VS0,VE147
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slca.slc
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4074-HHN

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 188ms
170ms Preflight 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Protocol

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 570734d558d13
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4054-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1617696331.208146,VS0,VE162

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame 0F95 434 B
1 KB 234ms
233ms Fetch
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/chunk/f128337a782009724447.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

543803fca470fb54197c143bf76009cfb97eaf10129f06e39c850029e86055bb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-6MdDS9Kxqzyh/n6hzqQQW4y5nUY6vM1tim1PL3f2R7ttjWcs' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-6MdDS9Kxqzyh/n6hzqQQW4y5nUY6vM1tim1PL3f2R7ttjWcs' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'
via: 1.1 varnish
vary: Accept-Encoding
x-cache: MISS
paypal-debug-id: 4f9b4b8adc922
date: Tue, 06 Apr 2021 08:05:31 GMT
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.381577,VS0,VE225
x-frame-options: SAMEORIGIN
etag: W/"1b2-xkypby7ymNUsKSzRxkWf4vpRQ44"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
content-encoding: br
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H3-Q050 200 log Show response
play.google.com/ Frame B646 131 B
223 B 45ms
44ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

GET
H2 200 ts
t.paypal.com/ Frame 6235 42 B
105 B 156ms
155ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&es=visitorInfoFlowStarted&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=ActBlue%20Embedded%20Form%3A%20school-incident-report%2FAB3&dh=1200&dw=1600&bh=0&bw=0&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1617696331228&g=-120&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fcf%2Fembed%2Fform%2FwrVHW89us7i3x6gJNZXeE6U5%3Fhost_origin%3Dhttps%253A%252F%252Fsafeschoolsforalex.org%26embed_id%3DAB3
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/wrVHW89us7i3x6gJNZXeE6U5?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
server: akka-http/10.1.11
x-timer: S1617696331.233581,VS0,VE148
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slca.slc
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4074-HHN

POST
H3-Q050 200 log Show response
play.google.com/ Frame 9BFC 131 B
223 B 42ms
42ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 186ms
186ms Preflight 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Protocol

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 5747eec79817d
dc: phx-origin-www-1.paypal.com
accept-ranges: bytes
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4054-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1617696331.254503,VS0,VE178

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame FDFB 434 B
1 KB 289ms
289ms Fetch
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/chunk/f128337a782009724447.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3651e3df8a7c35e36ae429c1ed8ad9c653d3094a7c8f75684dac338a1ad823a7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-TLSfKInc5hkVyNld1hDdrdpwAj4Y/AQCPQVB/IDv2djxb0X2' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-TLSfKInc5hkVyNld1hDdrdpwAj4Y/AQCPQVB/IDv2djxb0X2' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'
via: 1.1 varnish
vary: Accept-Encoding
x-cache: MISS
paypal-debug-id: 7b2734542ebac
date: Tue, 06 Apr 2021 08:05:31 GMT
dc: phx-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.441617,VS0,VE280
x-frame-options: SAMEORIGIN
etag: W/"1b2-lMbsiVa3bbyapGKa2oSKPlLcO6U"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
content-encoding: br
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H3-Q050 200 log Show response
play.google.com/ Frame CB16 131 B
223 B 39ms
39ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 38ms
37ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame CB16 131 B
223 B 39ms
39ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 37ms
37ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 38ms
37ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame CB16 131 B
223 B 41ms
40ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

POST
H3-Q050 200 log Show response
play.google.com/ Frame CB16 131 B
223 B 42ms
42ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 38ms
38ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 38ms
37ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

POST
H3-Q050 200 log Show response
play.google.com/ Frame CB16 131 B
223 B 39ms
39ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

POST
H3-Q050 200 log Show response
play.google.com/ Frame CB16 131 B
223 B 41ms
41ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

OPTIONS
H3-Q050 200 log
play.google.com/ Frame 0
0 38ms
38ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

H3-Q050

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 06 Apr 2021 08:05:31 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: private

GET
H3-Q050 200 m=Wt6vjf,_latency,FCpbqb,WhJNk,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame CB16 25 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=Das5Le,IZT63,LEikZe,NpD4ec,PrPYRd,Ru0Pgb,SF3gsd,Y2UGcc,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=Wt6vjf,_latency,FCpbqb,WhJNk,EFQ78c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27dfd732e4611a6283da46bdc7ac08f7424fe7d729fe1b34d4fc75746f537366

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53055
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10311
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:16 GMT

