myreturnticket.ca Open in urlscan Pro
192.0.78.193 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.myreturnticket.ca/
Effective URL:
https://myreturnticket.ca/
Submission: On March 16 via automatic, source certstream-suspicious (March 16th 2023, 3:45:19 pm UTC) — Scanned from CA

Summary HTTP 889 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 104 IPs in 10 countries across 123 domains to perform 889 HTTP transactions. The main IP is 192.0.78.193, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is myreturnticket.ca.
TLS certificate: Issued by R3 on March 16th 2023. Valid for: 3 months.

This is the only time myreturnticket.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	192.0.78.193 192.0.78.193	2635 (AUTOMATTIC) (AUTOMATTIC)
13	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
7	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
3	192.0.78.13 192.0.78.13	2635 (AUTOMATTIC) (AUTOMATTIC)
1 7	23.204.152.11 23.204.152.11	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	104.126.118.225 104.126.118.225	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
5	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
27	44.213.52.212 44.213.52.212	14618 (AMAZON-AES) (AMAZON-AES)
25	192.0.72.3 192.0.72.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.78.25 192.0.78.25	2635 (AUTOMATTIC) (AUTOMATTIC)
10	2607:f8b0:400... 2607:f8b0:4006:820::200e	15169 (GOOGLE) (GOOGLE)
33	2606:2800:220... 2606:2800:220:131d:1d30:1f1d:238b:1e56	15133 (EDGECAST) (EDGECAST)
182	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1	192.0.77.38 192.0.77.38	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
2 3	69.166.1.10 69.166.1.10	27630 (AS-XFERNET) (AS-XFERNET)
7	23.52.161.180 23.52.161.180	16625 (AKAMAI-AS) (AKAMAI-AS)
8 9	52.45.33.138 52.45.33.138	14618 (AMAZON-AES) (AMAZON-AES)
1 1	199.187.193.177 199.187.193.177	47043 (SMARTADSE...) (SMARTADSERVER)
4 12	192.40.39.223 192.40.39.223	27381 (CASALE-MEDIA) (CASALE-MEDIA)
23 23	67.202.105.23 67.202.105.23	32748 (STEADFAST) (STEADFAST)
3	67.202.105.34 67.202.105.34	32748 (STEADFAST) (STEADFAST)
1	2606:2800:21f... 2606:2800:21f:2cf1:7be6:911:71d9:25f7	15133 (EDGECAST) (EDGECAST)
1 1	67.202.105.31 67.202.105.31	32748 (STEADFAST) (STEADFAST)
2 2	185.255.84.152 185.255.84.152	200271 (IGUANE-) (IGUANE-)
1 1	20.127.253.7 20.127.253.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	141.95.33.111 141.95.33.111	16276 (OVH) (OVH)
29 32	35.211.178.172 35.211.178.172	19527 (GOOGLE-2) (GOOGLE-2)
1 1	2600:9000:220... 2600:9000:2209:ec00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.223.50.249 3.223.50.249	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.129.108 151.101.129.108	54113 (FASTLY) (FASTLY)
12	23.3.115.102 23.3.115.102	16625 (AKAMAI-AS) (AKAMAI-AS)
2 16	23.195.100.26 23.195.100.26	16625 (AKAMAI-AS) (AKAMAI-AS)
5 25	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	23.195.101.76 23.195.101.76	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	35.190.90.30 35.190.90.30	15169 (GOOGLE) (GOOGLE)
8 11	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
6 14	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
7 7	68.67.179.113 68.67.179.113	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	35.210.53.219 35.210.53.219	19527 (GOOGLE-2) (GOOGLE-2)
4	2607:f8b0:400... 2607:f8b0:4006:816::2003	15169 (GOOGLE) (GOOGLE)
5	192.0.78.23 192.0.78.23	2635 (AUTOMATTIC) (AUTOMATTIC)
4	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
3 4	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
3 5	2600:1f18:4e9... 2600:1f18:4e9:5a02:460b:2b68:c137:43d7	14618 (AMAZON-AES) (AMAZON-AES)
3 8	52.46.143.56 52.46.143.56	16509 (AMAZON-02) (AMAZON-02)
13 13	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
18 23	142.250.72.98 142.250.72.98	15169 (GOOGLE) (GOOGLE)
3 4	68.67.178.10 68.67.178.10	29990 (ASN-APPNEX) (ASN-APPNEX)
1 20	3.213.224.199 3.213.224.199	14618 (AMAZON-AES) (AMAZON-AES)
3 3	35.211.233.246 35.211.233.246	15169 (GOOGLE) (GOOGLE)
3 8	38.133.127.63 38.133.127.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
12 16	8.28.7.82 8.28.7.82	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	44.208.144.209 44.208.144.209	14618 (AMAZON-AES) (AMAZON-AES)
20 53	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 4	204.2.255.233 204.2.255.233	2914 (NTT-LTD-2914) (NTT-LTD-2914)
5 5	52.0.142.7 52.0.142.7	14618 (AMAZON-AES) (AMAZON-AES)
2 19	2603:c020:400... 2603:c020:400d:3000:7130:bb0b:d7e:bee2	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
3 4	38.91.45.7 38.91.45.7	398989 (DEEPINTENT) (DEEPINTENT)
4 4	50.31.142.95 50.31.142.95	23352 (SERVERCEN...) (SERVERCENTRAL)
2 3	23.205.77.247 23.205.77.247	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	18.235.68.39 18.235.68.39	14618 (AMAZON-AES) (AMAZON-AES)
3 3	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
1 1	199.187.193.197 199.187.193.197	47043 (SMARTADSE...) (SMARTADSERVER)
1 1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
3	52.207.206.215 52.207.206.215	14618 (AMAZON-AES) (AMAZON-AES)
6 6	2606:ae80:145... 2606:ae80:1451:14::1050	25751 (VALUECLICK) (VALUECLICK)
9 9	74.121.140.14 74.121.140.14	30419 (MEDIAMATH...) (MEDIAMATH-INC)
6	104.36.115.113 104.36.115.113	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 5	72.247.65.83 72.247.65.83	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	199.38.167.131 199.38.167.131	54312 (ROCKETFUEL) (ROCKETFUEL)
8 8	2606:ae80:147... 2606:ae80:1471:15::410	25751 (VALUECLICK) (VALUECLICK)
12 13	199.127.204.171 199.127.204.171	26120 (RHYTHMONE) (RHYTHMONE)
4 4	2620:112:f002... 2620:112:f002:bbbb::21	6336 (TURN-US-ASN) (TURN-US-ASN)
2	23.52.167.93 23.52.167.93	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	34.236.110.233 34.236.110.233	14618 (AMAZON-AES) (AMAZON-AES)
4 4	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
4 4	54.243.121.93 54.243.121.93	14618 (AMAZON-AES) (AMAZON-AES)
2 2	35.207.24.140 35.207.24.140	15169 (GOOGLE) (GOOGLE)
3 7	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2 2	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
1 1	2600:9000:23c... 2600:9000:23cb:9600:1b:6b7d:2300:93a1	16509 (AMAZON-02) (AMAZON-02)
1	108.139.47.49 108.139.47.49	16509 (AMAZON-02) (AMAZON-02)
17	34.117.239.71 34.117.239.71	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	104.126.118.203 104.126.118.203	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
39	104.126.118.201 104.126.118.201	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	23.46.156.171 23.46.156.171	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81c::2006	15169 (GOOGLE) (GOOGLE)
1 1	124.146.215.42 124.146.215.42	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
1 1	80.77.87.166 80.77.87.166	46636 (NATCOWEB) (NATCOWEB)
6	104.126.118.210 104.126.118.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2607:f8b0:400... 2607:f8b0:4006:816::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:807::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81f::2016	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80c::2001	15169 (GOOGLE) (GOOGLE)
2 94	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	67.220.224.150 67.220.224.150	16509 (AMAZON-02) (AMAZON-02)
2	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	51.222.39.184 51.222.39.184	16276 (OVH) (OVH)
1 1	2620:100:a001::c 2620:100:a001::c	19750 (AS-CRITEO) (AS-CRITEO)
10 10	52.86.55.103 52.86.55.103	14618 (AMAZON-AES) (AMAZON-AES)
1 2	162.210.196.208 162.210.196.208	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
1	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 1	199.187.193.179 199.187.193.179	47043 (SMARTADSE...) (SMARTADSERVER)
2 4	18.210.31.252 18.210.31.252	14618 (AMAZON-AES) (AMAZON-AES)
1 2	3.234.22.82 3.234.22.82	14618 (AMAZON-AES) (AMAZON-AES)
3 3	35.194.66.159 35.194.66.159	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5 6	162.248.18.34 162.248.18.34	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2600:1f18:296... 2600:1f18:2963:701:e440:4b18:a35c:e14d	14618 (AMAZON-AES) (AMAZON-AES)
1 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
5 5	207.198.113.204 207.198.113.204	13768 (COGECO-PEER1) (COGECO-PEER1)
3 6	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	107.178.254.65 107.178.254.65	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	52.206.122.60 52.206.122.60	14618 (AMAZON-AES) (AMAZON-AES)
1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	8.43.72.97 8.43.72.97	26667 (RUBICONPR...) (RUBICONPROJECT)
1	192.0.72.25 192.0.72.25	2635 (AUTOMATTIC) (AUTOMATTIC)
7	146.75.34.113 146.75.34.113	54113 (FASTLY) (FASTLY)
1 1	3.231.1.199 3.231.1.199	14618 (AMAZON-AES) (AMAZON-AES)
8 8	185.167.164.43 185.167.164.43	198622 (ADFORM) (ADFORM)
3 3	2620:116:800b... 2620:116:800b:21:c1e8:5385:5098:6bf0	14618 (AMAZON-AES) (AMAZON-AES)
7 7	18.211.94.188 18.211.94.188	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2620:112:f002... 2620:112:f002:bbbb::23	6336 (TURN-US-ASN) (TURN-US-ASN)
2 2	3.86.122.109 3.86.122.109	14618 (AMAZON-AES) (AMAZON-AES)
2	52.85.61.93 52.85.61.93	16509 (AMAZON-02) (AMAZON-02)
24	23.34.59.22 23.34.59.22	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	23.40.18.4 23.40.18.4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	23.34.59.7 23.34.59.7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	8.28.7.84 8.28.7.84	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	173.231.178.116 173.231.178.116	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2	35.170.255.253 35.170.255.253	14618 (AMAZON-AES) (AMAZON-AES)
2	44.196.123.162 44.196.123.162	14618 (AMAZON-AES) (AMAZON-AES)
2	54.171.218.252 54.171.218.252	16509 (AMAZON-02) (AMAZON-02)
2 2	2606:4700:20:... 2606:4700:20::ac43:4acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.208.79.250 34.208.79.250	16509 (AMAZON-02) (AMAZON-02)
1 1	34.102.253.54 34.102.253.54	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
52	23.204.152.15 23.204.152.15	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	23.40.18.5 23.40.18.5	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	35.214.223.115 35.214.223.115	15169 (GOOGLE) (GOOGLE)
2 4	54.172.82.93 54.172.82.93	14618 (AMAZON-AES) (AMAZON-AES)
2 2	69.90.254.78 69.90.254.78	13768 (COGECO-PEER1) (COGECO-PEER1)
1 3	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	34.102.163.6 34.102.163.6	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.172.237.109 54.172.237.109	14618 (AMAZON-AES) (AMAZON-AES)
1 1	139.162.117.143 139.162.117.143	63949 (AKAMAI-AP...) (AKAMAI-AP Akamai Technologies)
1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	104.45.178.220 104.45.178.220	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	23.88.86.2 23.88.86.2	24940 (HETZNER-AS) (HETZNER-AS)
1 2	44.193.60.178 44.193.60.178	14618 (AMAZON-AES) (AMAZON-AES)
3 4	35.172.92.2 35.172.92.2	14618 (AMAZON-AES) (AMAZON-AES)
1	195.5.165.20 195.5.165.20	44968 (IPROM-AS) (IPROM-AS)
2 2	23.5.227.42 23.5.227.42	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	50.57.31.206 50.57.31.206	19994 (RACKSPACE) (RACKSPACE)
2 2	35.201.96.126 35.201.96.126	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	162.248.18.10 162.248.18.10	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	141.94.171.215 141.94.171.215	16276 (OVH) (OVH)
2 2	34.229.3.43 34.229.3.43	14618 (AMAZON-AES) (AMAZON-AES)
1 2	2606:4700:10:... 2606:4700:10::6816:1957	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	64.227.64.62 64.227.64.62	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
9	104.126.118.216 104.126.118.216	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.38.73 146.75.38.73	54113 (FASTLY) (FASTLY)
2	23.46.156.17 23.46.156.17	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.126.118.241 104.126.118.241	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
889	104

17 192.0.78.193 (San Francisco, United States) 1 redirects

ASN2635 (AUTOMATTIC, US)

www.myreturnticket.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
myreturnticket.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.78.13 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

v0.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 23.204.152.11 (Edison, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-204-152-11.deploy.static.akamaitechnologies.com

www.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.126.118.225 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-118-225.deploy.static.akamaitechnologies.com

lf16-tiktok-web.ttwstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 44.213.52.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-213-52-212.compute-1.amazonaws.com

s.pubmine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 192.0.72.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

videos.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.78.25 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

videopress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4006:820::200e (Nutley, United States)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2606:2800:220:131d:1d30:1f1d:238b:1e56 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

182 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.38 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.pubmine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.166.1.10 (United States) 2 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 23.52.161.180 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-161-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.45.33.138 (Ashburn, United States) 8 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-33-138.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.187.193.177 (Canada) 1 redirects

ASN47043 (SMARTADSERVER, CA)

ssbsync-global.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.40.39.223 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 67.202.105.23 (Palos Park, United States) 23 redirects

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 67.202.105.34 (Palos Park, United States)

ASN32748 (STEADFAST, US)
PTR: ip34.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:21f:2cf1:7be6:911:71d9:25f7 (United States)

ASN15133 (EDGECAST, US)

ad-cdn.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.31 (Palos Park, United States) 1 redirects

ASN32748 (STEADFAST, US)
PTR: ip31.67-202-105.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.255.84.152 (France) 2 redirects

ASN200271 (IGUANE-, FR)

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.127.253.7 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.95.33.111 (Germany) 2 redirects

ASN16276 (OVH, FR)
PTR: ns3203177.ip-141-95-33.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 35.211.178.172 (North Charleston, United States) 29 redirects

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2209:ec00:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.223.50.249 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-223-50-249.compute-1.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.3.115.102 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-3-115-102.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 23.195.100.26 (Edison, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-195-100-26.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 35.244.159.8 (Kansas City, United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.195.101.76 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-195-101-76.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.90.30 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 69.173.151.100 (United States) 8 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 52.223.22.214 (United States) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 68.67.179.113 (North Bergen, United States) 7 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:816::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.0.78.23 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.66.49 (United States) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1f18:4e9:5a02:460b:2b68:c137:43d7 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.46.143.56 (Ashburn, United States) 3 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 35.71.131.137 (United States) 13 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 142.250.72.98 (United States) 18 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.178.10 (North Bergen, United States) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 3.213.224.199 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-224-199.compute-1.amazonaws.com

usersync.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.211.233.246 (North Charleston, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 246.233.211.35.bc.googleusercontent.com

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 38.133.127.63 (United States) 3 redirects

ASN22075 (AS-OUTBRAIN, US)

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 8.28.7.82 (United States) 12 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 44.208.144.209 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-144-209.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

53 8.28.7.83 (United States) 20 redirects

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 204.2.255.233 (Beaverton, United States) 2 redirects

ASN2914 (NTT-LTD-2914, US)

pmp.mxptint.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.0.142.7 (Ashburn, United States) 5 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-142-7.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2603:c020:400d:3000:7130:bb0b:d7e:bee2 (Ashburn, United States) 2 redirects

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
uat-net.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 38.91.45.7 (United States) 3 redirects

ASN398989 (DEEPINTENT, US)

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 50.31.142.95 (Itasca, United States) 4 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.205.77.247 (Edison, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-77-247.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.235.68.39 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-68-39.compute-1.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.148.27.139 (New York, United States) 3 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.187.193.197 (Canada) 1 redirects

ASN47043 (SMARTADSERVER, CA)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States) 1 redirects

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.207.206.215 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-206-215.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:ae80:1451:14::1050 (United States) 6 redirects

ASN25751 (VALUECLICK, US)

casale-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
33across-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 74.121.140.14 (Reston, United States) 9 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.36.115.113 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 72.247.65.83 (New York, United States) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-65-83.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.38.167.131 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:ae80:1471:15::410 (United States) 8 redirects

ASN25751 (VALUECLICK, US)

medianet-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
synacor-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 199.127.204.171 (United States) 12 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:112:f002:bbbb::21 (United States) 4 redirects

ASN6336 (TURN-US-ASN, US)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.52.167.93 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-167-93.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.236.110.233 (Ashburn, United States) 4 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-110-233.compute-1.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.119.119.150 (United States) 4 redirects

ASN19750 (AS-CRITEO, US)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.243.121.93 (Ashburn, United States) 4 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-121-93.compute-1.amazonaws.com

t.pswec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.207.24.140 (North Charleston, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.190.60.146 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:8eee:: (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:23cb:9600:1b:6b7d:2300:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.139.47.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-47-49.jfk50.r.cloudfront.net

sync1.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 34.117.239.71 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 71.239.117.34.bc.googleusercontent.com

events-ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms-xch-chicago.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.126.118.203 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-118-203.deploy.static.akamaitechnologies.com

sf16-secsdk.ttwstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 104.126.118.201 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-118-201.deploy.static.akamaitechnologies.com

sf16-website-login.neutral.ttwstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.46.156.171 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-46-156-171.deploy.static.akamaitechnologies.com

p16-sign-va.tiktokcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80b::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::2006 (Nutley, United States)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.42 (Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.77.87.166 (Clifton, United States) 1 redirects

ASN46636 (NATCOWEB, US)

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.126.118.210 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-118-210.deploy.static.akamaitechnologies.com

sf16-short-va.bytedapm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:816::200a (Nutley, United States)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:807::2004 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::2016 (Nutley, United States)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80c::2001 (Nutley, United States)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

94 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States) 2 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.220.224.150 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.222.39.184 (Canada)

ASN16276 (OVH, FR)
PTR: ip184.ip-51-222-39.net

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a001::c (United States) 1 redirects

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.86.55.103 (Ashburn, United States) 10 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-55-103.compute-1.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.210.196.208 (Elkridge, United States) 1 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

sync.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.187.193.179 (Canada) 1 redirects

ASN47043 (SMARTADSERVER, CA)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.210.31.252 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-31-252.compute-1.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.234.22.82 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-234-22-82.compute-1.amazonaws.com

thrtle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.194.66.159 (Washington, United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 159.66.194.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.248.18.34 (United States) 5 redirects

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:2963:701:e440:4b18:a35c:e14d (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 207.198.113.204 (Herndon, United States) 5 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.111.113.62 (Kansas City, United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.206.122.60 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-122-60.compute-1.amazonaws.com

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.43.72.97 (United States) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.72.25 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

wordadsmediafiles.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 146.75.34.113 (Ashburn, United States)

ASN54113 (FASTLY, US)

v19-web-newkey.tiktokcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.231.1.199 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-231-1-199.compute-1.amazonaws.com

i.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.167.164.43 (Denmark) 8 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800b:21:c1e8:5385:5098:6bf0 (United States) 3 redirects

ASN14618 (AMAZON-AES, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.211.94.188 (Ashburn, United States) 7 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-94-188.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:112:f002:bbbb::23 (United States) 1 redirects

ASN6336 (TURN-US-ASN, US)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.86.122.109 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-86-122-109.compute-1.amazonaws.com

mid.rkdms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.61.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-93.ewr53.r.cloudfront.net

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 23.34.59.22 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-34-59-22.deploy.static.akamaitechnologies.com

mcs-va.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.40.18.4 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-40-18-4.deploy.static.akamaitechnologies.com

mssdk-va.byteoversea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.34.59.7 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-34-59-7.deploy.static.akamaitechnologies.com

vmweb-va.byteoversea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 8.28.7.84 (United States)

ASN62713 (AS-PUBMATIC, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 173.231.178.116 (United States) 4 redirects

ASN32475 (SINGLEHOP-LLC, US)
PTR: lga-delivery-8.sys.adgear.com

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.170.255.253 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-170-255-253.compute-1.amazonaws.com

crb.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.196.123.162 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-196-123-162.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.218.252 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-218-252.eu-west-1.compute.amazonaws.com

synchroscript.deliveryengine.adswizz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4acf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

a.clickcertain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.208.79.250 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-208-79-250.us-west-2.compute.amazonaws.com

a.usbrowserspeed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.253.54 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 54.253.102.34.bc.googleusercontent.com

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 23.204.152.15 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-204-152-15.deploy.static.akamaitechnologies.com

mon-va.byteoversea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.40.18.5 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-40-18-5.deploy.static.akamaitechnologies.com

mssdk-va.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.214.223.115 (Groningen, Netherlands) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 115.223.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.172.82.93 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-82-93.compute-1.amazonaws.com

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.90.254.78 (Herndon, United States) 2 redirects

ASN13768 (COGECO-PEER1, CA)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.102.163.6 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 6.163.102.34.bc.googleusercontent.com

ad.mrtnsvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.172.237.109 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-237-109.compute-1.amazonaws.com

bpi.rtactivate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.162.117.143 (Tokyo, Japan) 1 redirects

ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG)
PTR: li1601-143.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ipac.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.45.178.220 (Marietta, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

mweb.ck.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.88.86.2 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.2.86.88.23.clients.your-server.de

matching.truffle.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.193.60.178 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-193-60-178.compute-1.amazonaws.com

io.narrative.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.172.92.2 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-92-2.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)

core.iprom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.5.227.42 (Secaucus, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-5-227-42.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.57.31.206 (United States) 1 redirects