GET
H3-Q050 200 m=lwddkf Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azO... Frame CB16 260 B
193 B 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.azOCyt4ZE0g.L.B1.O/am=BoA/d=1/exm=Das5Le,EFQ78c,FCpbqb,IZT63,LEikZe,NpD4ec,PrPYRd,Ru0Pgb,SF3gsd,WhJNk,Wt6vjf,Y2UGcc,ZyYHPb,_b,_latency,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/ed=1/wt=2/ct=zgms/rs=AMitfrj0WIT6bjFYRamu0yTgCRZVIHc1LQ/m=lwddkf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26b6a29d18339a5cf68bc6d4e17b6a52c2f0de7cbe79ea9d74a4886e57995561

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 17:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 03 Apr 2021 01:26:01 GMT
server: sffe
age: 53055
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 168
x-xss-protection: 0
expires: Tue, 05 Apr 2022 17:21:16 GMT

GET
H2 200 ts
t.paypal.com/ Frame 2953 42 B
105 B 168ms
167ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&es=visitorInfoFlowStarted&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=ActBlue%20Embedded%20Form%3A%20safe-schools-for-alex-2%2FAB1&dh=1200&dw=1600&bh=0&bw=0&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1617696331294&g=-120&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fcf%2Fembed%2Fform%2FKMxXxKiVxoLoon9rachiV2qU%3Fhost_origin%3Dhttps%253A%252F%252Fsafeschoolsforalex.org%26embed_id%3DAB1
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/embed/form/KMxXxKiVxoLoon9rachiV2qU?host_origin=https%3A%2F%2Fsafeschoolsforalex.org&embed_id=AB1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
server: akka-http/10.1.11
x-timer: S1617696331.301073,VS0,VE157
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slca.slc
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4074-HHN

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 201ms
201ms Preflight 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Protocol

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: e520e26ca0b8
dc: phx-origin-www-1.paypal.com
accept-ranges: bytes
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4054-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1617696331.316200,VS0,VE195

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame E44A 435 B
1 KB 279ms
279ms Fetch
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/chunk/f128337a782009724447.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8abf286ba868c2b48766f195403eb2aa3e628c89b0bbbc8da22d75691425bdf9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-9NHI10GQch4lx1Sny+jv/XcD35OOtmsJKTcx34h5lEoIdt0n' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-9NHI10GQch4lx1Sny+jv/XcD35OOtmsJKTcx34h5lEoIdt0n' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'
via: 1.1 varnish
vary: Accept-Encoding
x-cache: MISS
paypal-debug-id: 2c87a859be1c8
date: Tue, 06 Apr 2021 08:05:31 GMT
dc: phx-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4022-HHN
x-timer: S1617696332.518570,VS0,VE270
x-frame-options: SAMEORIGIN
etag: W/"1b3-hCkFKAY7GduWDZ//HUzxq6NueI8"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
content-encoding: br
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H3-Q050 200 log Show response
play.google.com/ Frame CB16 131 B
223 B 41ms
40ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US._ot_hoBYraA.es5.O/am=BoA/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ct=zgms/rs=AMitfrgl-acp82IzZmcN8rh3F3kYWxAJ1A/m=_b,_tp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Tue, 06 Apr 2021 08:05:31 GMT

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 9FCB 855 B
1 KB 194ms
193ms XHR
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e2de58553144befbfdde1f7298f80655099e54ea9134f45e314ada4b395783eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImQxZTRmNDQxMjRfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=29d857053f_mdg6mdu6mza&sessionID=46f88c2602_mdg6mdu6mza&buttonSessionID=b58e3de472_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: 96aa9658f817d
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: phx-origin-www-2.paypal.com
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.381565,VS0,VE180
etag: W/"357-t4xVYLVf6nIZAzPn8DmKcUxTEfo"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame F761 863 B
744 B 159ms
158ms XHR
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f00ed614a799a05d17069f45940eeecf70f6761200ffa99d4861512757f7f6e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImZkZGNiNDk5Y2JfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=c218113fd3_mdg6mdu6mza&sessionID=26ada4626c_mdg6mdu6mza&buttonSessionID=c0d95eb744_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: 4c023a1db360c
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.416599,VS0,VE149
etag: W/"35f-vn14P5Wj5y0df9wFHEJQDdh0hBI"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 9FCB 878 B
671 B 163ms
163ms Other
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7a42ee6bc7dd343644742ae3cf9f07e5d1cdd96afdbbef1427e71e74a2f24f28

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImQxZTRmNDQxMjRfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=29d857053f_mdg6mdu6mza&sessionID=46f88c2602_mdg6mdu6mza&buttonSessionID=b58e3de472_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: d1dde04216073
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.420847,VS0,VE151
etag: W/"36e-On6OM/VHYU3ngjVOz/ckg28g0sE"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame F761 874 B
771 B 160ms
160ms Other
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImZkZGNiNDk5Y2JfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=c218113fd3_mdg6mdu6mza&sessionID=26ada4626c_mdg6mdu6mza&buttonSessionID=c0d95eb744_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d2efb035068c4951a58bb8b08219102facade69b3fd7532a4bfe93cec5b5bff9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImZkZGNiNDk5Y2JfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=c218113fd3_mdg6mdu6mza&sessionID=26ada4626c_mdg6mdu6mza&buttonSessionID=c0d95eb744_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: 631451a22a9a2
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.421720,VS0,VE150
etag: W/"36a-65VARzV0q+zTbAm0IKiDPAzyHtU"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 2172 876 B
1 KB 163ms
163ms XHR
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

28cde38a9f71f211990cb1b47cee0401c026abbcf0c34a7d1b47140072f61bbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImM5NjI5MmQ0ZGZfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=8cd7dbc256_mdg6mdu6mza&sessionID=12d47ddde1_mdg6mdu6mza&buttonSessionID=53c623aa8c_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: c44ce087aa9dc
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.426152,VS0,VE155
etag: W/"36c-XJ7TSG+idxq9bv5HgFaVRaEOuHQ"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 90FE 866 B
1 KB 158ms
157ms XHR
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0031b5c2fb385f3bdfacf6439cc1e90e20993f1e1e0bd41e9b5b06dacc38e6c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: c17776becfa36
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4054-HHN
x-timer: S1617696332.584386,VS0,VE148
etag: W/"362-sNXpBGG2kINDpohqawiodmQTBBc"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure.actblue.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 153ms
153ms Preflight 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://secure.actblue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://secure.actblue.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 3824826814738
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4054-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1617696331.425447,VS0,VE146
content-encoding: br
vary: accept-encoding

POST
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 2172 876 B
679 B 159ms
158ms Other
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImM5NjI5MmQ0ZGZfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=8cd7dbc256_mdg6mdu6mza&sessionID=12d47ddde1_mdg6mdu6mza&buttonSessionID=53c623aa8c_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0b76bc959a56537be738e99c921cf6133c5470f971b58d9ec61b9a0210a6ab1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypal.com/smart/buttons?env=production&style.label=pay&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=45&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UiLCJhdHRycyI6eyJkYXRhLXVpZCI6ImM5NjI5MmQ0ZGZfbWRnNm1kdTZtemEifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=596b0ec12223e&storageID=8cd7dbc256_mdg6mdu6mza&sessionID=12d47ddde1_mdg6mdu6mza&buttonSessionID=53c623aa8c_mdg6mdu6mza&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsiZmxleCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19fSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&flow=purchase&currency=USD&intent=capture&disableFunding.0=credit&disableFunding.1=card&supportsPopups=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: 3dc75b9cf84e8
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4022-HHN
x-timer: S1617696331.434081,VS0,VE151
etag: W/"36c-TngqjlWQj/D/IRWsTLhXzlYcbx0"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 6235 866 B
1 KB 157ms
157ms XHR
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

cb1fa34f9c9f80f1800e87eff2847f178b685beb46a506a95f85ab4f70892ccb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: 49358905770b6
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4054-HHN
x-timer: S1617696332.627861,VS0,VE146
etag: W/"362-1yhFo/4pWDCqMZD0PxC2EfyaYlk"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure.actblue.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 153ms
152ms Preflight 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://secure.actblue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://secure.actblue.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 580735af99f0d
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4054-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1617696331.474165,VS0,VE146
content-encoding: br
vary: accept-encoding

GET
H2 200 ssfa-site-logo.png
safeschoolsforalex.org/wp-content/uploads/2021/03/ 12 KB
12 KB 123ms
123ms Image
image/png 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://safeschoolsforalex.org/wp-content/uploads/2021/03/ssfa-site-logo.png
Requested by: Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 109.139.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: ef8bba674c8abfbca8ca3b8522a3ccadc65e6d545dd7ad9b79d8235a7477548e