ASN19994 (RACKSPACE, US)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 126.96.201.35.bc.googleusercontent.com

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.248.18.10 (United States)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 141.94.171.215 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: pikafka-eu-9.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.229.3.43 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-229-3-43.compute-1.amazonaws.com

loada.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:1957 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.227.64.62 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.126.118.216 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-118-216.deploy.static.akamaitechnologies.com

lf16-tiktok-common.ttwstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.38.73 (Reston, United States)

ASN54113 (FASTLY, US)

p19-sign.tiktokcdn-us.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.46.156.17 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-46-156-17.deploy.static.akamaitechnologies.com

p16-sign.tiktokcdn-us.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.126.118.241 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-118-241.deploy.static.akamaitechnologies.com

v16-web-newkey.tiktokcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
180	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 778	12 MB
95	pubmatic.com 37 redirects ads.pubmatic.com — Cisco Umbrella Rank: 457 image8.pubmatic.com — Cisco Umbrella Rank: 623 simage2.pubmatic.com — Cisco Umbrella Rank: 676 image6.pubmatic.com — Cisco Umbrella Rank: 717 image2.pubmatic.com — Cisco Umbrella Rank: 852 image4.pubmatic.com — Cisco Umbrella Rank: 921 simage4.pubmatic.com — Cisco Umbrella Rank: 1177 aud.pubmatic.com — Cisco Umbrella Rank: 4566	85 KB
94	facebook.com 2 redirects www.facebook.com — Cisco Umbrella Rank: 108	1 MB
61	byteoversea.com mssdk-va.byteoversea.com — Cisco Umbrella Rank: 31213 vmweb-va.byteoversea.com — Cisco Umbrella Rank: 19000 mon-va.byteoversea.com — Cisco Umbrella Rank: 5953	29 KB
54	ttwstatic.com lf16-tiktok-web.ttwstatic.com — Cisco Umbrella Rank: 8792 sf16-secsdk.ttwstatic.com — Cisco Umbrella Rank: 37347 sf16-website-login.neutral.ttwstatic.com — Cisco Umbrella Rank: 7665 lf16-tiktok-common.ttwstatic.com — Cisco Umbrella Rank: 7917	3 MB
40	33across.com 23 redirects ssc-cms.33across.com — Cisco Umbrella Rank: 888 events-ssc.33across.com — Cisco Umbrella Rank: 2157 pixel.33across.com — Cisco Umbrella Rank: 4620 cms-xch-chicago.33across.com — Cisco Umbrella Rank: 5831	15 KB
37	twitter.com platform.twitter.com — Cisco Umbrella Rank: 771 syndication.twitter.com — Cisco Umbrella Rank: 1148	551 KB
37	tiktok.com 1 redirects www.tiktok.com — Cisco Umbrella Rank: 2216 mcs-va.tiktok.com — Cisco Umbrella Rank: 17275 mssdk-va.tiktok.com — Cisco Umbrella Rank: 18947	121 KB
34	wordpress.com v0.wordpress.com — Cisco Umbrella Rank: 6621 videos.files.wordpress.com — Cisco Umbrella Rank: 92262 public-api.wordpress.com — Cisco Umbrella Rank: 8276 wordadsmediafiles.files.wordpress.com — Cisco Umbrella Rank: 41304	4 MB
32	bidswitch.net 29 redirects x.bidswitch.net — Cisco Umbrella Rank: 285	16 KB
30	rubiconproject.com 15 redirects eus.rubiconproject.com — Cisco Umbrella Rank: 526 pixel.rubiconproject.com — Cisco Umbrella Rank: 317 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 939 token.rubiconproject.com — Cisco Umbrella Rank: 531 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 949	75 KB
28	pubmine.com s.pubmine.com — Cisco Umbrella Rank: 11188 c0.pubmine.com — Cisco Umbrella Rank: 30598	74 KB
27	openx.net 6 redirects u.openx.net — Cisco Umbrella Rank: 609 us-u.openx.net — Cisco Umbrella Rank: 420 rtb.openx.net — Cisco Umbrella Rank: 1462 eu-u.openx.net — Cisco Umbrella Rank: 2280	4 KB
25	doubleclick.net 18 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 210 googleads.g.doubleclick.net — Cisco Umbrella Rank: 32 static.doubleclick.net — Cisco Umbrella Rank: 241	4 KB
25	wp.com fonts-api.wp.com — Cisco Umbrella Rank: 14476 i0.wp.com — Cisco Umbrella Rank: 3012 s0.wp.com — Cisco Umbrella Rank: 6682 stats.wp.com — Cisco Umbrella Rank: 2695 fonts.wp.com — Cisco Umbrella Rank: 14973 widgets.wp.com — Cisco Umbrella Rank: 10617 pixel.wp.com — Cisco Umbrella Rank: 2474	502 KB
21	gumgum.com 1 redirects rtb.gumgum.com — Cisco Umbrella Rank: 1658 usersync.gumgum.com — Cisco Umbrella Rank: 1829	7 KB
20	technoratimedia.com 2 redirects ad-cdn.technoratimedia.com — Cisco Umbrella Rank: 3421 sync.technoratimedia.com — Cisco Umbrella Rank: 1308 uat-net.technoratimedia.com — Cisco Umbrella Rank: 2947	18 KB
18	media.net 2 redirects contextual.media.net — Cisco Umbrella Rank: 591 cs.media.net — Cisco Umbrella Rank: 1370	22 KB
17	myreturnticket.ca 1 redirects www.myreturnticket.ca myreturnticket.ca	424 KB
15	tiktokcdn.com p16-sign-va.tiktokcdn.com — Cisco Umbrella Rank: 1140 v19-web-newkey.tiktokcdn.com — Cisco Umbrella Rank: 30804 v16-web-newkey.tiktokcdn.com — Cisco Umbrella Rank: 31495	4 MB
14	dotomi.com 14 redirects casale-match.dotomi.com — Cisco Umbrella Rank: 2579 medianet-match.dotomi.com — Cisco Umbrella Rank: 9037 33across-match.dotomi.com — Cisco Umbrella Rank: 3243 synacor-match.dotomi.com — Cisco Umbrella Rank: 7491 pubmatic-match.dotomi.com — Cisco Umbrella Rank: 2902	5 KB
14	3lift.com 6 redirects eb2.3lift.com — Cisco Umbrella Rank: 354	6 KB
14	yahoo.com 11 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 271 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 439	6 KB
13	adsrvr.org 13 redirects match.adsrvr.org — Cisco Umbrella Rank: 295	7 KB
12	adnxs.com 10 redirects acdn.adnxs.com — Cisco Umbrella Rank: 527 ib.adnxs.com — Cisco Umbrella Rank: 214 secure.adnxs.com — Cisco Umbrella Rank: 381	12 KB
12	casalemedia.com 4 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 425 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 524 dsum.casalemedia.com — Cisco Umbrella Rank: 1223	10 KB
10	bidr.io 10 redirects match.prod.bidr.io — Cisco Umbrella Rank: 516	5 KB
10	youtube.com www.youtube.com — Cisco Umbrella Rank: 82	842 KB
9	1rx.io 9 redirects sync.1rx.io — Cisco Umbrella Rank: 497	7 KB
9	mathtag.com 9 redirects sync.mathtag.com — Cisco Umbrella Rank: 460	5 KB
9	amazon-adsystem.com 3 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 269 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 959	6 KB
8	adform.net 8 redirects c1.adform.net — Cisco Umbrella Rank: 590 dmp.adform.net — Cisco Umbrella Rank: 3607	5 KB
8	outbrain.com 3 redirects sync.outbrain.com — Cisco Umbrella Rank: 756	2 KB
7	liadm.com 7 redirects i.liadm.com — Cisco Umbrella Rank: 568	4 KB
7	rlcdn.com 3 redirects id.rlcdn.com — Cisco Umbrella Rank: 613 idsync.rlcdn.com — Cisco Umbrella Rank: 347	1 KB
7	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 1806	17 KB
6	tapad.com 3 redirects pixel.tapad.com — Cisco Umbrella Rank: 414	1 KB
6	bytedapm.com sf16-short-va.bytedapm.com — Cisco Umbrella Rank: 14658	73 KB
5	sitescout.com 5 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 608	3 KB
5	criteo.com 5 redirects dis.criteo.com — Cisco Umbrella Rank: 688 gum.criteo.com — Cisco Umbrella Rank: 386	2 KB
5	w55c.net 5 redirects pm.w55c.net — Cisco Umbrella Rank: 729 i.w55c.net — Cisco Umbrella Rank: 1976	4 KB
5	turn.com 5 redirects ad.turn.com — Cisco Umbrella Rank: 770 d.turn.com — Cisco Umbrella Rank: 1194	2 KB
5	stackadapt.com 5 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 635	2 KB
4	audrte.com 3 redirects a.audrte.com — Cisco Umbrella Rank: 2544	3 KB
4	cognitivlabs.com 2 redirects beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1313	2 KB
4	adgrx.com 4 redirects cm.adgrx.com — Cisco Umbrella Rank: 1321	2 KB
4	crwdcntrl.net 2 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 785 bcp.crwdcntrl.net — Cisco Umbrella Rank: 910	1 KB
4	googleapis.com jnn-pa.googleapis.com — Cisco Umbrella Rank: 215	30 KB
4	pswec.com 4 redirects t.pswec.com — Cisco Umbrella Rank: 3561	3 KB
4	unrulymedia.com 3 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1068	2 KB
4	zemanta.com 4 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 530	3 KB
4	deepintent.com 3 redirects match.deepintent.com — Cisco Umbrella Rank: 846	1 KB
4	mxptint.net 2 redirects pmp.mxptint.net — Cisco Umbrella Rank: 4348	2 KB
4	everesttech.net 3 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 595	1020 B
4	gstatic.com fonts.gstatic.com www.gstatic.com	48 KB
4	tynt.com 1 redirects de.tynt.com — Cisco Umbrella Rank: 1615 ic.tynt.com — Cisco Umbrella Rank: 6466	10 KB
3	tiktokcdn-us.com p16-sign.tiktokcdn-us.com — Cisco Umbrella Rank: 1264 Failed p19-sign.tiktokcdn-us.com — Cisco Umbrella Rank: 1492	119 KB
3	onaudience.com 3 redirects pixel.onaudience.com — Cisco Umbrella Rank: 2330	1 KB
3	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 752 s.tribalfusion.com — Cisco Umbrella Rank: 1848	1 KB
3	quantserve.com 3 redirects cms.quantserve.com — Cisco Umbrella Rank: 649	1 KB
3	avct.cloud 3 redirects ads.avct.cloud — Cisco Umbrella Rank: 3882	2 KB
3	simpli.fi 3 redirects um.simpli.fi — Cisco Umbrella Rank: 736	2 KB
3	adentifi.com rtb.adentifi.com — Cisco Umbrella Rank: 1076	103 B
3	contextweb.com 3 redirects bh.contextweb.com — Cisco Umbrella Rank: 547	3 KB
3	360yield.com 3 redirects ad.360yield.com — Cisco Umbrella Rank: 675	836 B
3	bluekai.com 2 redirects stags.bluekai.com — Cisco Umbrella Rank: 487	2 KB
3	ipredictive.com 3 redirects sync.ipredictive.com — Cisco Umbrella Rank: 836	1 KB
3	sportradarserving.com 3 redirects a.sportradarserving.com — Cisco Umbrella Rank: 2219	1 KB
3	smartadserver.com 3 redirects ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1844 ssbsync.smartadserver.com — Cisco Umbrella Rank: 743 rtb-csync.smartadserver.com — Cisco Umbrella Rank: 582	1 KB
3	sonobi.com 2 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 823	5 KB
2	zeotap.com 1 redirects spl.zeotap.com — Cisco Umbrella Rank: 2875 mwzeom.zeotap.com — Cisco Umbrella Rank: 2562	838 B
2	exelator.com 2 redirects loada.exelator.com — Cisco Umbrella Rank: 24714	2 KB
2	fiftyt.com 2 redirects visitor.fiftyt.com — Cisco Umbrella Rank: 4065	1 KB
2	semasio.net 1 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1182	1 KB
2	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 1359	1 KB
2	narrative.io 1 redirects io.narrative.io — Cisco Umbrella Rank: 3409	643 B
2	mrtnsvr.com 2 redirects ad.mrtnsvr.com — Cisco Umbrella Rank: 2155	334 B
2	acuityplatform.com 2 redirects ums.acuityplatform.com — Cisco Umbrella Rank: 1303	1 KB
2	loopme.me 2 redirects csync.loopme.me — Cisco Umbrella Rank: 857	420 B
2	clickcertain.com 2 redirects a.clickcertain.com — Cisco Umbrella Rank: 3411	1 KB
2	adswizz.com synchroscript.deliveryengine.adswizz.com — Cisco Umbrella Rank: 3024	794 B
2	bfmio.com sync.bfmio.com — Cisco Umbrella Rank: 1684	850 B
2	kargo.com crb.kargo.com — Cisco Umbrella Rank: 1782	1008 B
2	agkn.com aa.agkn.com — Cisco Umbrella Rank: 472	1 KB
2	rkdms.com 2 redirects mid.rkdms.com — Cisco Umbrella Rank: 1139	1 KB
2	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 684	882 B
2	thrtle.com 1 redirects thrtle.com — Cisco Umbrella Rank: 1347	681 B
2	aralego.com 1 redirects sync.aralego.com — Cisco Umbrella Rank: 3523	592 B
2	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 333	659 B
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 538	701 B
2	intentiq.com 1 redirects sync.intentiq.com — Cisco Umbrella Rank: 1226 sync1.intentiq.com — Cisco Umbrella Rank: 3490	2 KB
2	pro-market.net 2 redirects fei.pro-market.net — Cisco Umbrella Rank: 2114	853 B
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com — Cisco Umbrella Rank: 885	830 B
2	rfihub.com 2 redirects p.rfihub.com — Cisco Umbrella Rank: 776	1 KB
2	admedo.com 2 redirects pool.admedo.com — Cisco Umbrella Rank: 4704	752 B
2	id5-sync.com 2 redirects id5-sync.com — Cisco Umbrella Rank: 408	3 KB
2	inmobi.com 2 redirects sync.inmobi.com — Cisco Umbrella Rank: 1589 mweb.ck.inmobi.com — Cisco Umbrella Rank: 3231	1 KB
2	omnitagjs.com 2 redirects visitor.omnitagjs.com — Cisco Umbrella Rank: 788	678 B
2	w.org s.w.org — Cisco Umbrella Rank: 1595	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 147	89 KB
2	videopress.com videopress.com — Cisco Umbrella Rank: 164221	5 KB
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2121	555 B
1	iprom.net core.iprom.net — Cisco Umbrella Rank: 5409	281 B
1	truffle.bid matching.truffle.bid — Cisco Umbrella Rank: 5839
1	ctnsnet.com ipac.ctnsnet.com — Cisco Umbrella Rank: 5090	369 B
1	appier.net 1 redirects gocm.c.appier.net — Cisco Umbrella Rank: 2183	395 B
1	rtactivate.com bpi.rtactivate.com — Cisco Umbrella Rank: 1417	109 B
1	playground.xyz 1 redirects ads.playground.xyz — Cisco Umbrella Rank: 3530	463 B
1	usbrowserspeed.com 1 redirects a.usbrowserspeed.com — Cisco Umbrella Rank: 6226	237 B
1	bing.com c.bing.com — Cisco Umbrella Rank: 240	668 B
1	linksynergy.com 1 redirects tags.rd.linksynergy.com — Cisco Umbrella Rank: 4364	391 B
1	clickagy.com 1 redirects aorta.clickagy.com — Cisco Umbrella Rank: 1841	435 B
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 934	231 B
1	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 706	815 B
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 226	3 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 102	35 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	15 KB
1	admanmedia.com 1 redirects cs.admanmedia.com — Cisco Umbrella Rank: 951	660 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 961	830 B
1	bttrack.com 1 redirects bttrack.com — Cisco Umbrella Rank: 730	352 B
1	mookie1.com 1 redirects odr.mookie1.com — Cisco Umbrella Rank: 1156	643 B
1	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1230	316 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 708	598 B
889	123