Request headers

Referer: https://safeschoolsforalex.org/donate/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
last-modified: Wed, 31 Mar 2021 06:57:23 GMT
server: nginx
etag: "60641d53-2f02"
x-proxy-cache-info: DT:1
content-type: image/png
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 12034
expires: Wed, 06 Apr 2022 08:05:31 GMT

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 167ms
167ms Preflight 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://secure.actblue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://secure.actblue.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 90f8916df98e1
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4054-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1617696332.519905,VS0,VE160
content-encoding: br
vary: accept-encoding

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 2953 868 B
1 KB 175ms
175ms XHR
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5ba2b36e8e0c29d425b6bb3fb564b48e3d2b61ed35034490c3aaf6e86ec8be76

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: fb4cda66f5825
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: phx-origin-www-2.paypal.com
x-served-by: cache-hhn4054-HHN
x-timer: S1617696332.687306,VS0,VE168
etag: W/"364-lcMGDr38PIdsiEvb5XnTNwQLgBA"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure.actblue.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

GET
H2 200 ts
t.paypal.com/ Frame 90FE 42 B
105 B 154ms
154ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&es=visitorInfo&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=ActBlue%20Embedded%20Form%3A%20music-play-on%2FAB2&dh=1200&dw=1600&bh=350&bw=1120&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1617696331614&g=-120&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fcf%2Fembed%2Fform%2FW31qHZSc7E8q3iUJ1HQTKzMa%3Fhost_origin%3Dhttps%253A%252F%252Fsafeschoolsforalex.org%26embed_id%3DAB2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
server: akka-http/10.1.11
x-timer: S1617696332.619263,VS0,VE145
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slca.slc
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4074-HHN

GET
H2 200 ts
t.paypal.com/ Frame 6235 42 B
105 B 160ms
159ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&es=visitorInfo&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=ActBlue%20Embedded%20Form%3A%20school-incident-report%2FAB3&dh=1200&dw=1600&bh=0&bw=0&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1617696331729&g=-120&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fcf%2Fembed%2Fform%2FwrVHW89us7i3x6gJNZXeE6U5%3Fhost_origin%3Dhttps%253A%252F%252Fsafeschoolsforalex.org%26embed_id%3DAB3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
server: akka-http/10.1.11
x-timer: S1617696332.735315,VS0,VE148
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slcb.slc
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4074-HHN

GET
H2 200 ts
t.paypal.com/ Frame 2953 42 B
105 B 155ms
154ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1%3A%3AvisitorInfo%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&es=visitorInfo&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=ActBlue%20Embedded%20Form%3A%20safe-schools-for-alex-2%2FAB1&dh=1200&dw=1600&bh=0&bw=0&cd=24&sh=1200&sw=1600&v=NA&rosetta_language=en-US&e=im&t=1617696331797&g=-120&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fcf%2Fembed%2Fform%2FKMxXxKiVxoLoon9rachiV2qU%3Fhost_origin%3Dhttps%253A%252F%252Fsafeschoolsforalex.org%26embed_id%3DAB1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Apr 2021 08:05:31 GMT
via: 1.1 varnish
server: akka-http/10.1.11
x-timer: S1617696332.801924,VS0,VE148
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
http_x_pp_az_locator: slcb.slc
expires: Tue, 06 Apr 2021 08:05:31 GMT
cache-control: no-cache, no-store, max-age=0, no-transform
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4074-HHN

POST
H2 200 admin-ajax.php Show response
safeschoolsforalex.org/wp-admin/ 0
402 B 513ms
513ms XHR
text/html 35.208.139.109
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL

https://safeschoolsforalex.org/wp-admin/admin-ajax.php

Requested by

Host: safeschoolsforalex.org
URL: https://safeschoolsforalex.org/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.208.139.109 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),

Reverse DNS

109.139.208.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Referer: https://safeschoolsforalex.org/donate/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 06 Apr 2021 08:05:35 GMT
content-encoding: br
x-content-type-options: nosniff
x-proxy-cache-info: DT:1
host-header: 8441280b0c35cbc1147f8ba998a563a7
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://safeschoolsforalex.org
x-httpd: 1
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

144 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3AdegKHOlSmMbOnSy3dpvA4cmMh3HM1vgo.E%2BYM77dVBE%2FpC0Pg%2BksN64rel0%2FvOE8u67VpaFyaV3I
.paypal.com/	1970-01-20 02:07:12	Name: enforce_policy Value: ccpa
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTYxNzY5NjMzMTcwMSIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/	1970-01-20 19:39:50	Name: ts Value: vreXpYrS%3D1712390731%26vteXpYrS%3D1617698131%26vr%3Da63713cc1780a275918a0db5fe1bead8%26vt%3Da63713cc1780a275918a0db5fe1bead7%26vtyp%3Dnew
.paypal.com/	1970-01-20 19:39:50	Name: ts_c Value: vr%3Da63713cc1780a275918a0db5fe1bead8%26vt%3Da63713cc1780a275918a0db5fe1bead7
.paypal.com/	1970-01-19 17:21:38	Name: l7_az Value: dcg14.slc
.paypal.com/	1970-01-19 17:25:55	Name: tsrce Value: smartcomponentnodeweb
.paypal.com/	1970-01-19 17:22:07	Name: LANG Value: en_US%3BUS
.google.com/	1970-01-19 21:45:07	Name: NID Value: 212=RvB4Fgr6OJJRk3t6hgTV4i085MEp-lrsBDjslkLQ17akVaU5jQViinP5eGU1vEZmti01b5Si-d357iAuldi5538qrGYsi33tXtYaQRSXmjWikIL74ErNEZAqPLJbcjfed-xFd9obkYO7_TFSVOBvK9WAHOab3Q5mFfjA8PfXRJE
.google.com/recaptcha	1970-01-19 21:40:48	Name: _GRECAPTCHA Value: 09ANblmnjv40Gt-lt6didSMya1ctbBW7CoQlfjhWlsoDx5_xyQyqL2ZmDlj3TqgF1Ge3G3YpxZy4SFOhwas_Ob5jI

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://safeschoolsforalex.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	debug	URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us(Line 71) Message: [bugsnag] Loaded!
console-api	debug	URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us(Line 71) Message: [bugsnag] Loaded!
console-api	debug	URL: https://secure.actblue.com/cf/assets/embedForm/11abb70a3645f506dd83.js?form_app=us(Line 71) Message: [bugsnag] Loaded!