	Domain	Requested by
180	static.xx.fbcdn.net	www.facebook.com
94	www.facebook.com	2 redirects connect.facebook.net
52	mon-va.byteoversea.com	sf16-secsdk.ttwstatic.com
40	simage2.pubmatic.com	15 redirects ads.pubmatic.com myreturnticket.ca rtb.gumgum.com de.tynt.com
39	sf16-website-login.neutral.ttwstatic.com	www.tiktok.com sf16-website-login.neutral.ttwstatic.com sf16-secsdk.ttwstatic.com myreturnticket.ca
33	platform.twitter.com	myreturnticket.ca platform.twitter.com
32	x.bidswitch.net	29 redirects c0.pubmine.com us-u.openx.net myreturnticket.ca
27	s.pubmine.com	myreturnticket.ca c0.pubmine.com rtb.gumgum.com ssum-sec.casalemedia.com de.tynt.com ads.pubmatic.com
25	videos.files.wordpress.com	myreturnticket.ca v0.wordpress.com
24	mcs-va.tiktok.com	sf16-secsdk.ttwstatic.com sf16-website-login.neutral.ttwstatic.com
23	cm.g.doubleclick.net	18 redirects u.openx.net rtb.gumgum.com eus.rubiconproject.com eb2.3lift.com
22	us-u.openx.net	4 redirects u.openx.net ad-cdn.technoratimedia.com us-u.openx.net de.tynt.com myreturnticket.ca ads.pubmatic.com
22	ssc-cms.33across.com	22 redirects
20	usersync.gumgum.com	1 redirects rtb.gumgum.com eus.rubiconproject.com ads.pubmatic.com
16	events-ssc.33across.com	de.tynt.com eus.rubiconproject.com us-u.openx.net ads.pubmatic.com
16	image8.pubmatic.com	12 redirects ads.pubmatic.com
16	contextual.media.net	2 redirects c0.pubmine.com contextual.media.net eus.rubiconproject.com
16	myreturnticket.ca	myreturnticket.ca
14	sync.technoratimedia.com	2 redirects contextual.media.net ad-cdn.technoratimedia.com myreturnticket.ca us-u.openx.net eb2.3lift.com de.tynt.com ads.pubmatic.com
14	eb2.3lift.com	6 redirects ad-cdn.technoratimedia.com ads.pubmatic.com eb2.3lift.com
13	image2.pubmatic.com	5 redirects ads.pubmatic.com myreturnticket.ca
13	match.adsrvr.org	13 redirects
12	eus.rubiconproject.com	c0.pubmine.com eus.rubiconproject.com contextual.media.net de.tynt.com ad-cdn.technoratimedia.com rtb.gumgum.com
10	match.prod.bidr.io	10 redirects
10	www.youtube.com	myreturnticket.ca www.youtube.com
9	lf16-tiktok-common.ttwstatic.com	myreturnticket.ca
9	sync.1rx.io	9 redirects
9	sync.mathtag.com	9 redirects
9	ups.analytics.yahoo.com	8 redirects us-u.openx.net
8	sync.outbrain.com	3 redirects ads.pubmatic.com
8	s.amazon-adsystem.com	3 redirects u.openx.net ssum-sec.casalemedia.com eus.rubiconproject.com ads.pubmatic.com eb2.3lift.com
7	i.liadm.com	7 redirects
7	c1.adform.net	7 redirects
7	v19-web-newkey.tiktokcdn.com	www.tiktok.com myreturnticket.ca
7	ib.adnxs.com	7 redirects
7	pixel.rubiconproject.com	4 redirects eus.rubiconproject.com
7	ads.pubmatic.com	c0.pubmine.com rtb.gumgum.com ad-cdn.technoratimedia.com ads.pubmatic.com de.tynt.com
7	secure.gravatar.com	myreturnticket.ca secure.gravatar.com
7	www.tiktok.com	1 redirects lf16-tiktok-web.ttwstatic.com sf16-secsdk.ttwstatic.com
7	i0.wp.com	myreturnticket.ca
6	mssdk-va.tiktok.com	sf16-secsdk.ttwstatic.com
6	simage4.pubmatic.com	ads.pubmatic.com
6	vmweb-va.byteoversea.com	sf16-secsdk.ttwstatic.com
6	pixel.tapad.com	3 redirects us-u.openx.net rtb.gumgum.com myreturnticket.ca
6	image4.pubmatic.com	5 redirects ads.pubmatic.com
6	sf16-short-va.bytedapm.com	www.tiktok.com sf16-short-va.bytedapm.com
6	p16-sign-va.tiktokcdn.com	www.tiktok.com myreturnticket.ca
6	image6.pubmatic.com	ads.pubmatic.com
6	ssum-sec.casalemedia.com	3 redirects c0.pubmine.com ssum-sec.casalemedia.com rtb.gumgum.com
5	pixel-sync.sitescout.com	5 redirects
5	uat-net.technoratimedia.com	myreturnticket.ca eus.rubiconproject.com
5	secure-assets.rubiconproject.com	5 redirects
5	sync.srv.stackadapt.com	5 redirects
5	pr-bh.ybp.yahoo.com	3 redirects u.openx.net ads.pubmatic.com
5	public-api.wordpress.com	s0.wp.com v0.wordpress.com
5	fonts.wp.com	fonts-api.wp.com
4	a.audrte.com	3 redirects myreturnticket.ca
4	beacon.lynx.cognitivlabs.com	2 redirects ads.pubmatic.com
4	pubmatic-match.dotomi.com	4 redirects
4	cm.adgrx.com	4 redirects
4	token.rubiconproject.com	4 redirects
4	jnn-pa.googleapis.com	www.youtube.com
4	33across-match.dotomi.com	4 redirects
4	id.rlcdn.com	2 redirects contextual.media.net us-u.openx.net
4	t.pswec.com	4 redirects
4	dis.criteo.com	4 redirects
4	pm.w55c.net	4 redirects
4	sync.targeting.unrulymedia.com	3 redirects myreturnticket.ca
4	ad.turn.com	4 redirects
4	b1sync.zemanta.com	4 redirects
4	match.deepintent.com	3 redirects rtb.gumgum.com
4	pmp.mxptint.net	2 redirects rtb.gumgum.com
4	secure.adnxs.com	3 redirects acdn.adnxs.com
4	sync-tm.everesttech.net	3 redirects ads.pubmatic.com
4	syndication.twitter.com	platform.twitter.com myreturnticket.ca
4	pixel.wp.com	myreturnticket.ca
4	s0.wp.com	myreturnticket.ca widgets.wp.com public-api.wordpress.com
3	pixel.onaudience.com	3 redirects
3	mssdk-va.byteoversea.com	sf16-secsdk.ttwstatic.com
3	cms.quantserve.com	3 redirects
3	ads.avct.cloud	3 redirects
3	idsync.rlcdn.com	1 redirects us-u.openx.net rtb.gumgum.com
3	um.simpli.fi	3 redirects
3	sync.crwdcntrl.net	2 redirects ads.pubmatic.com
3	sf16-secsdk.ttwstatic.com	www.tiktok.com
3	rtb.adentifi.com	ssum-sec.casalemedia.com myreturnticket.ca ads.pubmatic.com
3	dsum.casalemedia.com	ssum-sec.casalemedia.com
3	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
3	bh.contextweb.com	3 redirects
3	ad.360yield.com	3 redirects
3	stags.bluekai.com	2 redirects us-u.openx.net
3	sync.ipredictive.com	3 redirects
3	a.sportradarserving.com	3 redirects
3	de.tynt.com	c0.pubmine.com ad-cdn.technoratimedia.com
3	sync.go.sonobi.com	2 redirects c0.pubmine.com
3	lf16-tiktok-web.ttwstatic.com	myreturnticket.ca www.tiktok.com
3	v0.wordpress.com	myreturnticket.ca videopress.com
3	fonts-api.wp.com	myreturnticket.ca
2	v16-web-newkey.tiktokcdn.com	myreturnticket.ca
2	p16-sign.tiktokcdn-us.com	myreturnticket.ca sf16-website-login.neutral.ttwstatic.com
2	loada.exelator.com	2 redirects
2	visitor.fiftyt.com	2 redirects
2	uipglob.semasio.net	1 redirects de.tynt.com
2	px.owneriq.net	2 redirects
2	io.narrative.io	1 redirects myreturnticket.ca
2	ad.mrtnsvr.com	2 redirects
2	a.tribalfusion.com	1 redirects ads.pubmatic.com
2	ums.acuityplatform.com	2 redirects
2	csync.loopme.me	2 redirects
2	a.clickcertain.com	2 redirects
2	synchroscript.deliveryengine.adswizz.com	myreturnticket.ca ads.pubmatic.com
2	sync.bfmio.com	myreturnticket.ca ads.pubmatic.com
2	crb.kargo.com	myreturnticket.ca ads.pubmatic.com
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	aa.agkn.com	us-u.openx.net de.tynt.com
2	mid.rkdms.com	2 redirects
2	pixel-us-east.rubiconproject.com	2 redirects
2	pippio.com	2 redirects
2	rtb.openx.net	1 redirects us-u.openx.net
2	thrtle.com	1 redirects ads.pubmatic.com
2	synacor-match.dotomi.com	2 redirects
2	sync.aralego.com	1 redirects myreturnticket.ca
2	px.ads.linkedin.com	eus.rubiconproject.com eb2.3lift.com
2	creativecdn.com	2 redirects
2	fei.pro-market.net	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	cs.media.net	contextual.media.net
2	medianet-match.dotomi.com	2 redirects
2	p.rfihub.com	2 redirects
2	casale-match.dotomi.com	2 redirects
2	fonts.gstatic.com	www.youtube.com
2	pool.admedo.com	2 redirects
2	u.openx.net	1 redirects c0.pubmine.com
2	id5-sync.com	2 redirects
2	visitor.omnitagjs.com	2 redirects
2	s.w.org	myreturnticket.ca
2	connect.facebook.net	myreturnticket.ca connect.facebook.net
2	videopress.com	myreturnticket.ca
1	p19-sign.tiktokcdn-us.com	myreturnticket.ca
1	match.adsby.bidtheatre.com	1 redirects
1	mwzeom.zeotap.com	de.tynt.com
1	spl.zeotap.com	1 redirects
1	aud.pubmatic.com	de.tynt.com
1	core.iprom.net	ads.pubmatic.com
1	dmp.adform.net	1 redirects
1	matching.truffle.bid	ads.pubmatic.com
1	mweb.ck.inmobi.com	1 redirects
1	ipac.ctnsnet.com	ads.pubmatic.com
1	gocm.c.appier.net	1 redirects
1	bpi.rtactivate.com	rtb.gumgum.com
1	bcp.crwdcntrl.net	rtb.gumgum.com
1	s.tribalfusion.com	ads.pubmatic.com
1	ads.playground.xyz	1 redirects
1	a.usbrowserspeed.com	1 redirects
1	d.turn.com	1 redirects
1	eu-u.openx.net	us-u.openx.net
1	i.w55c.net	1 redirects
1	cms-xch-chicago.33across.com	de.tynt.com
1	wordadsmediafiles.files.wordpress.com	myreturnticket.ca
1	c.bing.com	eb2.3lift.com
1	tags.rd.linksynergy.com	1 redirects
1	aorta.clickagy.com	1 redirects
1	rtb-csync.smartadserver.com	1 redirects
1	sync.taboola.com	myreturnticket.ca
1	gum.criteo.com	1 redirects
1	onetag-sys.com	ad-cdn.technoratimedia.com
1	pixel.33across.com	1 redirects
1	aax-eu.amazon-adsystem.com	eus.rubiconproject.com
1	yt3.ggpht.com	www.youtube.com
1	i.ytimg.com	www.youtube.com
1	www.google.com	www.youtube.com
1	cs.admanmedia.com	1 redirects
1	tg.socdm.com	1 redirects
1	static.doubleclick.net	www.youtube.com
1	googleads.g.doubleclick.net	www.youtube.com
1	sync1.intentiq.com	contextual.media.net
1	sync.intentiq.com	1 redirects
1	bttrack.com	1 redirects
1	ssbsync.smartadserver.com	1 redirects
1	odr.mookie1.com	1 redirects
1	sync.teads.tv	c0.pubmine.com
1	acdn.adnxs.com	c0.pubmine.com
1	rtb.gumgum.com	c0.pubmine.com
1	s.ad.smaato.net	1 redirects
1	sync.inmobi.com	1 redirects
1	ic.tynt.com	1 redirects
1	ad-cdn.technoratimedia.com	c0.pubmine.com
1	ssbsync-global.smartadserver.com	1 redirects
1	c0.pubmine.com	myreturnticket.ca
1	widgets.wp.com	myreturnticket.ca
1	stats.wp.com	myreturnticket.ca
1	www.myreturnticket.ca	1 redirects
889	192

This site contains links to these domains. Also see Links.

Domain
district1881.com
www.instagram.com
www.bucketfeet.store
www.airbnb.com
www.aircanada.com
www.youtube.com
www.portobay.com
www.expedia.ca
www.barelbaratillo.com
www.tiktok.com
www.airalo.com
parkimeter.com
www.hyatt.com
www.heathrow.com
www.facebook.com
twitter.com
www.pinterest.com
myreturnticket.wordpress.com
kmack2016.wordpress.com
akismet.com
wordpress.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2023-03-16` - `2023-06-14`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
s.pubmine.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-06` - `2023-10-06`	a year	crt.sh
*.files.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.videopress.com Sectigo ECC Domain Validation Secure Server CA	`2023-02-10` - `2024-03-12`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-02-20` - `2023-05-15`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-23`	2 months	crt.sh
c0.pubmine.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-23` - `2023-04-23`	a year	crt.sh
*.w.org Sectigo ECC Domain Validation Secure Server CA	`2022-12-06` - `2024-01-06`	a year	crt.sh
*.ttwstatic.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-11` - `2023-12-12`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2022-12-06` - `2024-01-07`	a year	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
casalemedia.com Go Daddy Secure Certificate Authority - G2	`2022-12-13` - `2024-01-13`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-07` - `2023-09-30`	a year	crt.sh
*.technoratimedia.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-15` - `2023-09-15`	a year	crt.sh
gumgum.com Amazon RSA 2048 M01	`2023-02-17` - `2023-08-05`	6 months	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh
*.rubiconproject.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-03-07` - `2024-04-03`	a year	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-02-21` - `2023-05-22`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-05` - `2023-05-04`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-20` - `2023-05-15`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-31` - `2024-01-30`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-11-08` - `2023-05-03`	6 months	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2022-05-02` - `2023-06-03`	a year	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2022-12-15` - `2024-01-15`	a year	crt.sh
adentifi.com Amazon RSA 2048 M02	`2023-02-22` - `2023-09-03`	6 months	crt.sh
*.ad-server.k8s.ggops.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-09`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-20` - `2023-05-15`	3 months	crt.sh
*.neutral.ttwstatic.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-04-01` - `2023-05-02`	a year	crt.sh
*.tiktokcdn.com RapidSSL ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-02-20` - `2023-05-15`	3 months	crt.sh
*.bytedapm.com RapidSSL ECC CA 2018	`2022-12-13` - `2024-01-13`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-20` - `2023-05-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-02-20` - `2023-05-15`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2023-02-20` - `2023-05-15`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-02-20` - `2023-05-15`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon RSA 2048 M01	`2023-01-27` - `2024-01-27`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-02-23` - `2023-06-11`	4 months	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-11-07` - `2023-12-09`	a year	crt.sh
s.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-03` - `2024-02-19`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-03-07` - `2023-09-07`	6 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
events-ssc.33across.com GTS CA 1D4	`2023-03-08` - `2023-06-06`	3 months	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-09-06` - `2023-09-21`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-08`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
*.byteoversea.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-05-12` - `2023-05-31`	a year	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2022-11-06` - `2023-11-28`	a year	crt.sh
*.app.kargo.com Amazon RSA 2048 M02	`2023-02-21` - `2024-01-18`	a year	crt.sh
*.bfmio.com Amazon RSA 2048 M02	`2023-02-21` - `2023-05-15`	3 months	crt.sh
*.deliveryengine.adswizz.com Amazon RSA 2048 M02	`2023-02-09` - `2024-02-13`	a year	crt.sh
beacon.lynx.cognitivlabs.com Amazon RSA 2048 M01	`2023-02-28` - `2023-05-12`	2 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-07` - `2023-06-06`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.tapad.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
rtactivate.com Amazon RSA 2048 M01	`2023-03-14` - `2024-04-11`	a year	crt.sh
*.ctnsnet.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-04` - `2023-11-06`	10 months	crt.sh
truffle.bid R3	`2023-03-15` - `2023-06-13`	3 months	crt.sh
*.iprom.net R3	`2023-03-01` - `2023-05-30`	3 months	crt.sh
*.tiktokcdn-us.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-09-05` - `2023-10-06`	a year	crt.sh

This page contains 221 frames:

Primary Page: https://myreturnticket.ca/
Frame ID: 75B1BBCAB35705272D483861F5CEA224
Requests: 81 HTTP requests in this frame

Frame: https://videopress.com/embed/XO6mYVEb?cover=1&preloadContent=metadata&useAverageColor=1&hd=1
Frame ID: 0A04877DD14A6C453B064B62D846817F
Requests: 19 HTTP requests in this frame

Frame: https://videopress.com/embed/xBxg03xe?cover=1&preloadContent=metadata&useAverageColor=1&hd=1
Frame ID: E0393E06C26E1B4B2C029E4D8BDB5FA8
Requests: 19 HTTP requests in this frame

Frame: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
Frame ID: E204DD2A1798E2B0743B98AA14765746
Requests: 22 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=202311
Frame ID: B2CB62916A4E14549F14197D658D9983
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fmyreturnticket.ca
Frame ID: 94F944A041550BAF4EED8C4C0CACD9C6
Requests: 2 HTTP requests in this frame

Frame: https://s.pubmine.com/match?bidder_id=13&external_user_id=ce709306-291c-43cf-a3be-60b68d0dfea9&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
Frame ID: 9934AD6F6159DBB9D851AB6C2DA062A0
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/uc.html
Frame ID: 28DF8EF35E93DDA3D7BF726D307AA0AD
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Frame ID: 936E70F7373E70FE7A836F5CB0797513
Requests: 11 HTTP requests in this frame

Frame: https://s.pubmine.com/match?bidder_id=27&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&external_user_id=y-7CbZu.9E2uFA5W00stOwAMKe__rYGCWWc1JjUvo-~A&gdpr=0
Frame ID: 154F59A7FAD510382045E8C5D9A0BB82
Requests: 1 HTTP requests in this frame

Frame: https://s.pubmine.com/match?bidder_id=23&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=5271008299598803031
Frame ID: 98E800AE66C6EFF303A34094353B33C7
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
Frame ID: 1C2DBE27236E13B09A53DEE5D9EB9115
Requests: 10 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Frame ID: 618F90DA73281C504FFD23ADF1C677A2
Requests: 7 HTTP requests in this frame

Frame: https://ad-cdn.technoratimedia.com/html/usersync.html?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D
Frame ID: E7161B6EF7EAEF0C59B8054C641DBB6E
Requests: 16 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Frame ID: E7CBBB83CE69A754F21AA80973A95681
Requests: 14 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
Frame ID: 355E676865EA1CC846AB4ADA603F3D62
Requests: 7 HTTP requests in this frame

Frame: https://s.pubmine.com/match?bidder_id=22&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=891db04b52d1c464646f27898eed8846
Frame ID: 2D9EC2EE0A85728009E808C404035DA3
Requests: 1 HTTP requests in this frame

Frame: https://s.pubmine.com/match?bidder_id=20&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=ID5-afb1ueJm1pCJv0dqHV86LXGrA2dl_iJhNUous25t5g
Frame ID: 867C27FD81C9333B7E8CE476AD1DBDA3
Requests: 1 HTTP requests in this frame

Frame: https://s.pubmine.com/match?bidder_id=18&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
Frame ID: 391ED4254A840812FEF46F172E50F4A9
Requests: 1 HTTP requests in this frame

Frame: https://s.pubmine.com/match?bidder_id=29&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=eed380a4
Frame ID: 405FDC12BEFA69F78429BC0C63F44ACD
Requests: 1 HTTP requests in this frame

Frame: https://s.pubmine.com/match?bidder_id=15&external_user_id=y-9lc2ruBE2uELq44caZfZ3pGK4X26tZdXxHVuUYA-~A&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6
Frame ID: 45C37FEE4EA561963D04BA87B1EFA137
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Frame ID: C783851C005811B781BDC81C64644C9B
Requests: 15 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 2F549C93F41DE26816FDE408D146C828
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Frame ID: B8FC5DC2B2663D516988644E9723F7F5
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 50D795611E6BD17434A01341E2B68BA9
Requests: 10 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13
Frame ID: E242639A571B071C7594763FFAD25ECA
Requests: 17 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1
Frame ID: F3175608D84BE9DE2826DE94F5041B28
Requests: 7 HTTP requests in this frame

Frame: https://sync.teads.tv/iframe
Frame ID: D43291AB8108DDD60D647B6F798CFBA2
Requests: 1 HTTP requests in this frame

Frame: https://x.bidswitch.net/sync?dsp_id=419&user_id=10596829190722811243&ssp=themediagrid&gdpr=0&gdpr_consent=
Frame ID: A9B8303F73B6252B80888918C6FE371F
Requests: 1 HTTP requests in this frame

Frame: https://public-api.wordpress.com/wp-admin/rest-proxy/
Frame ID: D31D700D46CFBFB0B67C56C8D31F668A
Requests: 2 HTTP requests in this frame

Frame: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Frame ID: E922BD4EDE1AD7F42D16395CCCFBED6B
Requests: 47 HTTP requests in this frame

Frame: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Frame ID: 846A9B0D91BF8342B1324F38192119F2
Requests: 47 HTTP requests in this frame

Frame: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Frame ID: 8501666BA9720A562D1B3685A0D874ED
Requests: 45 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=03136413-397c-4600-aab0-af469fd25e39&gdpr=0&gdpr_consent=
Frame ID: 9AE10CDA13C8C9E85EDF01FBE2AD9DEF
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=ZBM5ewABwf-WXQBG&gdpr=0&gdpr_consent=
Frame ID: 26995DBFA44BB5062C1CE967A88E0E32
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iN2MyZGVlMC1jYWVhLTRlOGItYWJiZi01NzMyNGJiZWY0ODQ=&gdpr=0&gdpr_consent=&google_tc=
Frame ID: 924F0C7AC764D270CB659E871FD03F9E
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: A758A849668355BB7CB23936A7D271D8
Requests: 9 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=medianet
Frame ID: A6DA8F326AD58FE654D1C46EE6669295
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=13&vsid=3219830991454823000V10&type=rkt&refUrl=&vid=89815002183219830991454823000V10&ovsid=1797288120114298742
Frame ID: DAD3FABE5B56CA5E09B90D7058EDAC80
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Frame ID: C1D331F23A4D11C113A6FBDC6B22D020
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Frame ID: B0592B00587D04BBCC814B5492B08B42
Requests: 2 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=ttd&i=3d9ac594-fe09-4c7e-87b5-bf29cab7004f
Frame ID: E07EA5A8102535AA53EED5D4CCF4883F
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZBM5fcCo8XoAAFrgCrwAAAAA
Frame ID: 0B3336FE9C05496703A530A8F339E8F2
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=aad&i=d15241ba-d2da-4c8b-89fb-be3a9c3d1612
Frame ID: B2425242F42112F39C66ACE0A5A0C51F
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12361c2c99f7d4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 921D337727965D3D3A10AF1134E34907
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16dce22928f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 2C469666A7B9DA5BC8A923845504B071
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df11712ebd11f8f4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: C1A0D00C886100D73DAF385E5284E1F3
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df38eefccae9443c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 70586F9560594DBA2922C739EF48E11A
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1fc091b6732c3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: E95129025E55B89EE49F228067D09C70
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df126a7dc9ebf35c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 1E0A1E79FFF4B1D56FABB2FB623BDDCA
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa9dea79c0a67%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 56650482B79B1110444EEA3028AB205F
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3139072c8d26cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 1C2BE485119EC4050124EDA0EFC91DE7
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d13390679573%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: DE211570137C1A04E40C6451A40F1F51
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3a1bf68f3b245c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 80C4FE4549A19BF283A1D7794CACCF0F
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29412e21d1188%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 3308231CA09A2C785441C7B9915EC72D
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8050d5534904c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: BFE0FAC5E9C17E63391350B875B8BD24
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3281427e9dd52c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 29DD2502D248867F6A8F44CA996DF7D5
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df31d258f2cc1284%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 6ED6EB331A84ECF49FED8EB124A7FFD3
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df386c1fa1b38654%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 1B3B4403CAD2038069800FB71AD9D091
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3f0fc5f604bdc8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 83D9EE5E9380B36467C464697069951E
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3f4bd191231f3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: A2B7A19AC8AED8573997C5C956CE5C64
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1be0b88631d384%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 75CFB2A6DA0F69421BCA5B0835BAE70A
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df357107d9ec87c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: F5A2542F3C467B7553F248BDEB972C01
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df25e888e9b5340c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 8F38CB51479D8E2D3FCFB20D142344EC
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df36421571d5c168%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 92DAD07947BC1057F51FC5D69330A168
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1bdfe3eb461d3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 504F26ABC60C06E030253EF02B3A235E
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8d56b09166fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: CCA2EEA3E4AF3F0756575595C807C2E3
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2af2cd18b64858%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 62D4D1244355947B6C564AE2697BF688
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbbeba45fe82e4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: DF21D765A579DE71B580AD64F2587A2A
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df154ec589a1e54%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 0E101B4E0BCF5B84FC957A652773B443
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df133eab01a6144%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 947F79429742F0B927BF46622A18092C
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3a836cf35f6894%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 212048628732C6F1C8FC9885BAE0AC29
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df31fe254f1a7f4c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 9C3F12E002D9472CB0AAE97FFA81E542
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df32da7cff0d6fa4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 72848E40629860F69B7D087511485336
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfc0065a501c0a8%2526domain%253Dmyreturnticket.ca%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmyreturnticket.ca%25252Ff3eee10fad7a17c%2526relation%253Dparent.parent%26container_width%3D222%26height%3D577%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmyreturnticket%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dtimeline%26width%3D338
Frame ID: BB1D99E54FEF66FFF0667BDE3843E09D
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatchredir?s=189872&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D
Frame ID: 9DEBC544955F0932F00EFFE0B013CD59
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=kjbsEGvaAZbLcNsn551P&pi=gumgum&tc=1
Frame ID: AFC9752963422A80968A29E64BA23EDC
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=synacor_xapi&endpoint=us-east
Frame ID: 6B82361010B29FFD4EE13A2D12925737
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Frame ID: B847B138319352CEA5811104C76DE17E
Requests: 7 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Frame ID: 68935D34A2C7E38E27D410E89FFCF3FC
Requests: 12 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Frame ID: C5640533EEE290DB3409448423BE3EC4
Requests: 6 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=572a470226457b8
Frame ID: A7D117C47048CDE1EB8AFF7F51F72FAE
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Frame ID: AF40052B831420FD88F2DAAEF0B551EB
Requests: 12 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 8E172C8236C1564095ED559DBFF7C9B9
Requests: 3 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=
Frame ID: 22A7F8E120AEB05EA2F8EB96A7BF5211
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=4BA59E21-32B2-424E-991B-86C3DF8ACE81&redir=true&gdpr=0&gdpr_consent=
Frame ID: 3B33C07B4E82331512AD011FA48B3B76
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFHm07IJnMAAB-p_D8lqA&gdpr=0
Frame ID: E13BA763248D4865CEB5C068E1929B30
Requests: 1 HTTP requests in this frame

Frame: https://s.pubmine.com/match?bidder_id=26&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: 22B63519427AF692B6ACF136830BDF6B
Requests: 1 HTTP requests in this frame

Frame: https://wordadsmediafiles.files.wordpress.com/2023/02/houseads-difm-en-set1-build-1x-728x90-upload.png
Frame ID: E32B758B58CD6480E024890D158A3A1D
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Frame ID: A3E153D9AD85FA9FDDEE95718907F380
Requests: 8 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Frame ID: E2E468077F19451B87CAC4ED448A3525
Requests: 12 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: EC3A100F5639B56346F0C5A0E98BA7EE
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: F475DC66F59CDF59D35EE13E88C8957F
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 6E71D2C204309E2969C2E251D908CC8E
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 40EF6AF137A9F7A4243B4375C90141C3
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: F40232B63C43318E2913CD1BB4E598C4
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: CA33542E2E545FF9D5F02C6E9D245D81
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 9624E2FF24D5D29DDCA090C243430BF0
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: D74DBAADD2F44C8936D90D24428BBAB8
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: A9DA8ED3AB82B3A7A58A888C84122968
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: A5B235B631BC16105A090F837E85B084
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: D10785077C2F9E262A7140E61B8A8ADE
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: F8631D77F78F82866C2ED3F5D4AA330F
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 6DD2DA602160ACC073F7CA67563C0ED3
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 1327F728C0D53ED148E6972AA5017B31
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 5742A8DDE1AACAAB4F5F63F2A1D2E439
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 3004A2A9F79287E1A435C4E65B1F3283
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 47B21F9B0B5CF1494A40C5B7F5DA4ED8
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 68113E6DF931A43DD6F83EC7D3F03A27
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 82244FAC6A534292633083FCCFDF4E74
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 4CFA804C0DEEC27242448B5E85F1DBE0
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 1D649CA5E2BDE17C354F2E0B8D6601BD
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: BA16A1F4FC68B38FB2DC6CA0023B0662
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: CDF65F6135177C9140B7C1C61B776059
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 831F7D30469AEA80DBD917973F9A0C70
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 186B4896CC7887F40A961B680454AAEA
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 7D8E3BFE862FE0E449539AA43B64938F
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 4D6C700D92B64D5D106449BEBE289D5E
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 6EC04342DC3E6354F58E7933C5F25228
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 9D1032EE977740AC98DDF9E00A6E90E0
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: E229AEEA66CC8695048EE046A3D5AB96
Requests: 2 HTTP requests in this frame

Frame: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: 6226EA8B602674A88211F31A5235EC4C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=85e60e8e-c411-11ed-ad00-8b125e48859e
Frame ID: B3B8CCFF56CC82B9B0868DB5ACBC0A62
Requests: 1 HTTP requests in this frame

Frame: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: 81CAC0447532AD964EE3BC55415421A2
Requests: 1 HTTP requests in this frame

Frame: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: 03A5319151FB48BB3C1BC8341C9C4976
Requests: 1 HTTP requests in this frame

Frame: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: 66C23DBF108C17AAB1F0276203A90B19
Requests: 1 HTTP requests in this frame

Frame: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: E6C07FA1CDBFD2E3CA81CA5816168C6C
Requests: 1 HTTP requests in this frame

Frame: https://s.pubmine.com/match?bidder_id=11&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: 0A27F22262CDD7A2C44B9E4E3D538806
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Frame ID: 4A2D3D6B62754E8E662B0EFB00A695DE
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=85e60e8e-c411-11ed-ad00-8b125e48859e
Frame ID: B6AA3ACDF6566B8391F6B01F7FEF8CFB
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Frame ID: DB73556A90AE23F51BCCDE1894B10375
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Frame ID: 34D124A1004522A33FD237E7E909ADC8
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Frame ID: 2724DFCC6722046DE5373B6B3F2ED75E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1694000653285184985
Frame ID: C92956438F0ED5D33B965A3751D6D7E0
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:p7n9V5AJ1PCPMM5&gdpr=0&gdpr_consent=
Frame ID: 5EB7398E92B58A797A32446871F7F1F9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 2BE4E35AD274B821708E478C537A466A
Requests: 1 HTTP requests in this frame

Frame: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: 1E63A58E685286AE7823F144AEF8E4B6
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=TcSDncZYV45wrB3TZQ5UTZU4mbQ&gdpr=0&gdpr_consent=
Frame ID: FB38937D80883DFA1CEFECB8A917B986
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=755368169996
Frame ID: C6F5E753B39B7A114BD81A2BD90F3A14
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 1C1373D7C0B8B4A1DC50088180AB48D5
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
Frame ID: 5455D6B690C9296478F3E43FD1C9AAD1
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=fi7GcUNap
Frame ID: EDCC80C8D2EF008A79D308AC940FC50F
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=pbm&i=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: CB8E104EB012272731A25190ED9DFDE5
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:p7n9V5AJ1PCPMM5&gdpr=0&gdpr_consent=
Frame ID: F0A95C4A5E3590D56404F923924B6B78
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 82570D093655D3CCA7B6B127E9EAF707
Requests: 1 HTTP requests in this frame

Frame: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: 514A5E5E4F3F26D880E3DF2D9E07FCF6
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=TcSDncZYV45wrB3TZQ5UTZU4mbQ&gdpr=0&gdpr_consent=
Frame ID: C36962544EC946BD23A61E4D8436031A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=755368186129
Frame ID: BFB1A8D6A537A7564B80F06BA695E428
Requests: 1 HTTP requests in this frame

Frame: https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 8AD227EF572CCCADE1512257A26FE239
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
Frame ID: 95B065B9D4B61708BBD204CB38062154
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=fi7GcUNap
Frame ID: DFD896DB854F88E5725F7F62A24392CF
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=3wiLY6BODK2N0x6YhDkTZA
Frame ID: C20D5AF9015964F0C09DE24A7FDFB512
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: 410812DC6C187864ECC7CE4167041B70
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=c2fdb966-d9f3-49f0-99f8-5b63e31eb9bb
Frame ID: 8F94271417303025445C575C569FAF4B
Requests: 1 HTTP requests in this frame

Frame: https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Frame ID: F37FDAD7481EE60025150B707C75AF43
Requests: 1 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=45&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: 1A53A6C769C6995BBBD0B7952AE9B8C5
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Frame ID: 3DDBAD052C79F8A2FB2ECBE7E98F9E46
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:AA77F830412244B9A960431CFB8DC128&gdpr=0&gdpr_consent=
Frame ID: FB53FE1A719FCA9B3E785059DDA46492
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7322679081744262523
Frame ID: 6627656B5F6AC3CEDD1F518BC78D3B69
Requests: 1 HTTP requests in this frame

Frame: https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=25&external_user_id=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Frame ID: 2888A38683E8D2E5A563ACFBDD1CA20F
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa604e742c31ac%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 61BCB63694CE89088B6FDB7920E89DC8
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e82c02276b28c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 4F7C076BABF742D4D32D1409E244091E
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ceaaf0d3f1fc4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 04F9E39CC3E68598C20EA78CA6638F39
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3759e91862222c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: CE8467427F2B0740F837651679C48A96
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df30ae624edde5bc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 276BD5A3F8C38891B34D4096CEA5EB22
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1bc6b500e117d%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: F4DAF65AC6A28EE9CD14E194D5CCAA91
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3531a3e96c73f%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 10C6342B3230889753F333E567679BEC
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df345f004f3d9bb8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 0F8E8AD3ED2841532115A89F0F5576AC
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df10a12182b8afa8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 3C9672A153AF98D3F50F0A0936438BFA
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df280f3fb4e3365c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 79CA546E18103E97BD7B34068C3E564D
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2421e728713a64%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 6EBA1E6186713BC06D43E1280DA2E314
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2039d92ce9d9f4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 2B8F372347DA3943AEC5F3DAF9C722C0
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2694ac9260ab28%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 7B0295A337AC2C018775E5D49BAF7336
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1fb0354fc0ba38%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 5B078E95040090FDE00F02B4F66E8EA7
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2fcc43b0bb77dc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 9AAD5736F933A316F960AFAE41427595
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e1b9def524708%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: C5F8C62780C2E096F18C914AE4320ED6
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23f43202bccdd%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 5B8F2A1AB099F937166B2A52C79E5673
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3cd54f3751a484%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 98B481A735D99DDF6AD1914C53281925
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e693c36dca9%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 09D9C655ED6CEC3F80A38C5FA2FC5B2A
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2a7d97219698%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 1F04BED010ADF922FCD9CB038A8751FD
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df15614553352c7%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 88A7931423BFF078D2B04A88036AC285
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19477c578525cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 460C56B7388C40C13034BE49BD71FCD0
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df129f97a55c4744%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: BBF06E4CF94BD990BDD8D32369A285DC
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dc0d01cd674f%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: D5D86C60B129FD3BE5DEEC0F5883894F
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff780c0fcc2294%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 81644B6F1FE0E54D6054C37AF345A0B3
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16353caebeb17c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: CEBBCB0802A2C1A7021CF56A2FBBCF4C
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff83aaa049d4f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 560BDDBE03B6804E0C9971B76E46BB30
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df35f15ae0bf7c18%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 3E5F4B47FDEBDED65A63975B3EA17D77
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1520118b20df1c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: AF5BAFA6B868AE783B585EAC85C9F780
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12a5a804263d7c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 18674DC86D82DBA62AAE2B6D0804D446
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df35b69ff55423d8%2526domain%253Dmyreturnticket.ca%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmyreturnticket.ca%25252Ff3eee10fad7a17c%2526relation%253Dparent.parent%26container_width%3D0%26height%3D577%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmyreturnticket%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dtimeline%26width%3D338
Frame ID: 9A9B834936481068D906453C13755A30
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df322aa5fff2c698%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: A67BCD6A057E50B992DE946C11A7686B
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbec8cbf944604%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: C95A111629AFA15B2D973F9C943A3EF6
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2d5e675377f6b%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: A3881D7BF7ACA4B6D27EE4C13ADEE54D
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfe1ab8c60b9ebc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: ECE2EBCEC7D91A3B0D3993FEE009AC4D
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2409024ff246e8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 3C4D1270BF97EF5E31B49DBBA31372D3
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2982d8fad261fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 0EDCF61B40240A26CB6AAE32BBDAF3BF
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfcbc2d4378bd04%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 43BD351D272160988E3AD36BAAECA147
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df44276b11a154%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 210F17D1DF1DD292979FD99E879581C4
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df13d5bebc42299c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: A29CD8390EF098C4E71A8B92244662FA
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1973d92a755c7c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 5E5B04E5CC01685A99658F07A629C553
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df154e0a70d32e4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 27DFA014EAD5DA12793001D36CBD6A9B
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34c01db24a1e18%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: BB80EFA570992C71AD8BA5857B543B99
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1343261f71a924%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: D2373B1A1849DEC22A8111AAA4D9664E
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa966d51f93fc4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 2D280F70A9CBAF66D397CFF854BE547B
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e62799d5f9504%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 44484B11ED3BBAB6B38E2DFFC38DDE53
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5d32fff495d8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 09142D62DFB78A33AAC1B862FDAEF1A3
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3eecd564d8102%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 2435EB41477E0A1444F2B9E30AC299D6
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ffc9c19eff574%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 94E7A36A93FE146E9AB2C32E560CE19F
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df249e81834d5628%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: D5EDC8E651E1A368EA90851B762C0C7A
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e85679935775%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 91D89D28459E1FC5791EF49A1C5B4AD7
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8b18f413a03fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 15FCE29A9754E728DB8EBD30520D8375
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3240d163862814%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 76A7703599600285F9ED5A9232E790B1
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b6855637f21cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 510FE65965F3339808664AB41134700E
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfd2d4a7ccc745c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: E1D471A9A272CD771E424D81D366FD91
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17a4397725e0a%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: B674B662A585EBBD516C7AA3C034D175
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df119bae9231e7a8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 9506F350280E8683E972DEF468291FE7
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df61d3579e4d1f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 0DBFEFF9056E20ACB3EC8680F188936B
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df39d091c585c9a4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: B73EA3896486A0C899623BB465558566
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df374d0b8b1175e%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: 67FC95B3519891A49D0ADE0014089F46
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2474b1e0cadaa8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey
Frame ID: D3675348E978EC050E7FE29679F98CAC
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

My Return Ticket – by chris franklin

Page URL History Show full URLs

https://www.myreturnticket.ca/ HTTP 301
https://myreturnticket.ca/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

889
Requests

84 %
HTTPS

18 %
IPv6

123
Domains

192
Subdomains

104
IPs

10
Countries

28885 kB
Transfer

102005 kB
Size

278
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: http://district1881.com/
Title: https://www.theoffybistro.com

Search URL Search Domain Scan URL

URL: https://www.instagram.com/reel/ChkJWyaD2lP/?igshid=YmMyMTA2M2Y=
Title: https://www.instagram.com/reel/ChkJWyaD2lP/?igshid=YmMyMTA2M2Y=

Search URL Search Domain Scan URL

URL: http://www.bucketfeet.store/info.
Title: http://www.bucketfeet.store/info.

Search URL Search Domain Scan URL

URL: http://www.airbnb.com/h/felixjackguesthouse
Title: http://www.airbnb.com/h/felixjackguesthouse

Search URL Search Domain Scan URL

URL: http://www.aircanada.com/
Title: Air Canada

Search URL Search Domain Scan URL

URL: http://www.youtube.com/watch?v=E_7HwX-C6ws
Title: video

Search URL Search Domain Scan URL

URL: http://www.portobay.com/en/restaurants/restaurants-algarve/il-basilico-algarve
Title: il Basilico

Search URL Search Domain Scan URL

URL: https://www.expedia.ca/Hotel-Search?HotelID=1787641&SEMDTL=a115310283183.b1131407535978.g1kwd-10525950673.l1.e1c.m1EAIaIQobChMI28K7ooXZ-QIVpj6tBh1gSgRMEAAYASAAEgKM1fD_BwE.r15d1b0d17a48fd134788835d229fd773279d76f5f42ef14d8385631d6f79e0adb.c1.j19001486.k1.d1614888729669.h1e.i1.n1.o1.p1.q1.s1.t1.x1.f1.u1.v1.w1&destination=Albufeira%2C%20Faro%20District%2C%20Portugal&endDate=2022-09-20&gclid=EAIaIQobChMI28K7ooXZ-QIVpj6tBh1gSgRMEAAYASAAEgKM1fD_BwE&locale=en_CA&regionId=4692&selected=1787641&semcid=CA.UB.GOOGLE.PT-c-EN.HOTEL&semdtl=&siteid=4&sort=RECOMMENDED&startDate=2022-09-19&theme=&useRewards=false&userIntent=
Title: Portobay Falesia

Search URL Search Domain Scan URL

URL: http://www.barelbaratillo.com/
Title: Bar Baratillo

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@myreturnticket.ca/video/7126162573690490117?is_copy_url=1&is_from_webapp=v1
Title: https://www.tiktok.com/@myreturnticket.ca/video/7126162573690490117?is_copy_url=1&is_from_webapp=v1

Search URL Search Domain Scan URL

URL: http://www.airalo.com/
Title: Airalo

Search URL Search Domain Scan URL

URL: http://parkimeter.com/
Title: Parkimeter website

Search URL Search Domain Scan URL

URL: https://www.hyatt.com/en-US/hotel/england-united-kingdom/hyatt-place-london-heathrow-airport/lhrza
Title: Hyatt Place, Heathrow

Search URL Search Domain Scan URL

URL: http://www.heathrow.com/
Title: www.heathrow.com

Search URL Search Domain Scan URL

URL: https://www.facebook.com/myreturnticket/
Title: View myreturnticket’s profile on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/myreturnticket/
Title: View myreturnticket’s profile on Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/myreturn.ticket/
Title: View myreturn.ticket’s profile on Instagram

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/myreturnticket/
Title: View myreturnticket’s profile on Pinterest

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCL3OuPqqzL0TBkjZ-zWZksA
Title: YouTube

Search URL Search Domain Scan URL

URL: https://myreturnticket.wordpress.com/2019/01/03/day-trips-in-berlin-germany/

Search URL Search Domain Scan URL

URL: http://kmack2016.wordpress.com/

Search URL Search Domain Scan URL

URL: https://akismet.com/
Title: 2 spam blocked by Akismet

Search URL Search Domain Scan URL

URL: https://wordpress.com/?ref=footer_custom_powered
Title: Powered by WordPress.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.myreturnticket.ca/ HTTP 301
https://myreturnticket.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://www.tiktok.com/embed.js HTTP 302
https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/embed_v1.0.11.js

Request Chain 74

https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D13%26external_user_id%3D%5BUID%5D%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://s.pubmine.com/match?bidder_id=13&external_user_id=ce709306-291c-43cf-a3be-60b68d0dfea9&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=

Request Chain 77

https://ups.analytics.yahoo.com/ups/58666/occ?uid=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58666/occ?uid=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://s.pubmine.com/match?bidder_id=27&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&external_user_id=y-7CbZu.9E2uFA5W00stOwAMKe__rYGCWWc1JjUvo-~A&gdpr=0

Request Chain 78

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&US_privacy=&redirectUri=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D23%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D[ssb_sync_pid] HTTP 302
https://s.pubmine.com/match?bidder_id=23&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=5271008299598803031

Request Chain 79

https://ssum-sec.casalemedia.com/usermatch?s=197465&gdpr=0&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1

Request Chain 80

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D HTTP 302
https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D

Request Chain 83

https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz HTTP 307
https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz

Request Chain 84

https://visitor.omnitagjs.com/visitor/bsync?uid=19340f4f097d16f41f34fc0274981ca4&name=PrebidServer&gdpr=0&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D22%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D[BUYER_USERID] HTTP 307
https://s.pubmine.com/match?bidder_id=22&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=891db04b52d1c464646f27898eed8846

Request Chain 85

https://sync.inmobi.com/prebid?gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D20%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%7BID5UID%7D HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=0&us_privacy=&callback=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D20%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%7BID5UID%7D HTTP 302
https://id5-sync.com/c/495/0/0/1.gif?gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://s.pubmine.com/match?bidder_id=20&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=ID5-afb1ueJm1pCJv0dqHV86LXGrA2dl_iJhNUous25t5g

Request Chain 86

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D18%26external_user_id%3D%24%7BBSW_UUID%7D%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D18%26external_user_id%3D%24%7BBSW_UUID%7D%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://s.pubmine.com/match?bidder_id=18&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=

Request Chain 87

https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D29%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%24UID HTTP 302
https://s.pubmine.com/match?bidder_id=29&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=eed380a4

Request Chain 88

https://ups.analytics.yahoo.com/ups/58366/occ?uid=e3643ba5-6d29-4272-9941-c8ff19e04eb6 HTTP 302
https://ups.analytics.yahoo.com/ups/58366/occ?uid=e3643ba5-6d29-4272-9941-c8ff19e04eb6&verify=true HTTP 302
https://s.pubmine.com/match?bidder_id=15&external_user_id=y-9lc2ruBE2uELq44caZfZ3pGK4X26tZdXxHVuUYA-~A&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6

Request Chain 94

https://u.openx.net/w/1.0/pd HTTP 302
https://u.openx.net/w/1.0/pd?cc=1

Request Chain 96

https://x.bidswitch.net/sync?ssp=themediagrid&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp=themediagrid&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=419&user_id=10596829190722811243&ssp=themediagrid&gdpr=0&gdpr_consent=

Request Chain 98

https://pixel.rubiconproject.com/exchange/sync.php?p=18894&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://s.pubmine.com/match?bidder_id=14&external_user_id=LFBA8GCO-24-1S47&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0

Request Chain 99

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D12%26external_user_id%3D%24UID%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D12%26external_user_id%3D%24UID%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://s.pubmine.com/match?bidder_id=12&external_user_id=4629100391442130554158&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=

Request Chain 100

https://ib.adnxs.com/getuid?https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D10%26external_user_id%3D%24UID%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.pubmine.com%252Fmatch%253Fbidder_id%253D10%2526external_user_id%253D%2524UID%2526ssp_data%253De3643ba5-6d29-4272-9941-c8ff19e04eb6%2526rid%253D%2526us_privacy%253D%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
https://s.pubmine.com/match?bidder_id=10&external_user_id=1694000653285184985&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=

Request Chain 101

https://x.bidswitch.net/sync?ssp=wordpress&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&user_id=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=wordpress&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&user_id=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0&gdpr_consent= HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=wordpress&bsw_custom_parameter=88b2fc1d-8ebb-4ab8-85b5-11599c163215 HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=wordpress&bsw_custom_parameter=88b2fc1d-8ebb-4ab8-85b5-11599c163215 HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=897e86b3-726e-4a27-8e37-ab5da3e3a153&user_group=1&ssp=wordpress&bsw_param=88b2fc1d-8ebb-4ab8-85b5-11599c163215 HTTP 302
https://s.pubmine.com/match?bidder_id=1&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=&gdpr_consent=

Request Chain 102

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D1%26external_user_id%3D%24%7BBSW_UUID%7D%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D1%26external_user_id%3D%24%7BBSW_UUID%7D%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D HTTP 302
https://s.pubmine.com/match?bidder_id=1&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 103

https://ssc-cms.33across.com/ps/?ri=0010b00002CphGRAAZ&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://s.pubmine.com/match?bidder_id=6&external_user_id=212122484738814&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=