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-js.mixpanel.com
cdn4.mxpnl.com
fonts.googleapis.com
fonts.gstatic.com
ka-f.fontawesome.com
kit.fontawesome.com
pay.google.com
play.google.com
r20.rs6.net
safeschoolsforalex.org
secure.actblue.com
sessions.bugsnag.com
t.paypal.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
130.211.34.183
151.101.1.21
151.101.112.174
151.101.14.133
151.101.65.35
208.75.122.11
2600:1901:0:7a0b::
2606:4700::6812:1734
2606:4700:e6::ac40:ca1c
2a00:1450:4001:803::2004
2a00:1450:4001:808::200a
2a00:1450:4001:809::2008
2a00:1450:4001:80e::200a
2a00:1450:4001:810::2003
2a00:1450:4001:811::200e
2a00:1450:4001:828::2003
2a00:1450:4001:82a::2004
2a00:1450:400c:c02::5c
35.186.235.23
35.208.139.109
0031b5c2fb385f3bdfacf6439cc1e90e20993f1e1e0bd41e9b5b06dacc38e6c1
004d80209f0cb3030430c3a9c211f11a3c44278599193e680623d95f0e9dd695
016b91219c6ed7712bdfed0dfa714b53c5df005847771cddf79e2a3a5d5679ac
01c03dc65917472f8fc9158ddd35db988d1d69d59b5b445a673b6b5b6631b3dd
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
07bf87548212f24057ba352fed5ec567dab724b44a7fc88ddc393cbc7706d033
09f2339d48475b6576f2a626626f676ab4712b63aef868522a4726ee1e0bea7a
0b76bc959a56537be738e99c921cf6133c5470f971b58d9ec61b9a0210a6ab1a
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
0e56c010fa1b2a51777afba49b6f8246f05d85c159b4cafdac802f9261d744bb
10adc36ee685bbfefa2aa592e96f3ab9ffdc50a86fb594a65a665ab9e8a302d9
10c05af4d7751702a2146165871317978a80b6ee332bdfc06260e02ac512fd83
1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
22a2bafdd84fb9b135c603a453dc001e1c3dc97891b8a310d9b2b9a99814e35f
242297298a4af891b89bc1c18f5e5229013dc8f1b341924009eba87998f70a89
24bfa05b536e030f694b6cdd3e40427b1a6c1131f90c14abaf92f6495509b3f2
255c7a1fa69437e6e19994bcd662189c05d12bf98f2eecdee9f31690942336e4
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b
26b6a29d18339a5cf68bc6d4e17b6a52c2f0de7cbe79ea9d74a4886e57995561
279f6b481748c18d498dd5ad4cb01aee8aaab9fe2845094491f2632d4b99b686
27c270c0d311ffb9c9394850a4e01b896c08e66852ce145a59e7c93a37b80cac
27dfd732e4611a6283da46bdc7ac08f7424fe7d729fe1b34d4fc75746f537366
28cde38a9f71f211990cb1b47cee0401c026abbcf0c34a7d1b47140072f61bbd
2924ea36a075d22f18a9fac2ad9a0e3a8aa2bf9195ba462ff626df6bcd05e97a
29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05
2af2d9986f7e52423212938ed542d3b31f1ae0178a7e046f88de6bb4c6b3c14f
2afbe6beaf1d4baf33463cfb2116530809aff74094741440f83a2850d4e7f7dc
362daeaf1f7e05fee9a609e549f148aacbe518c166fbd96ead69057e295742af
3651e3df8a7c35e36ae429c1ed8ad9c653d3094a7c8f75684dac338a1ad823a7
37811d4d55ec74751bcaa643b3a9798f1d577ac2910b63c6ca202c2e36544e05
3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e799d21e1116a135fcd10c071506f34b99cf79d93b5548199e1376f88b62434
48052f6267b2e21fb086ad26457c715b3b8b5e8c6fcbcdea42589da06b05e9be
4a13970158327ddd25459421c79fa7af53822e4b4d9cd8efb1395a91122676c8
4ae7dd540cfd0caeceb65acd010bf4e477b6ab4266fc6983e412fd3e8a9cdce0
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
51f68f5036b2e8c67e1e8cd04a95a113b41e2ed769f2135ba52303d40ee200a4
52f300eb6c5da21fd086ca1bf5e6b9f46fd3eb4d53de40683a2cf6e59681d3e3
543803fca470fb54197c143bf76009cfb97eaf10129f06e39c850029e86055bb
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5ba2b36e8e0c29d425b6bb3fb564b48e3d2b61ed35034490c3aaf6e86ec8be76
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5e50b03d4f213b0fcb22754724c16321e766f39a944847665e9942a9af2817a4
5ebe5571f5f7c5087ab450b4f84b7ac68ebc76cbc740bf1b3041a609b305f8cc
5f732cc9060390e2ce8439ea5559bc7912c46e50fb7384324a722a2666232aab
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6a2fd8165871a31946da9b2cb6ecc55a0dcbcdbc8b34be6ec4cc9eaafd7ab783
6ac06927301509c34186b5afbae45aab433d118bdba3f3199b6bfb7435bdc03e
6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c1510ef35e8322bf3c09c53aa955cd3b0a9e5ac65d15dd518c84ffc4b511c9f
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6df9c612b80b372af8d344719a1db75bd19dbbfa952d3425faa8a5624822cbd7
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