Request Chain 112

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=ZBM5ewABwf-WXQBG HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZBM5ewABwf-WXQBG&_test=ZBM5ewABwf-WXQBG

Request Chain 114

https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=c913ac0c-efae-c0f2-1753-d16ebd7323d1 HTTP 302
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=c913ac0c-efae-c0f2-1753-d16ebd7323d1&dcc=t

Request Chain 115

https://match.adsrvr.org/track/cmf/openx?oxid=91c5d071-f304-7b08-d75d-53f9d540e831&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/openx?oxid=91c5d071-f304-7b08-d75d-53f9d540e831&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072971&val=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&ttd_puid=91c5d071-f304-7b08-d75d-53f9d540e831&gdpr=0&gdpr_consent=

Request Chain 116

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmRhYTAzYmItM2E3My0yNWFjLWMyYmQtMDk0MDFmYTIyNjUx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmRhYTAzYmItM2E3My0yNWFjLWMyYmQtMDk0MDFmYTIyNjUx&google_tc=

Request Chain 117

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc= HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO9-HzUkuzijSkJ28h2vgmk&google_cver=1

Request Chain 119

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://usersync.gumgum.com/usersync?b=apn&i=1694000653285184985

Request Chain 120

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_b7c2dee0-caea-4e8b-abbf-57324bbef484&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=00c78c89-c149-493d-9f8b-619f396156a7&ssp=gumgum2 HTTP 302
https://usersync.gumgum.com/usersync?b=bsw&i=88b2fc1d-8ebb-4ab8-85b5-11599c163215

Request Chain 121

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://usersync.gumgum.com/usersync?b=obn&i=ENC%28EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_b7c2dee0-caea-4e8b-abbf-57324bbef484&obuid=ENC(EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=160065&gdpr=PM_GDPR&gdpr_consent=PM_CONSENT&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160065%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.outbrain.com%252Fcookie-sync%253Fp%253Dpubmatic%2526obUid%253DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ%2526gdpr%253D$GDPR_APPLIES%2526initiator%253Dplatform%2526gdpr_consent%253D$CONSNT_STRING%2526us_privacy%253D$CCPA%2526uid%253D%2523PMUID HTTP 302
https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=-1&gdpr_consent=PM_CONSENT HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=c63294f0-203b-4b30-9308-cb83039ba6ed&gdpr=-1&gdpr_consent=PM_CONSENT HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=PM_CONSENT HTTP 302
https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=PM_CONSENT HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B341_FFA08470_53A62AD8&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
https://pmp.mxptint.net/sn.ashx?ak=1

Request Chain 122

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=opx&i=66f87401-db11-435e-b026-43141d10e977

Request Chain 123

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=sta&i=0-4dc4839d-c658-578e-70ac-1dd3650e544d$ip$149.56.153.180

Request Chain 124

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=oth&i=y-HotrQbxE2pdO6B.tRX4AuE_U5COWNRBaJ8xG~A

Request Chain 125

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=vnt&i=c63294f0-203b-4b30-9308-cb83039ba6ed

Request Chain 126

https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
https://usersync.gumgum.com/usersync?b=snc&i=3D2E27AC42E64EE8AD58528E3DA25669

Request Chain 128

https://b1sync.zemanta.com/usersync/gumgum/?puid=u_b7c2dee0-caea-4e8b-abbf-57324bbef484&gdpr=0&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=ohQ3xRp-TBXwq-_bWIsp&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT233IKEZXQUTQFVKEEWDXOEWV6YSXJFZXA&gdpr=0 HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT233IKEZXQUTQFVKEEWDXOEWV6YSXJFZXA HTTP 302
https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=ohQ3xRp-TBXwq-_bWIsp

Request Chain 129

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://usersync.gumgum.com/usersync?b=idi&i=369c474d-bcb1-496e-8b73-77f1f6fe3cfb

Request Chain 130

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://usersync.gumgum.com/usersync?b=pln&i=JUNCdIyla4Wq&ev=1&pid=558355

Request Chain 131

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=sad&i=5271008299598803031

Request Chain 136

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZBM5ew3lKTK1bGaeTrJAtAAADfcAAAAB&gpp=&gpp_sid= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZBM5ew3lKTK1bGaeTrJAtAAADfcAAAAB&gpp=&gpp_sid=&dcc=t

Request Chain 137

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZBM5ew3lKTK1bGaeTrJAtAAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFQ0g9ipn4TuWOOdFo8n7u8&google_cver=1

Request Chain 138

https://match.adsrvr.org/track/cmf/casale HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&expiration=1681573500&gdpr=0&gdpr_consent=

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZBM5ew3lKTK1bGaeTrJAtAAADfcAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEL_5ov4F6C_aaxvpTmdq51Q&google_cver=1

Request Chain 140

https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1 HTTP 302
https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=1dfda7e5-333b-4c32-a54b-d6685ab75c82

Request Chain 142

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
https://casale-match.dotomi.com/match/bounce/current?DotomiTest=dd63d5562a81878&is_secure=true&networkId=19998&version=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAFuHQLkAkIlwNMVvDnAAAAAAA&expiration=1679067901&is_secure=true

Request Chain 143

https://match.deepintent.com/usersync/113 HTTP 303
https://dsum.casalemedia.com/crum?cm_dsp_id=176&external_user_id=di_ceccdb14380943aaae433

Request Chain 147

https://sync.technoratimedia.com/services?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D&srv=cs HTTP 307
https://s.pubmine.com/match?bidder_id=30&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=BF0CD8D4B2044F1D80A92505D97AF586

Request Chain 149

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://usersync.gumgum.com/usersync?b=mmh&i=03136413-397c-4600-aab0-af469fd25e39&gdpr=0&gdpr_consent=

Request Chain 150

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=atm&i=ZBM5ewABwf-WXQBG&gdpr=0&gdpr_consent=

Request Chain 151

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iN2MyZGVlMC1jYWVhLTRlOGItYWJiZi01NzMyNGJiZWY0ODQ=&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iN2MyZGVlMC1jYWVhLTRlOGItYWJiZi01NzMyNGJiZWY0ODQ=&gdpr=0&gdpr_consent=&google_tc=

Request Chain 154

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=medianet HTTP 301
https://eus.rubiconproject.com/usync.html?p=medianet

Request Chain 155

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Drkt%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D%7Buserid%7D HTTP 302
https://contextual.media.net/cksync.html?cs=13&vsid=3219830991454823000V10&type=rkt&refUrl=&vid=89815002183219830991454823000V10&ovsid=1797288120114298742

Request Chain 156

https://ib.adnxs.com/getuid?https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dapx%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D%24UID HTTP 302
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=apx&refUrl=&vid=89815002183219830991454823000V10&ovsid=1694000653285184985

Request Chain 157

https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=son&refUrl=&vid=89815002183219830991454823000V10&ovsid=[UID] HTTP 302
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=son&refUrl=&vid=89815002183219830991454823000V10&ovsid=7c3fb959-88fc-4f34-8df5-f97b7ca85c6d

Request Chain 158

https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dcon%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D%24UID HTTP 302
https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=387dafb056f30594&is_secure=true&version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dcon%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D%24UID HTTP 302
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=con&refUrl=&vid=89815002183219830991454823000V10&ovsid=AAAB4nu1owEOvgNkva_pAAAAAAA&expiration=1679067901&is_secure=true

Request Chain 159

https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dopx%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D HTTP 302
https://contextual.media.net/cksync.html?cs=13&vsid=3219830991454823000V10&type=opx&refUrl=&vid=89815002183219830991454823000V10&ovsid=59e9b9ee-5804-41e8-b412-2d9767af7aed

Request Chain 160

https://sync.mathtag.com/sync/img?mt_exid=64&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dmma%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D%5BMM_UUID%5D HTTP 302
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=mma&refUrl=&vid=89815002183219830991454823000V10&ovsid=e7ef6413-397c-4900-b930-b5f1dddc2b71

Request Chain 161

https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dr1%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&zcc=1&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dr1%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D%5BRX_UUID%5D&cb=1678981500366 HTTP 302
https://ad.turn.com/r/cs?pid=45&rndcb=6610854902 HTTP 302
https://sync.1rx.io/usersync/turn/7826914019700556296?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005?redir=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D76%26uid%3DRX-d2b454e6-c171-4964-9682-92313ebf9f6a-005 HTTP 302
https://sync.technoratimedia.com/services?srv=cs&pid=76&uid=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005

Request Chain 162

https://cm.g.doubleclick.net/pixel?cs=13&google_nid=media&google_cm=1&google_hm=MzIxOTgzMDk5MTQ1NDgyMzAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=13&google_gid=CAESEL1EKEpxwdDczGaGgWQr2iQ&google_cver=1

Request Chain 163

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Ddxu%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Ddxu%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=dxu&refUrl=&vid=89815002183219830991454823000V10&ovsid=p7n9V5AJ1PCPMM5

Request Chain 164

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=05e6e464-9963-46c4-a9db-af7eb26de19c

Request Chain 165

https://visitor.omnitagjs.com/visitor/bsync?uid=4ed0cff4eef188d3fb2e7e9025d7855b&name=MEDIANET&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dayl%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D%3Creplace_userID%3E HTTP 307
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=ayl&refUrl=&vid=89815002183219830991454823000V10&ovsid=891db04b52d1c464646f27898eed8846

Request Chain 166

https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
https://t.pswec.com/bsw_sync?ssp=medianet&bsw_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215 HTTP 302
https://t.pswec.com/ul_cb/bsw_sync?ssp=medianet&bsw_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215 HTTP 302
https://x.bidswitch.net/sync?dsp_id=2&user_id=edc50dcb-743d-4993-aeee-f39c4644410b&expires=3&user_group=1&ssp=medianet HTTP 302
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 167

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dzem%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=WEha6rUd7_V4Ay6vDE19&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKXIVUGCNTSKVSDOX2WGRAXSNTWIRCTCOLIOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBRGMTG65TTNFSD2X27LJKUSRC7L4THEZLGKVZGYPJGOR4XAZJ5PJSW2JTUPFYGKPL2MVWSM5TJMQ6TQOJYGE2TAMBSGE4DGMRRHE4DGMBZHEYTINJUHAZDGMBQGBLDCMBGOZZWSZB5GMZDCOJYGMYDSOJRGQ2TIOBSGMYDAMCWGEYA HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKXIVUGCNTSKVSDOX2WGRAXSNTWIRCTCOLIOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBRGMTG65TTNFSD2X27LJKUSRC7L4THEZLGKVZGYPJGOR4XAZJ5PJSW2JTUPFYGKPL2MVWSM5TJMQ6TQOJYGE2TAMBSGE4DGMRRHE4DGMBZHEYTINJUHAZDGMBQGBLDCMBGOZZWSZB5GMZDCOJYGMYDSOJRGQ2TIOBSGMYDAMCWGEYA HTTP 302
https://contextual.media.net/cksync.php?cs=1&ovsid=WEha6rUd7_V4Ay6vDE19https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=89815002183219830991454823000V10&vsid=3219830991454823000V10

Request Chain 168

https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3219830991454823000V10 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=3219830991454823000V10 HTTP 302
https://contextual.media.net/cksync.php?type=mf&ovsid=a2ad1b4b-ff5f-4ad6-9ca7-6e34fbda1f27&cs=1

Request Chain 169

https://id.rlcdn.com/710489.gif HTTP 307
https://id.rlcdn.com/1000.gif?memo=CNmuKxoNCP3yzKAGEgUI6AcQAEIASgA

Request Chain 170

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f

Request Chain 171

https://contextual.media.net/cksync.php?cs=1&type=dat&ovsid=setstatuscode&redirect=https%3A%2F%2Ffei.pro-market.net%2Fengine%3Fsite%3D159195%3Bsize%3D1x1%3Bmimetype%3Dimg%3Bdu%3D15%3Bcsync%3D%24%7Bmnetid%7D HTTP 302
https://fei.pro-market.net/engine?site=159195;size=1x1;mimetype=img;du=15;csync=3219830991454823000V10 HTTP 302
https://fei.pro-market.net/engine?site=159195;size=1x1;mimetype=img;du=15;csync=3219830991454823000V10;sr HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-678723174275792080 HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-678723174275792080&ckls=true&ci=SJOlR2RL0e&nc=false&trid=-234304758

Request Chain 172

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy= HTTP 301
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=

Request Chain 173

https://ssc-cms.33across.com/ps/?_=1678981499650.&ri=zzz000000000002zzz&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X HTTP 302
https://s.pubmine.com/match?bidder_id=24&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=212097253572021

Request Chain 174

https://x.bidswitch.net/sync?ssp=the33across&us_privacy= HTTP 302
https://t.pswec.com/bsw_sync?ssp=the33across&bsw_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215 HTTP 302
https://t.pswec.com/ul_cb/bsw_sync?ssp=the33across&bsw_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215 HTTP 302
https://x.bidswitch.net/sync?dsp_id=2&user_id=edc50dcb-743d-4993-aeee-f39c4644410b&expires=3&user_group=1&ssp=the33across HTTP 302
https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=88b2fc1d-8ebb-4ab8-85b5-11599c163215 HTTP 302
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 175

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1678981499650.4&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dh%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D1%2526external_user_id%253D%255BMM_UUID%255D HTTP 302
https://sync.mathtag.com/sync/img?us_privacy=&mt_exid=73&redir=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D HTTP 302
https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=1&external_user_id=e7ef6413-397c-4900-b930-b5f1dddc2b71

Request Chain 176

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true HTTP 302
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE~A HTTP 302
https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE%7EA&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 177

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy= HTTP 302
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=58f13e7f0eb920e6&is_secure=true&networkId=78390&version=1&us_privacy= HTTP 302
https://ssc-cms.33across.com/ps?xi=64&xu=AAALsB7EWatNiwMkwbVhAAAAAAA&expiration=1679067901&is_secure=true&us_privacy= HTTP 302
https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAALsB7EWatNiwMkwbVhAAAAAAA&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 178

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID HTTP 302
https://ssc-cms.33across.com/ps/?us_privacy=&xi=33&xu=4629100391442130554158 HTTP 302
https://events-ssc.33across.com/match?bidder_id=33&external_user_id=4629100391442130554158&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 179

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy= HTTP 301
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=

Request Chain 180

https://x.bidswitch.net/sync?ssp=the33across&us_privacy= HTTP 302
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=the33across HTTP 302
https://x.bidswitch.net/sync?dsp_id=188&user_id=TcSDncZYV45wrB3TZQ5UTZU4mbQ&user_group=1&ssp=the33across HTTP 302
https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=88b2fc1d-8ebb-4ab8-85b5-11599c163215 HTTP 302
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 181

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true HTTP 302
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE~A HTTP 302
https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE%7EA&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 182

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy= HTTP 302
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=77b41fdbf8c413f2&is_secure=true&networkId=78390&version=1&us_privacy= HTTP 302
https://ssc-cms.33across.com/ps?xi=64&xu=AAAHFgpS4pr8dwMR5t3IAAAAAAA&expiration=1679067901&is_secure=true&us_privacy= HTTP 302
https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAHFgpS4pr8dwMR5t3IAAAAAAA&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 183

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID HTTP 302
https://ssc-cms.33across.com/ps/?us_privacy=&xi=33&xu=4629100391442130554158 HTTP 302
https://events-ssc.33across.com/match?bidder_id=33&external_user_id=4629100391442130554158&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 184

https://ssc-cms.33across.com/ps/?_=1678981499651.&ri=0010b00002CphGRAAZ&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D HTTP 302
https://s.pubmine.com/match?bidder_id=6&external_user_id=212097253572021&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 185

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1678981499651.4&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dh%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D1%2526external_user_id%253D%255BMM_UUID%255D HTTP 302
https://sync.mathtag.com/sync/img?us_privacy=&mt_exid=73&redir=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D HTTP 302
https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=1&external_user_id=e7ef6413-397c-4900-b930-b5f1dddc2b71

Request Chain 208

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=ttd&i=3d9ac594-fe09-4c7e-87b5-bf29cab7004f

Request Chain 209

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://usersync.gumgum.com/usersync?b=sus&i=ZBM5fcCo8XoAAFrgCrwAAAAA

Request Chain 210

https://cs.admanmedia.com/sync/gumgum?puid=u_b7c2dee0-caea-4e8b-abbf-57324bbef484&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Daad%26i%3D%5BDSP_USER_ID%5D&gdpr=0&gdpr_consent=&ccpa= HTTP 302
https://usersync.gumgum.com/usersync?b=aad&i=d15241ba-d2da-4c8b-89fb-be3a9c3d1612

Request Chain 256

https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfc0065a501c0a8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=222&height=577&hide_cover=false&hide_cta=false&href=https%3A%2F%2Fwww.facebook.com%2Fmyreturnticket%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=timeline&width=338 HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfc0065a501c0a8%2526domain%253Dmyreturnticket.ca%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmyreturnticket.ca%25252Ff3eee10fad7a17c%2526relation%253Dparent.parent%26container_width%3D222%26height%3D577%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmyreturnticket%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dtimeline%26width%3D338

Request Chain 258

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://usersync.gumgum.com/usersync?b=rth&i=kjbsEGvaAZbLcNsn551P&pi=gumgum&tc=1

Request Chain 259

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMiBXiCNGyciSQ_2RPFQNVE&google_cver=1

Request Chain 261

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&gdpr=0&gdpr_consent=&expires=30

Request Chain 262

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LFBA8GCO-24-1S47

Request Chain 263

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTJiMGJiMTRjYzY3YjMwNTA0MWYzYTEzNjQ0OGI3MjU2ODZlZWJhYw

Request Chain 264

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/wWJbXCQ4GZOZLVPD5l_uDMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-p4GVTudE2oJmLwSuEx1luUDTw3oc3cfiy7ZOFQ--~A

Request Chain 265

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZCQThHQ08tMjQtMVM0Nw==

Request Chain 266

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ZHcTKwQhTpSlRnnaecl_Kg&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ZHcTKwQhTpSlRnnaecl_Kg

Request Chain 269

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=synacor_xapi&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=synacor_xapi&endpoint=us-east

Request Chain 272

https://pixel.33across.com/ps?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X HTTP 302
https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X

Request Chain 275

https://match.adsrvr.org/track/cmf/generic?ttd_pid=technoratimedia&ttd_tpi=1 HTTP 302
https://uat-net.technoratimedia.com/services?srv=cs&pid=7&uid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f

Request Chain 276

https://secure.adnxs.com/getuid?https://sync.technoratimedia.com/services?srv=cs&pid=46&uid=$UID HTTP 302
https://sync.technoratimedia.com/services?srv=cs&pid=46&uid=1694000653285184985

Request Chain 277

https://gum.criteo.com/sync?c=372&r=1&u=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D64%26uid%3D%40USERID%40 HTTP 302
https://sync.technoratimedia.com/services?srv=cs&pid=64&uid=sqXAZiAazWpjCwTq9HOq8td9EEzBY3h_

Request Chain 278

https://match.prod.bidr.io/cookie-sync/syn HTTP 303
https://match.prod.bidr.io/cookie-sync/syn?_bee_ppp=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFHm07IJnMAAB-p_D8lqA&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csyn%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dsyn%26bee_sync_hop_count%3D1 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csyn&bee_sync_current_partner=pm&bee_sync_initiator=syn&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAFHm07IJnMAAB-p_D8lqA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsyn%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dsyn%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=syn&bee_sync_current_partner=pp&bee_sync_initiator=syn&bee_sync_hop_count=2&ev=AAFHm07IJnMAAB-p_D8lqA&pid=558502&do=add HTTP 303
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAFHm07IJnMAAB-p_D8lqA

Request Chain 279

https://sync.1rx.io/usersync2/rmpssp?sub=synacor HTTP 302
https://ad.turn.com/r/cs?pid=45&rndcb=2551809949 HTTP 302
https://sync.1rx.io/usersync/turn/7826914019700556296?dspret=1&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005

Request Chain 280

https://ad.360yield.com/server_match?partner_id=1669&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D79%26uid%3D%7BPUB_USER_ID%7D HTTP 302
https://sync.technoratimedia.com/services?srv=cs&pid=79&uid=369c474d-bcb1-496e-8b73-77f1f6fe3cfb

Request Chain 281

https://ups.analytics.yahoo.com/ups/58266/sync?redir=true HTTP 302
https://uat-net.technoratimedia.com/services?srv=cs&pid=80&uid=y-I.IRXxNE2uGU0hjFU6GayyWjqzi6tT0E~A

Request Chain 282

https://ssum-sec.casalemedia.com/usermatchredir?s=191740&cb=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D82%26uid%3D HTTP 302
https://sync.technoratimedia.com/services?srv=cs&pid=82&uid=ZBM5ew3lKTK1bGaeTrJAtAAA%263575

Request Chain 283

https://sync.aralego.com/idSync?ucf_nid=par-488A3E6BD8D997D0ED8B3BD34D8BA4B&ucf_user_id=3D2E27AC42E64EE8AD58528E3DA25669&redirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D37%26uid%3DUCFUID HTTP 302
https://x.bidswitch.net/sync?ssp=ucfunnel&user_id=b5f949c1-909b-34e0-aab6-e55c10862ebd&gdpr=0&gdpr_consent= HTTP 302
https://dis.criteo.com/dis/usersync.aspx?r=25&p=52&dis=0&gdpr=0&gdpr_consent=&url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D462%26ssp%3Ducfunnel%26user_id%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://x.bidswitch.net/sync?dsp_id=462&ssp=ucfunnel&user_id=k-Aone-ztpe8e1CwsTRvwvZhSlOFMyehVopnhoWg&gdpr=0&gdpr_consent= HTTP 302
https://sync.aralego.com/idSync?redirect=&ucf_nid=dsp-6AABDA2D3AA6EAD1E94E9442DE6444A&ucf_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215

Request Chain 284

https://x.bidswitch.net/sync?ssp=synacor&user_id=3D2E27AC42E64EE8AD58528E3DA25669 HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dsynacor%26bsw_param%3D88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=e7ef6413-397c-4900-b930-b5f1dddc2b71&expires=30&ssp=synacor&bsw_param=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent= HTTP 302
https://uat-net.technoratimedia.com/services?srv=cs&pid=48&uid=88b2fc1d-8ebb-4ab8-85b5-11599c163215

Request Chain 285

https://synacor-match.dotomi.com/match/bounce/current?networkId=63258&version=1&nuid=3D2E27AC42E64EE8AD58528E3DA25669 HTTP 302
https://synacor-match.dotomi.com/match/bounce/current?DotomiTest=1951d39320d04de&is_secure=true&networkId=63258&version=1&nuid=3D2E27AC42E64EE8AD58528E3DA25669 HTTP 302
https://uat-net.technoratimedia.com/services?srv=cs&pid=49&uid=AAAJNwbPpexnAANRMcZVAAAAAAA&expiration=1679067902&nuid=3D2E27AC42E64EE8AD58528E3DA25669&is_secure=true

Request Chain 286

https://contextual.media.net/cksync.php?cs=3&type=syn&ovsid=3D2E27AC42E64EE8AD58528E3DA25669&redir=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D62%26uid%3D%5BUSER_ID%5D HTTP 302
https://sync.technoratimedia.com/services?srv=cs&pid=62&uid=3219830991454823000V10

Request Chain 318

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 322

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGSG0wN0lKbk1BQUItcF9EOGxxQQ&gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFHm07IJnMAAB-p_D8lqA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsyn%252Cpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=syn%2Cpp%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=2&userid=5271008299598803031&gdpr=0&gdpr_consent= HTTP 303
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAFHm07IJnMAAB-p_D8lqA&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D5271008299598803031%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3&gdpr=0 HTTP 307
https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=5271008299598803031&gdpr=0&gdpr_consent=&bee_sync_partners=pp,pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=3 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAFHm07IJnMAAB-p_D8lqA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D5271008299598803031%26gdpr%3D0%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=5271008299598803031&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=4&ev=AAFHm07IJnMAAB-p_D8lqA&pid=558502&do=add&gdpr=0 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFHm07IJnMAAB-p_D8lqA&gdpr=0

Request Chain 324

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=S6WeITKyQk6ZG4bD34rOgQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 325

https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=&ct=y

Request Chain 327

https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent= HTTP 302
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&vxii_pid=12&vxii_pid1=10067&vxii_rcid=df188d4b-7e2e-49b1-bbc6-212e4c472a38

Request Chain 328

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEJBNTlFMjEtMzJCMi00MjRFLTk5MUItODZDM0RGOEFDRTgx&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 329

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHgJtB_TbD0IjyZHVfK0U5M&google_cver=1

Request Chain 330

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:AA77F830412244B9A960431CFB8DC128

Request Chain 331

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7826914019700556296&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 332

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&gdpr=0&gdpr_consent=

Request Chain 334

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-rco5rENE2uUt1m1PWv1VZbSGIetM8WE-~A&gdpr=0

Request Chain 337

https://aorta.clickagy.com/pixel.gif?ch=4&cm=8e4be494-a17e-4746-a1c8-c8b83172e600&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537073026%26val%3D%7Bvisitor_id%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:bc61a7eaaf4da9ddef88b7d1abda3820

Request Chain 338

https://rtb.openx.net/sync/dds HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=TpNaTVqCwiYxKR9OBlnSiw==&ox_sc=1&ox_init=1 HTTP 302
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1

Request Chain 339

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=536872786&val=e7ef6413-397c-4900-b930-b5f1dddc2b71

Request Chain 340

https://sync.ipredictive.com/d/sync/cookie/generic?https://us-u.openx.net/w/1.0/sd?id=537073028&val=${ADELPHIC_CUID} HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073028&val=c63294f0-203b-4b30-9308-cb83039ba6ed

Request Chain 341

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0 HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=4&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072977&val=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=

Request Chain 342

https://pixel.tapad.com/idsync/ex/receive?partner_id=1955&partner_device_id=97bba38d-a803-468f-9dbc-cb2fe6cc293d HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1955&partner_device_id=97bba38d-a803-468f-9dbc-cb2fe6cc293d

Request Chain 344

https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D HTTP 302
https://id.rlcdn.com/464246.gif?partner_uid=c403af17-3e43-4d68-8824-d30aecdb89e9 HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=a50d89b93e8fc77998d86167ef7378aef6f21d6a769d0e74a5872df097b175d0791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBhNTBkODliOTNlOGZjNzc5OThkODYxNjdlZjczNzhhZWY2ZjIxZDZhNzY5ZDBlNzRhNTg3MmRmMDk3YjE3NWQwNzkxNDI2YjU0MTdkY2UyMRAAGgwIgPPMoAYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBhNTBkODliOTNlOGZjNzc5OThkODYxNjdlZjczNzhhZWY2ZjIxZDZhNzY5ZDBlNzRhNTg3MmRmMDk3YjE3NWQwNzkxNDI2YjU0MTdkY2UyMRAAGgwIgPPMoAYSBAgCEABCAEoA&google_gid=CAESELt9fTQShT3RToUQvqEUiKs&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=4f654d6e-652e-420e-aacd-15ef59c9e751

Request Chain 345

https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072399&val=1694000653285184985

Request Chain 346

https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073061&val=7826914019700556296&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 352

https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3658&xuid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&dongle=0cfd&gdpr=0&gdpr_consent=

Request Chain 353

https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDYyOTEwMDM5MTQ0MjEzMDU1NDE1OA%3D%3D HTTP 302
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=

Request Chain 354

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEDHONjuZduwrbuPDk8U0SHo&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1

Request Chain 355

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDYyOTEwMDM5MTQ0MjEzMDU1NDE1OA%3D%3D

Request Chain 357

https://x.bidswitch.net/sync?ssp=triplelift&user_id=4629100391442130554158&gdpr=0&gdpr_consent= HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift HTTP 307
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=ed5cac5a-1761-4a6e-89a2-2143c80f6b22&ssp=triplelift HTTP 302
https://eb2.3lift.com/xuid?mid=2409&xuid=88b2fc1d-8ebb-4ab8-85b5-11599c163215&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 358

https://pr-bh.ybp.yahoo.com/sync/triplelift/4629100391442130554158?gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-_lOvdLBE2oRyBVimzTJ1ko6gYbDRbPl59kiaP9UVBw--~A&dongle=0883

Request Chain 361

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3335&xuid=1694000653285184985&dongle=4d58&gdpr=0&gdpr_consent=

Request Chain 363

https://pixel.rubiconproject.com/exchange/sync.php?p=medianet&khaos=LFBA8GCO-24-1S47 HTTP 302
https://contextual.media.net/cksync.php?type=rbcn&ovsid=LFBA8GCO-24-1S47

Request Chain 365

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=&khaos=LFBA8GCO-24-1S47 HTTP 302
https://ssc-cms.33across.com/ps/?xi=1&xu=LFBA8GCO-24-1S47 HTTP 302
https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LFBA8GCO-24-1S47&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 409

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1678981501831.2&ri=25&ru=https%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fuser_sync.html%3F%26p%3D156423%26us_privacy%3D%24%7BUS_PRIVACY%7D%26predirect%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dh%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D25%2526external_user_id%253D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D

Request Chain 410

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1678981501831.6&ri=70&ru=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Dc6a5ba0d-ce02-41bd-a1ea-842c68bd5108%26ph%3D8f5ed5d4-642c-4222-968a-d709c87ac3c8%26us_privacy%3D%24%7BUS_PRIVACY%7D%26r%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dh%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D70%2526external_user_id%253D HTTP 302
https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D

Request Chain 411

https://ssc-cms.33across.com/ps/?_=1678981501831.&ri=0014000001aXjnGAAS&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X HTTP 302
https://sync.technoratimedia.com/services?srv=cs&pid=61&uid=212097253572021

Request Chain 412

https://match.adsrvr.org/track/cmf/generic?ttd_pid=f0v35ew&ttd_tpi=1&us_privacy= HTTP 302
https://ssc-cms.33across.com/ps/?ri=102&ru=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fbidder_id%3D102%26ttl%3D1681573503%26external_user_id%3D3d9ac594-fe09-4c7e-87b5-bf29cab7004f HTTP 302
https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1681573503&external_user_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f

Request Chain 413

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1678981501831.4&ri=2&ru=https%3A%2F%2Fssum-sec.casalemedia.com%2Fusermatchredir%3Fs%3D191740%26us_privacy%3D%24%7BUS_PRIVACY%7D%26cb%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dh%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D2%2526external_user_id%253D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=191740&us_privacy=&cb=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D2%26external_user_id%3D HTTP 302
https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=2&external_user_id=ZBM5ew3lKTK1bGaeTrJAtAAA%263575

Request Chain 414

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=104&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D%7BuserId%7D HTTP 302
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341%26partner_url%3Dhttps%253A%252F%252Fssc-cms.33across.com%252Fps%252F%253Fus_privacy%253D%2526xi%253D45%2526xu%253D39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341 HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&partner_url=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341 HTTP 302
https://ssc-cms.33across.com/ps/?us_privacy=&xi=45&xu=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341 HTTP 302
https://events-ssc.33across.com/match?bidder_id=45&external_user_id=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&ts=1678981504&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 415

https://sync.srv.stackadapt.com/sync?nid=33across&us_privacy= HTTP 302
https://ssc-cms.33across.com/ps/?xi=120&xu=TcSDncZYV45wrB3TZQ5UTZU4mbQ HTTP 302
https://events-ssc.33across.com/match?bidder_id=120&external_user_id=TcSDncZYV45wrB3TZQ5UTZU4mbQ&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 428

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=synacor_xapi&khaos=LFBA8GCO-24-1S47 HTTP 302
https://uat-net.technoratimedia.com/services?srv=cs&pid=44&uid=LFBA8GCO-24-1S47

Request Chain 431

https://i.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072979&val=p7n9V5AJ1PCPMM5

Request Chain 432

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8357322694280695671

Request Chain 433

https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=WK0zbF2gOm9DrzFoWa4vZ12rYW5DrTVqW_0u7IZG

Request Chain 434

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dopenx HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=ed5cac5a-1761-4a6e-89a2-2143c80f6b22&ssp=openx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&us_privacy=

Request Chain 435

https://p.rfihub.com/cm?pub=25&in=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073062&val=1797288120114298742

Request Chain 436

https://um.simpli.fi/ox_match HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072966&val=AA77F830412244B9A960431CFB8DC128

Request Chain 437

https://i.liadm.com/s/57424?bidder_id=206088&bidder_uuid=91730cf5-c4de-4179-95db-afff5fd629de HTTP 303
https://i.liadm.com/s/57424?bidder_id=206088&bidder_uuid=91730cf5-c4de-4179-95db-afff5fd629de&_li_chk=true&previous_uuid=e50a6accab9c4036a28eb4d4abf4d276 HTTP 303
https://i.liadm.com/s/64716?md5=&sha1=&sha2=&bidder_id=206088&bidder_uuid=91730cf5-c4de-4179-95db-afff5fd629de&previous_uuid=58f43b10b9de4606b71817d88db76763 HTTP 303
https://d.turn.com/r/dd/id/L21rdC8xOTcxL2NpZC8xNzQ5ODczMjc1L3QvMg/url/https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=$!{TURN_UUID} HTTP 302
https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=7826914019700556296 HTTP 303
https://mid.rkdms.com/bct?pid=bcccb40a-06d2-44fe-bdd2-a91ef4a5bfd0&&puid=e50a6acc-ab9c-4036-a28e-b4d4abf4d276&liid=&_ct=im HTTP 302
https://i.liadm.com/s/19948?bidder_id=178256&bidder_uuid=99735d0ae76c66c5b1089dab49097d14 HTTP 303
https://x.bidswitch.net/sync?dsp_id=42&user_id=

Request Chain 443

https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=LFBA8GCO-24-1S47 HTTP 302
https://usersync.gumgum.com/usersync?b=mag&i=LFBA8GCO-24-1S47

Request Chain 508

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:e7ef6413-397c-4900-b930-b5f1dddc2b71&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ%26gdpr%3D%24GDPR_APPLIES%26initiator%3Dplatform%26gdpr_consent%3D%24CONSNT_STRING%26us_privacy%3D%24CCPA%26uid%3D4BA59E21-32B2-424E-991B-86C3DF8ACE81 HTTP 302
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81

Request Chain 509

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=85e60e8e-c411-11ed-ad00-8b125e48859e

Request Chain 510

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=cywC1nYhC9VoLgDSci8e3XYqUNRoLATQcHx_ftNx HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ%26gdpr%3D%24GDPR_APPLIES%26initiator%3Dplatform%26gdpr_consent%3D%24CONSNT_STRING%26us_privacy%3D%24CCPA%26uid%3D4BA59E21-32B2-424E-991B-86C3DF8ACE81 HTTP 302
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81

Request Chain 511

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1694000653285184985&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ%26gdpr%3D%24GDPR_APPLIES%26initiator%3Dplatform%26gdpr_consent%3D%24CONSNT_STRING%26us_privacy%3D%24CCPA%26uid%3D4BA59E21-32B2-424E-991B-86C3DF8ACE81 HTTP 302
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81

Request Chain 512

https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent= HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw&piggybackCookie=di_ceccdb14380943aaae433 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ%26gdpr%3D%24GDPR_APPLIES%26initiator%3Dplatform%26gdpr_consent%3D%24CONSNT_STRING%26us_privacy%3D%24CCPA%26uid%3D4BA59E21-32B2-424E-991B-86C3DF8ACE81 HTTP 302
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81

Request Chain 513

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ%26gdpr%3D%24GDPR_APPLIES%26initiator%3Dplatform%26gdpr_consent%3D%24CONSNT_STRING%26us_privacy%3D%24CCPA%26uid%3D4BA59E21-32B2-424E-991B-86C3DF8ACE81 HTTP 302
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81

Request Chain 519

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=1088cf5ab4b319f0&is_secure=true&networkId=17100&version=1&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAJNwbPpexnpgMX1RWnAAAAAAA&expiration=1679067906&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&is_secure=true&gdpr_consent=&gdpr=0

Request Chain 521

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=

Request Chain 522

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=00c78c89-c149-493d-9f8b-619f396156a7&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 528

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:e7ef6413-397c-4900-b930-b5f1dddc2b71&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 529

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=85e60e8e-c411-11ed-ad00-8b125e48859e

Request Chain 530

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=7b6ba078131304de&is_secure=true&networkId=17100&version=1&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAABurFedqwI2gNcvOhJAAAAAAA&expiration=1679067906&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&is_secure=true&gdpr_consent=&gdpr=0

Request Chain 532

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=cywC1nYhC9VoLgDSci8e3XYqUNRoLATQcHx_ftNx HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 533

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1694000653285184985&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 534

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=

Request Chain 535

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://a.clickcertain.com/px/img/bidswitch/?bidswitch_ssp_id=pubmatic&bs_uid=88b2fc1d-8ebb-4ab8-85b5-11599c163215 HTTP 302
https://a.usbrowserspeed.com/cs?puid=a97bdc06-fa81-580b-ab52-26d5f950dd6a&pid=lc&r=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26bidswitch_ssp_id%3dpubmatic HTTP 302
https://a.clickcertain.com/px/img/bidswitch/?done=true&bidswitch_ssp_id=pubmatic HTTP 302
https://x.bidswitch.net/sync?dsp_id=179&user_id=a02e46c5-f971-40ab-86f0-9e8853975518&expires=5&user_group=0&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 536

https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent= HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw&piggybackCookie=di_ceccdb14380943aaae433 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 537

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1694000653285184985

Request Chain 608

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:p7n9V5AJ1PCPMM5&gdpr=0&gdpr_consent=

Request Chain 609

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 610

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=028f34c1-613f-4461-8691-942c34e57cc7&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81

Request Chain 611

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=TcSDncZYV45wrB3TZQ5UTZU4mbQ&gdpr=0&gdpr_consent=

Request Chain 612

https://ums.acuityplatform.com/tum?umid=6 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=755368169996

Request Chain 613

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 614

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2272419832 HTTP 302
https://sync.1rx.io/usersync/tradedesk/3d9ac594-fe09-4c7e-87b5-bf29cab7004f HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-d2b454e6-c171-4964-9682-92313ebf9f6a-005 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005

Request Chain 615

https://ad.mrtnsvr.com/sync/pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=fi7GcUNap

Request Chain 617

https://idsync.rlcdn.com/712188.gif?partner_uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent= HTTP 307
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=c403af17-3e43-4d68-8824-d30aecdb89e9

Request Chain 621

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B341_FFA08470_53A62AD8&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
https://pmp.mxptint.net/sn.ashx?ak=1

Request Chain 622

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671

Request Chain 637

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:p7n9V5AJ1PCPMM5&gdpr=0&gdpr_consent=

Request Chain 638

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 639

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=e9a25b29-a600-4282-9245-484b9eb85153&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81

Request Chain 640

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=TcSDncZYV45wrB3TZQ5UTZU4mbQ&gdpr=0&gdpr_consent=

Request Chain 641

https://ums.acuityplatform.com/tum?umid=6 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=755368186129

Request Chain 643

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=74&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fmediamathtest%2F1508%2F%5BMM_UUID%5D%3Fzcc%3D0%26sspret%3D1&rndcb=7834172041 HTTP 302
https://sync.1rx.io/usersync3/mediamathtest/1508/e7ef6413-397c-4900-b930-b5f1dddc2b71?zcc=0&sspret=1 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-d2b454e6-c171-4964-9682-92313ebf9f6a-005 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005

Request Chain 644

https://ad.mrtnsvr.com/sync/pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=fi7GcUNap

Request Chain 645

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=3wiLY6BODK2N0x6YhDkTZA

Request Chain 647

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=c2fdb966-d9f3-49f0-99f8-5b63e31eb9bb

Request Chain 650

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81 HTTP 303
https://mid.rkdms.com/bct?pid=bcccb40a-06d2-44fe-bdd2-a91ef4a5bfd0&&puid=e50a6acc-ab9c-4036-a28e-b4d4abf4d276&liid=&_ct=im HTTP 302
https://i.liadm.com/s/19948?bidder_id=178256&bidder_uuid=99735d0ae76c66c5b1089dab49097d14 HTTP 303
https://x.bidswitch.net/sync?dsp_id=42&user_id=

Request Chain 651

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=4BA59E21-32B2-424E-991B-86C3DF8ACE81 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=7ff921e5-25b0-4e04-b3af-8fa1c58c64b2%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&ttd_puid=7ff921e5-25b0-4e04-b3af-8fa1c58c64b2%2C%2C

Request Chain 652

https://io.narrative.io/?companyId=673&id=pubmatic_id:4BA59E21-32B2-424E-991B-86C3DF8ACE81 HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=872f5e30-c411-11ed-b41e-0ee5b27fb8ad&companyId=673&id=pubmatic_id:4BA59E21-32B2-424E-991B-86C3DF8ACE81

Request Chain 653

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=Y2kwSjV2Nno0a1ZUcTZTVFRhaWxhcDdqZw==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%253D%253D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/a?adform_uid=8357322694280695671&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D HTTP 302
https://a.audrte.com/p

Request Chain 655

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:AA77F830412244B9A960431CFB8DC128&gdpr=0&gdpr_consent=

Request Chain 656

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7322679081744262523&uid=Q7322679081744262523&ref=%2Fepm HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7322679081744262523

Request Chain 659

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=4BA59E21-32B2-424E-991B-86C3DF8ACE81&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=4BA59E21-32B2-424E-991B-86C3DF8ACE81&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 660

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&addseg=10,33,39

Request Chain 661

https://pixel.onaudience.com/?partner=214&mapped=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&icm&gdpr=0&gdpr_consent=&cver HTTP 302
https://loada.exelator.com/load/?p=1164&g=1&j=r&gdpr=0&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0 HTTP 302
https://loada.exelator.com/load/?p=1164&g=1&j=r&gdpr=0&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0&xl8blockcheck=1 HTTP 302
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=fbd929def1f1838de93dfe51e6d3f928&gdpr=0 HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=952214257d33a416 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=b9514cb0-6fd3-4cc0-4165-d12078b4ac31&reqId=1aed641d-20bb-4f76-7940-30102e00ca3a&zcluid=952214257d33a416&zdid=1332 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEJ7umAve7qB_3bzDaQDOLlw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=b9514cb0-6fd3-4cc0-4165-d12078b4ac31&reqId=1aed641d-20bb-4f76-7940-30102e00ca3a&zcluid=952214257d33a416&zdid=1332

Request Chain 662

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:41a04464-94e4-4efc-9f92-df7de44ad977&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 782

https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df35b69ff55423d8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&height=577&hide_cover=false&hide_cta=false&href=https%3A%2F%2Fwww.facebook.com%2Fmyreturnticket%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=timeline&width=338 HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df35b69ff55423d8%2526domain%253Dmyreturnticket.ca%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmyreturnticket.ca%25252Ff3eee10fad7a17c%2526relation%253Dparent.parent%26container_width%3D0%26height%3D577%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmyreturnticket%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dtimeline%26width%3D338

889 HTTP transactions
46 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
myreturnticket.ca/
Redirect Chain

https://www.myreturnticket.ca/
https://myreturnticket.ca/

770 KB
78 KB

132ms
131ms

Document
text/html

192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

019868423396868e03b3b7ed69e29e61f356e65aeb402403be2a1dd468683eb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=179, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 15:44:58 GMT
host-header: WordPress.com
last-modified: Thu, 16 Mar 2023 15:42:57 GMT
link: <https://myreturnticket.ca/wp-json/>; rel="https://api.w.org/" <https://wp.me/3N29R>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 2.yyz _atomic_dca BYPASS
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
x-nananana: Batcache-Hit