7492bcaf89227f32ce7d709ec7a16644041d2782ec5fec2f810f2b040f475b87
755fc16c048c7375eb92052140a46cdb3aeb33046799cb298a0c1e3292b23071
758cca18e6a8401fa6888e2eac264744faca69adff0e5672cb1ef2f848aebeac
762df474becdf79f7b43c500a50584ec02235a547685b547adeab187b3625f82
7a42ee6bc7dd343644742ae3cf9f07e5d1cdd96afdbbef1427e71e74a2f24f28
7b3a7e4265228a39bea0d22ac1aedb86219a7b521a831827f7f4579ca5ae4156
7e054c0da8f57ec42fe7e07950ef558945abd596a3adadbccecbbc169d56cc0b
8273f0538929ede9599e3cfea8142a252a7d0cb6dbacb230bf188490dde79d4b
846190311422b8501d25e7fa82a6f03640979882b59b875da0c038877bd15151
8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8
89b6fc20e99da6c304c84e47abe126d4f7eb31e5366e97b451a9aca07181ddb3
8a41d60f7762f2db0792fd909c3c09725f93d8fe1e94efcb2ca04293921e277a
8abf286ba868c2b48766f195403eb2aa3e628c89b0bbbc8da22d75691425bdf9
8b4e355d55d0ed72e0991a3005611a44cfaec9796ad71698cb3bfe184ccb6ec5
8c64ff47897e1ade658e348ae318a8d7cd43ac5131efe1a1ca3693996630e8eb
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8e3b8d5c0f179a349103a20d9ee98aeed426bcef75c02ecc0ceb71d94f1c54a0
92c35f839d90ea55730d05ce3ea859cb598cd85eb20be3ed55621bb8baa3aa36
948d0aadb14a64f9a6116543e8b76bf61a5a7f8c60ee56e6843b65ca99fea149
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
9c79addf900da4c848c985f6da6aab30e7f66a6513fa0c8662f4dbdd0f9e083b
9c7c023f91428234ca0ea4df1199758686f4dcd04da96ba63571788fb3389c0b
a32aafa4c2f16795ce7e3cf6c650aa36fa6bb644eed76646783c5e0339d167b1
a67735aa5b579aa63a3e5ff7ce82e8d94c09d56849c15ef1849827097c3ff239
a7a83e60e7e3b8cadeed69327ba498b4cd68605db6e408729fa1b946758e7501
abd0f491a689f77e49cebb91b01843bdf10550c6d8a72aa6cbff7476b0541b4d
abdf0f23863f1c13dfcdedf7262f78336c07dc5aa73f35d974d5d1da7decf601
ae707ec81b142f04b6d5f785a5d4f7e8301bdb62a95288dee1f3e58930d21c7a
b497497fee027bbeff9e4a353db845cb5cb5835a03e5fb5b842c2adc5d8f3fe6
bc39faeca56080ddf58d15275b2fe0cfa3bc1ec8afd82508555b25555ec95086
c2819ca1f7ad1af7ba53c4edfdfd395c547bcb16d29892a234d7860c689ed929
c39290fa58dbf5ff7916f29029dd0a2245e1dd916e5d94da50ed86148c0410ac
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
ca07be610951217827ec9b7e002118150553d2862e2ce4229bf71820a8e9ec91
cb1fa34f9c9f80f1800e87eff2847f178b685beb46a506a95f85ab4f70892ccb
cc155759e8e2b38b61e51b238afd8feb7d61b08bc931695c51239330a82bcec7
cc5fd132061a74f7734ff3ff5e31d6fc9e9ecf30798d98f9f1ac0bceb37fb7db
d201a2c3118a00c82cc48e89815f5139f23956bbe248107dcf522acc77b97c09
d2efb035068c4951a58bb8b08219102facade69b3fd7532a4bfe93cec5b5bff9
d384c29b58051f4beb7d3ae0a593f41d462bffeb8dab997e7615997dccd73c5c
d3bf2dfd679bb242e84071dccad82d64b09906652b2762c9ccc4a14b1d5bafff
de37a43b26501cc526346354470d48851385d6a0182ecf910bc93d682c7b9a54
df15236d4098113e3479fc540a9bd1046ca6029f5508098e9c4245a0e12fab05
e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6
e2de58553144befbfdde1f7298f80655099e54ea9134f45e314ada4b395783eb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b20c06a20b7c958a8ebc8d7dd6766a94be7adfb473f4f68e2217b08620fda4
ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6
ecfd7d14f210ce60bc77a77a0611a4860baba5fd3aefb32ce077ec55ec837584
edb6f141b07ff242615990a494d2414642dd43cf2b2adc831829cb780c249d05
ef8bba674c8abfbca8ca3b8522a3ccadc65e6d545dd7ad9b79d8235a7477548e
f00ed614a799a05d17069f45940eeecf70f6761200ffa99d4861512757f7f6e7
f56889f38649f7a285472092d4062222f3a00ccf1f210882f190617776ce6036
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

safeschoolsforalex.org Open in urlscan Pro 35.208.139.109 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

219 Requests

100 %HTTPS

60 %IPv6

14 Domains

19 Subdomains

20 IPs

3 Countries

9158 kBTransfer

20254 kBSize

10 Cookies

5 Outgoing links

Page URL History

Redirected requests

219 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

safeschoolsforalex.org Open in urlscan Pro
35.208.139.109 Public Scan

Screenshot
Live screenshot

Full Image

219
Requests

100 %
HTTPS

60 %
IPv6

14
Domains

19
Subdomains

20
IPs

3
Countries

9158 kB
Transfer

20254 kB
Size

10
Cookies

219 HTTP transactions
12 data transactions