Redirect headers

content-length: 162
content-type: text/html
date: Thu, 16 Mar 2023 15:44:58 GMT
location: https://myreturnticket.ca/
server: nginx
strict-transport-security: max-age=31536000
x-ac: 2.yyz BYPASS

GET
H2 200 webfont.js Show response
myreturnticket.ca/wp-content/mu-plugins/wpcomsh/vendor/automattic/custom-fonts/js/ 12 KB
5 KB 97ms
97ms Script
application/javascript 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/wp-content/mu-plugins/wpcomsh/vendor/automattic/custom-fonts/js/webfont.js

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c4ed980116c12325b30c81ef2bf6e2284ba2242b57d7c2ee4867278fd078dcae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 14 Mar 2023 16:18:34 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
etag: W/"64109e5a-30cd"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Thu, 23 Mar 2023 15:44:58 GMT

GET
H2 200 wp-emoji-release.min.js Show response
myreturnticket.ca/wp-includes/js/ 18 KB
5 KB 104ms
103ms Script
application/javascript 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
etag: W/"62551487-48b9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
myreturnticket.ca/_static/ 738 KB
104 KB 134ms
133ms Stylesheet
text/css 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/_static/??-eJyVU8tywyAM/KFSmkOb9NDppTP9gH5AB4NCFcvAIBiP/774kTSPsevcWKRdJK1og9DeJXBJBsoWHUubC6wgWlllJCMr8roWhFVUsZOcOoJHzfzQ3lJJdT4nYSOay0R0mrIBlgeWDRhUQND0zHMQCh2iILBKd48Nun/ZJXaOzznXpWk/9MHSIKexOHG8E5ublwqWmhQzapF+ijoviUOjkATninXEMroyCUwgQ64I9aB1kyHG4JzitQnaN8G7ksHLDpzaPHXyAQGcAaexgE//oYzp5FevwZM2qQSc5hQPkILStWy8yT1Hq+gzA0luMRS7quzMfD2z7CkgjhdrBRISGGEVEZRtXEBrBQlrmBnqaHyZqdtjWpNShj6tVhuKY2tLmNYiJPTuCq2VaNFYSL3tnJSNqvk73SuxL2tZx+U1m+Oy16ho/JQC9dDOXTo+GmXG73cXkX9UBDPsdn9EZ/9jfg9mjfWSt54vwNJvPyr0RU7nPvW9edu8bHe71+3z7ukXPUoOrQ==

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

853b6242d851436432885d6ba50566e89e29ad5256807f3abea8137caec3d288

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Mar 2023 16:26:20 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
x-page-optimize: uncached
etag: W/"913d98acf27967e009b2a72f081c8973"
vary: Accept-Encoding
content-type: text/css;charset=utf-8
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 dashicons.min.css
myreturnticket.ca/wp-includes/css/ 58 KB
34 KB 97ms
97ms Stylesheet
text/css 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/wp-includes/css/dashicons.min.css?ver=6.1.1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
etag: W/"603ffca6-e688"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts-api.wp.com/ 4 KB
523 B 67ms
66ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Muli:300,400,300italic,400italic

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

04f9e15d97bf49799e9468889b72551f097fc44bccdccdbed84e7f2631ae5888

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS yyz 2
last-modified: Thu, 16 Mar 2023 15:43:00 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 css
fonts-api.wp.com/ 1 KB
414 B 69ms
68ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Enriqueta:400,700&subset=latin,latin-ext

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f871a20cc81d534bb7daabfa1c4b937c94464358d4bba35b785a5d99cc996b12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS yyz 2
last-modified: Thu, 16 Mar 2023 15:44:58 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 / Show response
myreturnticket.ca/_static/ 32 KB
11 KB 101ms
101ms Script
application/javascript 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/_static/??-eJx1zcEKAjEMBNAfshsFqb2I3+JuY8mSTUuSuvj39uBBBI/DDG/2FkgW7hkNVoNM5vBEyVVBsaCg3r1q0C5OG04bybTaYW9hqeIoDo17ITEofcQZtcDcifMHMaBBeGiVXw9i/gL+3Y7qZ33brqcY4yWd0zG9Ab50QjM=

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

82be39fec355411c0ba2309df7a0dfc0ff74262fe03a32f0aed19decb931ed05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 26 Oct 2022 11:46:48 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
x-page-optimize: uncached
etag: W/"ebbcdb12c23482d922bbbf594e07f2c8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 view.js Show response
myreturnticket.ca/wp-content/plugins/jetpack/_inc/blocks/contact-form/ 4 KB
1 KB 96ms
95ms Script
application/javascript 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/wp-content/plugins/jetpack/_inc/blocks/contact-form/view.js?minify=false&ver=12.0-a.1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e54d86561445d293d82172fc7071e7600a138024a8d4d29ad03952923a8b1b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 07 Mar 2023 19:14:38 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
etag: W/"64078d1e-e10"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 token-bridge.js Show response
myreturnticket.ca/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/lib/ 10 KB
4 KB 97ms
96ms Script
application/javascript 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/lib/token-bridge.js?ver=0.12.0

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5891c67601020cabaf90ed5ddda027b085f57af3ab6c669cdeadd85ddd1f62a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 20 Feb 2023 21:09:24 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
etag: W/"63f3e184-26ca"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
myreturnticket.ca/wp-includes/js/jquery/ 88 KB
31 KB 101ms
101ms Script
application/javascript 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 19 Sep 2022 14:16:24 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
etag: W/"632879b8-15e54"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
myreturnticket.ca/_static/ 14 KB
5 KB 106ms
106ms Script
application/javascript 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/_static/??wp-includes/js/jquery/jquery-migrate.min.js,wp-content/plugins/jetpack/_inc/build/tiled-gallery/tiled-gallery/tiled-gallery.min.js?m=1638896208

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

89c5314e12d29bf3bc413ae55b71d08b57919695674b14aed3c4ef8670ed2b2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 07 Dec 2021 16:56:48 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
x-page-optimize: uncached
etag: W/"b8765a7782472af02a67683cabbb586f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 cropped-Newft-mrt-2.png
myreturnticket.ca/wp-content/uploads/2022/08/ 108 KB
108 KB 102ms
100ms Image
image/png 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://myreturnticket.ca/wp-content/uploads/2022/08/cropped-Newft-mrt-2.png

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d994257abaf5f4b6b085c3210a1ab76e85b38b24cc65e0b53acb5158963b675b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
x-ac: 2.yyz _atomic_dca BYPASS
last-modified: Sun, 21 Aug 2022 01:17:21 GMT
server: nginx
etag: "630187a1-1b0b6"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 110774
expires: Thu, 23 Mar 2023 15:44:58 GMT

GET
H2 200 img_8290.jpg
i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/ 76 KB
76 KB 400ms
354ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/img_8290.jpg?resize=618%2C857&ssl=1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

3285ccad564996ec76ee325e1ab72f2f31c39486cd513b4b508fa8066d8651e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 2
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Mar 2023 15:44:59 GMT
server: nginx
etag: "89ad129af83ee457"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://myreturnticket.ca/wp-content/uploads/2023/03/img_8290.jpg>; rel="canonical"
content-length: 77526
expires: Sun, 16 Mar 2025 03:44:59 GMT

GET
H2 200 videopress-iframe.js Show response
v0.wordpress.com/js/next/ 5 KB
2 KB 85ms
32ms Script
application/javascript 192.0.78.13
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://v0.wordpress.com/js/next/videopress-iframe.js?m=1658470809

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.13 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

381e5a664274a2bb2192ba972942266d4b1dd7f4b0ff32012108dbdf789980ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
content-encoding: br
x-ac: 1.yyz _dca MISS
strict-transport-security: max-age=31536000
server: nginx
etag: W/"63d43735-1248"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Fri, 15 Mar 2024 15:44:58 GMT

GET
H2

200

embed_v1.0.11.js Show response
lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/
Redirect Chain

https://www.tiktok.com/embed.js
https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/embed_v1.0.11.js

46 KB
15 KB

113ms
19ms

Script
application/javascript

104.126.118.225
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/embed_v1.0.11.js
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 104.126.118.225 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-225.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b29c6a754f45310e946a97bcbccc44374ed897a0c775b7166282c90fa4e25ee0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 5096b6f
date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: br
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: lsfdwK5Nxxm1c0rDF9Gs9Q==
x-cache: TCP_MEM_HIT from a104-126-118-221.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-tos-storage-class: STANDARD
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=2
content-length: 14606
x-tos-request-id: 2aa03e6574d6579d636574d6-abc21a2
x-tos-response-time: Fri, 04 Nov 2022 20:23:50 GMT
last-modified: Thu, 03 Nov 2022 00:46:49 GMT
server: nginx
etag: "96c7ddc0ae4dc719b5734ac317d1acf5"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=970830
access-control-allow-credentials: false
x-tt-trace-host: 019d508f24c89f92458507300c7f27bd9245357926b53146be7edf81019efc9fed3ab0ea435b0fb1f38f7c0cc1710d1ac3b81ca8b4dd82a11849b5be90dbff93353450d5ccfe64fb0d1a410ddf71e81ac556a93041933390f1190ce8373eba965b5fab35d69b4b7f1d7c044bd014b496b7
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

Redirect headers

x-akamai-request-id: 6a23e3c
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:44:58 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-11.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
server-timing: cdn-cache; desc=MISS, edge; dur=1, origin; dur=7
content-length: 138
pragma: no-cache
server: nginx
x-tt-logid: 202303161544571928B62D12E53C2BF74C
content-type: text/html
location: https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/embed_v1.0.11.js
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 7,23.46.157.11
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9ea8857b1194add93b627dabadad8701ae7432d6c4f7f43aeaf8d63bc99e90ae8e347217372cf26844d364af6ed034c7d
expires: Thu, 16 Mar 2023 15:44:58 GMT

GET
H2 200 spinner.gif
myreturnticket.ca/wp-content/plugins/email-subscribers/lite/public/images/ 3 KB
3 KB 115ms
113ms Image
image/gif 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://myreturnticket.ca/wp-content/plugins/email-subscribers/lite/public/images/spinner.gif

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7837e876f1eef549b3250b78380ec2df00ad6da4da6c27667424b1636854df3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
x-ac: 2.yyz _atomic_dca BYPASS
last-modified: Wed, 15 Mar 2023 16:26:20 GMT
server: nginx
etag: "6411f1ac-c88"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 3208
expires: Thu, 23 Mar 2023 15:44:58 GMT

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 7 KB
3 KB 20ms
17ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202311
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 51dc1ea3b9642d966bbdf2c63346e4d2d3f668a693fa8e7f1e31bf6acbe48860

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 2
date: Thu, 16 Mar 2023 15:44:58 GMT
content-encoding: br
x-ac: 2.yyz _dca MISS
server: nginx
etag: W/"63bbf1d2-1a69"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 12 Mar 2024 00:00:00 GMT

GET
H2 200 genericons.css
myreturnticket.ca/wp-content/plugins/jetpack/_inc/genericons/genericons/ 28 KB
16 KB 97ms
96ms Stylesheet
text/css 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?m=1452726548

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 13 Jan 2016 23:09:08 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
etag: W/"5696d914-6e6a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
myreturnticket.ca/_static/ 33 KB
10 KB 106ms
104ms Script
application/javascript 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/_static/??-eJyVkM0OgkAMhF/IpXpQ8GB8FLNbNlDo/oR2g49vjBAPyMHTJDP9JpnO2WCK6qNC5tJRFBi8ZosjPCgiuELcQu6TprhIFShWgxzmLYrJccJRoCVRGL6GsZGCVUr/k0xdry49d0AfLLGR4gQncn4SYFIPuTgmfBdtDswn2+n7sR7tlIp4XjOzGssn7uF2utRNc63PzfEFnxp/pQ==

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

818b4e85ba7eef4f3d469e91c15561223d7e751c87ea96e7523f8b65f4831a97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Mar 2023 16:26:20 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
x-page-optimize: uncached
etag: W/"cdf4226a1718d6f036f9c09e853f5b4d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 gprofiles.js Show response
secure.gravatar.com/js/ 23 KB
7 KB 63ms
17ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/js/gprofiles.js?ver=202311
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a72c573becfb1e8529cc987d0508245574afed28a710b3ca816d0f52028c66d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
content-encoding: br
last-modified: Thu, 15 Sep 2022 11:48:47 GMT
server: nginx
etag: W/"6323111f-5deb"
content-type: application/javascript
cache-control: max-age=604800
expires: Thu, 23 Mar 2023 15:44:58 GMT

GET
H2 200 / Show response
myreturnticket.ca/_static/ 11 KB
4 KB 105ms
103ms Script
application/javascript 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/_static/??-eJyNjUsOwjAMRC9Ea/FRKhaIo6B83Cat7YQmUa5PFkhIXbEczXszLQ02SkEpkKguQTKsWJK2G3B0lTBDS8sefRzXfGo/unjkXvY4hwJrhsyaaGCUeiCPu68gFkwN5GDWFk2M24Bs0I0c5H+Xwtb/3xUrei2OcP/6T36c1aTul+mqbh/BMlOn

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a452d886679256741d27135e29d2a1e6abeabef20653a8e3e95e013ccff244f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 20 Feb 2023 21:09:24 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
x-page-optimize: uncached
etag: W/"14a6a897da46c741dbe1c9b95b796a95"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
host-header: WordPress.com

GET
H2 200 sharing.min.js Show response
myreturnticket.ca/wp-content/plugins/jetpack/_inc/build/sharedaddy/ 9 KB
3 KB 99ms
96ms Script
application/javascript 192.0.78.193
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://myreturnticket.ca/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=12.0-a.1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.193 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 07 Mar 2023 19:14:38 GMT
server: nginx
x-ac: 2.yyz _atomic_dca BYPASS
etag: W/"64078d1e-2259"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202311.js Show response
stats.wp.com/ 9 KB
3 KB 76ms
17ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202311.js
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz
date: Thu, 16 Mar 2023 15:44:58 GMT
content-encoding: br
server: nginx
etag: W/"61beb1e6-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 11 Mar 2024 04:46:58 GMT

GET
H2 200 css
fonts-api.wp.com/ 8 KB
1 KB 117ms
68ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Oswald:r%7CMerriweather:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/wp-content/mu-plugins/wpcomsh/vendor/automattic/custom-fonts/js/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bf1d67ceed1ff1089d98db4dd45104cb895540427596bffb3fe6a16fdf4fba7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS yyz 2
last-modified: Thu, 16 Mar 2023 15:44:58 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H/1.1 200
OK conf Show response
s.pubmine.com/ 6 KB
2 KB 114ms
29ms Script
text/javascript 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/conf?pp.pt=0&pp.ht=1&pp.tn=confit&pp.uloggedin=0&pp.amp=false&pp.siteid=56015379&pp.consent=0&pp.ad.label.text=Advertisements&pp.ad.reportAd.text=Report%20this%20ad&rid=980833864949&ref=https%3A%2F%2Fmyreturnticket.ca%2F&vp=1600x1200&cb=callback__lfba8fp1_1
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7e5480b896d72d7eb139527f4478332a17cc485049b49e6a23b19e23faa6b58f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:44:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.wp.com/s/oswald/v49/ 10 KB
10 KB 59ms
17ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Oswald:r%7CMerriweather:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

81cd29d1413ecf75834fb3ce1da572fe5c39e53b22c61f5dafec5b14ed4ee12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://myreturnticket.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Thu, 16 Mar 2023 15:44:58 GMT
x-content-type-options: nosniff
last-modified: Mon, 18 Jul 2022 19:24:04 GMT
server: nginx
age: 488749
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 9840
x-xss-protection: 0

GET
H2 200 u-440qyriQwlOrhSvowK_l5-fCZM.woff2
fonts.wp.com/s/merriweather/v30/ 20 KB
20 KB 60ms
18ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Oswald:r%7CMerriweather:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5c2d662e92bcbf1a5970b97040f901031295e79a96314db8302f549003022087

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://myreturnticket.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Thu, 16 Mar 2023 15:44:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 26 Apr 2022 16:41:08 GMT
server: nginx
age: 220737
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 20028
x-xss-protection: 0

GET
H2 200 u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2
fonts.wp.com/s/merriweather/v30/ 19 KB
19 KB 60ms
18ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/merriweather/v30/u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Oswald:r%7CMerriweather:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

499ec54eb2afd103ec37505e23c6570fc7d89a0d728dde19d87a092e4a3261b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://myreturnticket.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Thu, 16 Mar 2023 15:44:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 26 Apr 2022 15:48:58 GMT
server: nginx
age: 534349
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 19780
x-xss-protection: 0

GET
H2 200 u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
fonts.wp.com/s/merriweather/v30/ 19 KB
19 KB 60ms
18ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Oswald:r%7CMerriweather:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

273c8613cdd2852dd5318f224d804ae6d2fc717c48d3f1dab587b6d396fb4fc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://myreturnticket.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Thu, 16 Mar 2023 15:44:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 26 Apr 2022 15:48:38 GMT
server: nginx
age: 224067
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 19740
x-xss-protection: 0

GET
H2 200 u-4l0qyriQwlOrhSvowK_l5-eR71Wvf4jvw.woff2
fonts.wp.com/s/merriweather/v30/ 19 KB
20 KB 90ms
49ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/merriweather/v30/u-4l0qyriQwlOrhSvowK_l5-eR71Wvf4jvw.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Oswald:r%7CMerriweather:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

3642df12f0d930d5846a96652080908eb2f383b602a95cf80d1e6227e66e1c46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://myreturnticket.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Thu, 16 Mar 2023 15:44:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 26 Apr 2022 15:46:01 GMT
server: nginx
age: 547745
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 19900
x-xss-protection: 0

GET
H2 206 export_1678103742728.mp4
videos.files.wordpress.com/vw01qXIL/ 1 MB
0 210ms
162ms Media
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/vw01qXIL/export_1678103742728.mp4

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://myreturnticket.ca/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

x-nc: HIT yyz 3
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Mon, 06 Mar 2023 11:58:43 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-20299983/20299984
Content-Length: 20299984
expires: Fri, 07 Apr 2023 15:22:14 GMT

GET
H2 206 export_1678103242630.mp4
videos.files.wordpress.com/ITFoJS3y/ 1 MB
0 359ms
331ms Media
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/ITFoJS3y/export_1678103242630.mp4

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://myreturnticket.ca/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

x-nc: HIT yyz 3
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Mon, 06 Mar 2023 11:51:24 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-32791960/32791961
Content-Length: 32791961
expires: Thu, 06 Apr 2023 12:06:20 GMT

GET
H2 206 img_5409.mp4
videos.files.wordpress.com/hd1axK0t/ 768 KB
0 296ms
269ms Media
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/hd1axK0t/img_5409.mp4

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://myreturnticket.ca/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

x-nc: HIT yyz 3
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Nov 2022 02:58:41 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-14578384/14578385
Content-Length: 14578385
expires: Sun, 09 Apr 2023 11:21:37 GMT

GET
H2 206 img_5410.mp4
videos.files.wordpress.com/GRrEHbzj/ 896 KB
0 226ms
198ms Media
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/GRrEHbzj/img_5410.mp4

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://myreturnticket.ca/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

x-nc: HIT yyz 3
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Nov 2022 02:58:59 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-14930331/14930332
Content-Length: 14930332
expires: Thu, 06 Apr 2023 19:57:55 GMT

GET
H2 200 XO6mYVEb Show response
videopress.com/embed/ Frame 0A04 7 KB
2 KB 347ms
294ms Document
text/html 192.0.78.25
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://videopress.com/embed/XO6mYVEb?cover=1&preloadContent=metadata&useAverageColor=1&hd=1
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 894c783178eb7ccec8bec8aa7b8a886a54342f6c43f6725a103cd5e0ffda9589

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:44:59 GMT
server: nginx
vary: Accept-Encoding
x-ac: 2.yyz _dca MISS
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.

GET
DATA 200
OK truncated
/ 547 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 552 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 380 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 img_8289.jpg
i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/ 46 KB
46 KB 354ms
349ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/img_8289.jpg?resize=618%2C635&ssl=1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

7364d32e7ae3480a5e82ac421c9de640df6efc15abc2e38f2e7eaa85996e8fff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 2
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Mar 2023 15:44:59 GMT
server: nginx
etag: "1abbfbeb9d3d1785"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://myreturnticket.ca/wp-content/uploads/2023/03/img_8289.jpg>; rel="canonical"
content-length: 46720
expires: Sun, 16 Mar 2025 03:44:59 GMT

GET
H2 200 img_8288.jpg
i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/ 51 KB
52 KB 328ms
323ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/img_8288.jpg?resize=618%2C428&ssl=1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

a53e0354865b02c562361b3514858c376cacafe997e5e8fdab0af3c754376299

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 2
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Mar 2023 15:44:59 GMT
server: nginx
etag: "cd8827b67e5761e3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://myreturnticket.ca/wp-content/uploads/2023/03/img_8288.jpg>; rel="canonical"
content-length: 52724
expires: Sun, 16 Mar 2025 03:44:59 GMT

GET
H2 200 img_8285.jpg
i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/ 57 KB
57 KB 367ms
363ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/img_8285.jpg?resize=550%2C1024&ssl=1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

8848f7b4f4344ac088ca265add62659588b7e324f27fe2d3d4914595e38fbf3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 2
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Mar 2023 15:44:59 GMT
server: nginx
etag: "b5afccd6f102fa98"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://myreturnticket.ca/wp-content/uploads/2023/03/img_8285.jpg>; rel="canonical"
content-length: 58238
expires: Sun, 16 Mar 2025 03:44:59 GMT

GET
H2 200 img_8284.jpg
i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/ 49 KB
50 KB 601ms
597ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/img_8284.jpg?resize=618%2C464&ssl=1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

841fee61c1724519fce296da783c4346d73054922cc718992655ea3ee19066e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 2
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Mar 2023 15:44:59 GMT
server: nginx
etag: "e88cd2e34d70a91c"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://myreturnticket.ca/wp-content/uploads/2023/03/img_8284.jpg>; rel="canonical"
content-length: 50586
expires: Sun, 16 Mar 2025 03:44:59 GMT

GET
H2 200 img_8282.jpg
i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/ 43 KB
43 KB 257ms
252ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/img_8282.jpg?resize=618%2C425&ssl=1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

c093b1020f02bb70adaf6d648e3fe71409475aae8d054596484e244aa9dc1d20

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 2
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Mar 2023 15:44:59 GMT
server: nginx
etag: "fbc6f0916d122765"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://myreturnticket.ca/wp-content/uploads/2023/03/img_8282.jpg>; rel="canonical"
content-length: 43794
expires: Sun, 16 Mar 2025 03:44:59 GMT

GET
H2 200 img_8280.jpg
i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/ 58 KB
59 KB 520ms
516ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/myreturnticket.ca/wp-content/uploads/2023/03/img_8280.jpg?resize=600%2C800&ssl=1

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

94e9470c7f3fbbcf874d293723dcbd74a4346ce3edf5bc76c9972d3358a4265d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 2
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Mar 2023 15:44:59 GMT
server: nginx
etag: "de748bd377a4f84b"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://myreturnticket.ca/wp-content/uploads/2023/03/img_8280.jpg>; rel="canonical"
content-length: 59892
expires: Sun, 16 Mar 2025 03:44:59 GMT

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 351 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 242 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 xBxg03xe Show response
videopress.com/embed/ Frame E039 7 KB
2 KB 400ms
399ms Document
text/html 192.0.78.25
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://videopress.com/embed/xBxg03xe?cover=1&preloadContent=metadata&useAverageColor=1&hd=1
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.78.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 3562d6f044f64a4fc1f10f605f9526f878567c59c81d660dd46b51278f534d75

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:44:59 GMT
server: nginx
vary: Accept-Encoding
x-ac: 2.yyz _dca MISS
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.

GET
H2 200 nimv_DfBYTc Show response
www.youtube.com/embed/ Frame E204 70 KB
29 KB 180ms
124ms Document
text/html 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6eb47eddc2939dfd973d0c390a02410b1341642374c4812388f1113f42748c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 f01179426dcefb2a49d126480bd70d98
secure.gravatar.com/avatar/ 2 KB
2 KB 51ms
51ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f01179426dcefb2a49d126480bd70d98?s=48&r=g
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5d34c9c4fdbdbdc490800e91e3fc5f0cfdfc734eea23c427aab2de17dbefd609

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Thu, 16 Mar 2023 15:44:59 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f01179426dcefb2a49d126480bd70d98.jpg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f01179426dcefb2a49d126480bd70d98?s=48&r=g>; rel="canonical"
content-length: 1744
expires: Thu, 16 Mar 2023 15:49:59 GMT

GET
H2 206 img_0066-2.mp4
videos.files.wordpress.com/2KwHodrq/ 837 KB
0 278ms
278ms Media
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/2KwHodrq/img_0066-2.mp4

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://myreturnticket.ca/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

x-nc: HIT yyz 3
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Aug 2022 08:45:24 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-81322324/81322325
Content-Length: 81322325
expires: Wed, 05 Apr 2023 00:53:58 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 112ms
27ms Script
application/javascript 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:44:59 GMT
Content-Encoding: gzip
Age: 442
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (nyb/1D0F)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 73ms
19ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

17eca03dbee78234d1b0040c232e9480e05707594e4d8ffcdb2b0294dac1b0d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Mar 2023 15:44:59 GMT
content-md5: tc5qvESLvu90zikvdurPLg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: KuUz6CAnw4rgnGb6EzS7V0cu5I545eX8NxPE/DN4Ps7P6uv/7SeFbN59FD3w7rJZq3rY8g7AnFmhbqtflaWXgA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1512268381
x-fb-content-md5: 6e7c6130f4fcdb2421c27952a7826006
cross-origin-opener-policy: same-origin-allow-popups
etag: "e99a906e0421233f228300425c31fa58"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Thu, 16 Mar 2023 15:45:29 GMT

GET
H2 200 master.html Show response
widgets.wp.com/likes/ Frame B2CB 3 KB
1 KB 26ms
17ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=202311
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 32cf39fdd1cd09157852ef8193ff69bc05364c447e0fbbf2271bd963b30ebd7c

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-encoding: br
content-type: text/html
date: Thu, 16 Mar 2023 15:44:59 GMT
etag: W/"6408e4c4-ae1"
last-modified: Wed, 08 Mar 2023 19:40:52 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-ac: 2.yyz _dca MISS
x-nc: HIT yyz 2

GET
H2 200 ata.js Show response
c0.pubmine.com/2.37.11677685674593/ 207 KB
54 KB 69ms
22ms Script
application/javascript 192.0.77.38
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.pubmine.com/2.37.11677685674593/ata.js

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.38 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b4b0789c9d823fd2888f4f2501afd255b449971ea288d46ab65bc2408088515a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 2
date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: gzip
strict-transport-security: max-age=15552000
last-modified: Wed, 01 Mar 2023 15:53:00 GMT
server: nginx
x-amz-cf-pop: YTO50-P1
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: max-age=31536000

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6

Request headers

Referer
Origin: https://myreturnticket.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 d5b4cf9c73b7f734b9fb5ef69333dbbd
secure.gravatar.com/avatar/ 2 KB
2 KB 69ms
64ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/d5b4cf9c73b7f734b9fb5ef69333dbbd?s=48&r=g
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5d34c9c4fdbdbdc490800e91e3fc5f0cfdfc734eea23c427aab2de17dbefd609

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Thu, 16 Mar 2023 15:44:59 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="d5b4cf9c73b7f734b9fb5ef69333dbbd.jpg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/d5b4cf9c73b7f734b9fb5ef69333dbbd?s=48&r=g>; rel="canonical"
content-length: 1744
expires: Thu, 16 Mar 2023 15:49:59 GMT

GET
H2 200 f576bf4acab8f1c01953ccb696d44080
secure.gravatar.com/avatar/ 2 KB
2 KB 75ms
70ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f576bf4acab8f1c01953ccb696d44080?s=48&r=g
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5d34c9c4fdbdbdc490800e91e3fc5f0cfdfc734eea23c427aab2de17dbefd609

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Thu, 16 Mar 2023 15:44:59 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f576bf4acab8f1c01953ccb696d44080.jpg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f576bf4acab8f1c01953ccb696d44080?s=48&r=g>; rel="canonical"
content-length: 1744
expires: Thu, 16 Mar 2023 15:49:59 GMT

GET
H2 200 4e0613c6b67be4afbd841bf8992d2200
secure.gravatar.com/avatar/ 2 KB
2 KB 70ms
65ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/4e0613c6b67be4afbd841bf8992d2200?s=48&r=g
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 68bcabe8a89729ef9647f0ecf9c543bbe167e55f40f9e4d266ac81ba60ce8b76

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 1
date: Thu, 16 Mar 2023 15:44:59 GMT
last-modified: Sun, 26 Dec 2021 21:44:05 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="4e0613c6b67be4afbd841bf8992d2200.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/4e0613c6b67be4afbd841bf8992d2200?s=48&r=g>; rel="canonical"
content-length: 1647
expires: Thu, 16 Mar 2023 15:49:59 GMT

GET
H2 200 videopress-routes.min.js Show response
v0.wordpress.com/js/videojs/ Frame 0A04 1 MB
275 KB 108ms
105ms Script
application/javascript 192.0.78.13
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Requested by

Host: videopress.com
URL: https://videopress.com/embed/XO6mYVEb?cover=1&preloadContent=metadata&useAverageColor=1&hd=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.13 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

faeb32352af50842ae43eeeeb493610d6a263c552467e7bde879f965eb4f6e9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: br
x-ac: 1.yyz _dca MISS
strict-transport-security: max-age=31536000
server: nginx
etag: W/"63e51d10-1019a7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Fri, 15 Mar 2024 15:44:59 GMT

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame B2CB 5 KB
1 KB 31ms
28ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=202311
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a1dbbafdc3544cc1a9eafad30123a7da4f4dc92a9c282efea53821cb648a4aa3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 2
date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: br
x-ac: 2.yyz _dca BYPASS
server: nginx
etag: W/"619d635a-1c9d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 23 Nov 2023 21:55:44 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame B2CB 81 KB
20 KB 31ms
29ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20230308
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=202311
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a38aca823bb17c7335f249bb6194adbc333694c11ffa76563b4cba3a033cd99c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 2
date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: br
x-ac: 2.yyz _dca MISS
last-modified: Wed, 15 Feb 2023 09:58:05 GMT
server: nginx
etag: W/"63ecacad-1430c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 07 Mar 2024 19:41:09 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
117 B 39ms
37ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=56015379&post=0&tz=-7&srv=myreturnticket.ca&hp=atomic&ac=2&amp=0&j=1%3A12.0-a.1&host=myreturnticket.ca&ref=&fcp=715&rand=0.8310921430621208
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Mar 2023 15:44:59 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 1fad6.svg
s.w.org/images/core/emoji/14.0.0/svg/ 2 KB
2 KB 104ms
34ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/1fad6.svg

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

5f6cfbb95a24944b5196aad7d85f3aacf782d9008ac0498876b0b01825003acb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:50:59 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 2044
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f30d.svg
s.w.org/images/core/emoji/14.0.0/svg/ 1 KB
1 KB 104ms
35ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/1f30d.svg

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

593d59f9f319875b02111ac46a9f70df2c1e0f3a5fd92810c3f5ddbb598ca62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Thu, 16 Mar 2023 15:44:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 1156
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hovercard.min.css
secure.gravatar.com/dist/css/ 8 KB
2 KB 28ms
28ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/dist/css/hovercard.min.css?ver=202311
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202311
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: a607444d7c4a47be64d7b310770c0fca233f8bd20f0a8ce45d7aafe8d0cb3c31

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: br
last-modified: Tue, 03 Jan 2023 09:10:35 GMT
server: nginx
etag: W/"63b3f10b-1f86"
content-type: text/css
cache-control: max-age=604800
expires: Thu, 23 Mar 2023 15:44:59 GMT

GET
H2 200 services.min.css
secure.gravatar.com/dist/css/ 3 KB
683 B 29ms
29ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/dist/css/services.min.css?ver=202311
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202311
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: d731b8734322d97cb8d0de94787235219dd7dfd9e9b11c74e696c5dd7d3faf3d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: br
last-modified: Tue, 03 Jan 2023 09:10:35 GMT
server: nginx
etag: W/"63b3f10b-ca5"
content-type: text/css
cache-control: max-age=604800
expires: Thu, 23 Mar 2023 15:44:59 GMT

GET
H2 200 embed_lib_v1.0.11.css
lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/ 4 KB
2 KB 31ms
29ms Stylesheet
text/css 104.126.118.225
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/embed_lib_v1.0.11.css
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.225 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-225.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 03bdc578df22c63b243c4f3e898dd7d083c65b24205260541b0abc072cc38e5a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 5096c5a
date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: br
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: zJ2Nyh55L+w+3gi0qlc5pw==
x-cache: TCP_MEM_HIT from a104-126-118-221.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-tos-storage-class: STANDARD
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=2
content-length: 1200
x-tos-request-id: cfc4d657ae030cd63657ae0-abf374f
x-tos-response-time: Fri, 04 Nov 2022 20:49:36 GMT
last-modified: Thu, 03 Nov 2022 00:46:49 GMT
server: nginx
etag: "cc9d8dca1e792fec3ede08b4aa5739a7"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2406573
access-control-allow-credentials: false
x-tt-trace-host: 019d508f24c89f92458507300c7f27bd9245357926b53146be7edf81019efc9fed29e68077557b3a8544c41a1449cb51b243da63d88cd49c24d27851f08ac4266996b2b2dcfe6f221f90b44a7f75523467cc071dc2ab6689fae90ce05ac3fd1184393fcab963164b048a6ddf374eaad2bb
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 embed_lib_v1.0.11.js Show response
lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/ 15 KB
6 KB 28ms
26ms Script
application/javascript 104.126.118.225
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/embed_lib_v1.0.11.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.225 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-225.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 48936f736af03400e469982565d12dfa88860943bd07a3f55708b5fc3c7d71ff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 5096c5b
date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: br
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: JUYbgsiLfr+GLQDyuWkf0Q==
x-cache: TCP_MEM_HIT from a104-126-118-221.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-tos-storage-class: STANDARD
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=1
content-length: 5148
x-tos-request-id: 6fa474657ae1d8da63657ae1-abd2e8e
x-tos-response-time: Fri, 04 Nov 2022 20:49:37 GMT
last-modified: Thu, 03 Nov 2022 00:46:49 GMT
server: nginx
etag: "25461b82c88b7ebf862d00f2b9691fd1"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=536719
access-control-allow-credentials: false
x-tt-trace-host: 019d508f24c89f92458507300c7f27bd9245357926b53146be7edf81019efc9fed166ef1359c6476dc9be1122c73efe49980b48b2aa4f25b9b43e9f7a37fce71e428c94e8a75cc2551d48741ca480de30d203ee602fecb32875420c5c0399c4474aff36f59177d75859731cc65c6fef0eb
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 www-player.css
www.youtube.com/s/player/837bca82/ Frame E204 399 KB
51 KB 84ms
80ms Stylesheet
text/css 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/837bca82/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

627b65348371145aaabe55e47cd88f930ac1deceee9035c225e2599620b31809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 11:39:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51796
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 00:17:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 15 Mar 2024 11:39:26 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/837bca82/www-embed-player.vflset/ Frame E204 346 KB
108 KB 118ms
115ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/837bca82/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e4d695ebaa1b96bdc35fcb585618254612d65a5dc6506369f797765a3bf6f71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 05:58:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35210
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110010
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 00:17:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 15 Mar 2024 05:58:09 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/ Frame E204 2 MB
608 KB 114ms
111ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be52cc0c4ad33c383310317c3d945a2349d489e84e01ca8a284661f38a7644bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 13 Mar 2023 15:52:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 258761
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 622180
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 00:17:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 12 Mar 2024 15:52:18 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/837bca82/fetch-polyfill.vflset/ Frame E204 9 KB
3 KB 103ms
101ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/837bca82/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 13:25:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8380
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2786
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 00:17:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 15 Mar 2024 13:25:19 GMT

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame 94F9 320 KB
104 KB 48ms
47ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fmyreturnticket.ca
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D29) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67942
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:44:59 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D29)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1

200
OK

match Show response
s.pubmine.com/ Frame 9934
Redirect Chain

https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D13%26external_user_id%3D%5BUID%5D%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%...
https://s.pubmine.com/match?bidder_id=13&external_user_id=ce709306-291c-43cf-a3be-60b68d0dfea9&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=

43 B
446 B

25ms
24ms

Document
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/match?bidder_id=13&external_user_id=ce709306-291c-43cf-a3be-60b68d0dfea9&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:44:59 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

Cache-Control: no-cache, no-store, private
Content-Length: 0
Content-Type: text/plain; charset=utf8
Date: Thu, 16 Mar 2023 15:44:59 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://s.pubmine.com/match?bidder_id=13&external_user_id=ce709306-291c-43cf-a3be-60b68d0dfea9&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Server: sonobi-go
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-15
X-Xss-Protection: 0

GET
H/1.1 200
OK uc.html Show response
sync.go.sonobi.com/ Frame 28DF 2 KB
4 KB 165ms
33ms Document
text/plain 69.166.1.10
AS-XFERNET

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/uc.html?

Requested by

Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

586f3dcb8c2d4ecc85dc3228c4875b1bc46b704b5e7f621f44253a8e6cb7e357

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, private
Content-Encoding: gzip
Content-Length: 988
Content-Type: text/plain; charset=utf8
Date: Thu, 16 Mar 2023 15:44:59 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Server: sonobi-go
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-193
X-Xss-Protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 936E 16 KB
6 KB 148ms
19ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=107154
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: Fri, 17 Mar 2023 21:30:53 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1

200
OK

match Show response
s.pubmine.com/ Frame 154F
Redirect Chain

https://ups.analytics.yahoo.com/ups/58666/occ?uid=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58666/occ?uid=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0&gdpr_consent=&verify=true
https://s.pubmine.com/match?bidder_id=27&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&external_user_id=y-7CbZu.9E2uFA5W00stOwAMKe__rYGCWWc1JjUvo-~A&gdpr=0

43 B
504 B

42ms
24ms

Document
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/match?bidder_id=27&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&external_user_id=y-7CbZu.9E2uFA5W00stOwAMKe__rYGCWWc1JjUvo-~A&gdpr=0
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:44:59 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

age: 0
content-length: 0
date: Thu, 16 Mar 2023 15:44:59 GMT
location: https://s.pubmine.com/match?bidder_id=27&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&external_user_id=y-7CbZu.9E2uFA5W00stOwAMKe__rYGCWWc1JjUvo-~A&gdpr=0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server: ATS/9.1.10.25
strict-transport-security: max-age=31536000

GET
H/1.1

200
OK

match Show response
s.pubmine.com/ Frame 98E8
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&US_privacy=&redirectUri=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D23%26ssp_data%3De3643ba5-6d29-4272-9941-c...
https://s.pubmine.com/match?bidder_id=23&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=5271008299598803031

43 B
645 B

25ms
25ms

Document
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/match?bidder_id=23&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=5271008299598803031
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:44:59 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

content-length: 0
date: Thu, 16 Mar 2023 15:44:59 GMT
location: https://s.pubmine.com/match?bidder_id=23&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=5271008299598803031

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame 1C2D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=197465&gdpr=0&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%...
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_conse...

2 KB
2 KB

24ms
23ms

Document
text/html

192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: ae3cf5aa3568fd9d46f7d88506d61af60c056bb31ccaf9bddc5586443064bcb1

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 1750
Content-Type: text/html
Date: Thu, 16 Mar 2023 15:44:59 GMT
Expires: 0
Keep-Alive: timeout=1, max=499
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache

Redirect headers

Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:44:59 GMT
Expires: 0
Keep-Alive: timeout=1, max=500
Location: /usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame 618F
Redirect Chain

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d2...
https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9...

2 KB
3 KB

101ms
31ms

Document
text/html

67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: 6c8210878b445817d946a9ca013987f950b29a7b2ebb6fb529bbc1d88a5a27d5

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 1701
content-type: text/html
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: Thu, 01-Jan-70 00:00:01 GMT
location: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma: no-cache
referrer-policy: unsafe-url
server: 33XP020
x-33x-status: 8340000C

GET
H2 200 usersync.html Show response
ad-cdn.technoratimedia.com/html/ Frame E716 21 KB
7 KB 109ms
16ms Document
text/html 2606:2800:21f:2cf1:7be6:911:71d9:25f7
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ad-cdn.technoratimedia.com/html/usersync.html?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:21f:2cf1:7be6:911:71d9:25f7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (nyb/1D3C) /
Resource Hash: 0f4328dd583577482da89d8af94cd1146cec997553dd53bc2f9ee3d406cfa9ce

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-expose-headers: access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,date,etag,opc-client-info,opc-request-id,x-api-id
age: 416
cache-control: max-age=900
content-encoding: gzip
content-length: 6755
content-md5: HcWFhk+tXaF3NZt1fPMIOA==
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:44:59 GMT
etag: 9f484a91-0039-4789-8873-641b0861cba7
expires: Thu, 16 Mar 2023 15:59:59 GMT
last-modified: Thu, 02 Feb 2023 14:10:57 GMT
opc-request-id: iad-1:u1g7vpBu85XhiWbqCM7jEaasRkzdkZFhq6XHNWKA1lqCTeLKVrRVRKxdH54OHg8-
server: ECAcc (nyb/1D3C)
storage-tier: Standard
vary: Accept-Encoding
version-id: 68d8e56e-76a4-4241-8b88-07572b4580e7
x-api-id: native
x-cache: HIT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E7CB 16 KB
6 KB 122ms
18ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=107154
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: Fri, 17 Mar 2023 21:30:53 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame 355E
Redirect Chain

https://ic.tynt.com/r/d?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privac...
https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_priva...

2 KB
3 KB

101ms
30ms

Document
text/html

67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: 92d7cec1ffba87de844120540310180198b520721d720c31dc1a03dae4646e32

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 1702
content-type: text/html
date: Thu, 16 Mar 2023 15:44:58 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

Redirect headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
content-length: 171
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
location: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
server: nginx/1.16.1

GET
H/1.1

200
OK

match Show response
s.pubmine.com/ Frame 2D9E
Redirect Chain

https://visitor.omnitagjs.com/visitor/bsync?uid=19340f4f097d16f41f34fc0274981ca4&name=PrebidServer&gdpr=0&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D22%26ssp_da...
https://s.pubmine.com/match?bidder_id=22&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=891db04b52d1c464646f27898eed8846

43 B
691 B

28ms
28ms

Document
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/match?bidder_id=22&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=891db04b52d1c464646f27898eed8846
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:44:59 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: 0
location: https://s.pubmine.com/match?bidder_id=22&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=891db04b52d1c464646f27898eed8846
p3p: CP="CAO PSA OUR"
pragma: no-cache
server: ayl-lb-fra02
vary: Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1

GET
H/1.1

200
OK

match Show response
s.pubmine.com/ Frame 867C
Redirect Chain

https://sync.inmobi.com/prebid?gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D20%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy...
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=0&us_privacy=&callback=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D20%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_priva...
https://id5-sync.com/c/495/0/0/1.gif?gdpr=0&gdpr_consent=&us_privacy=
https://s.pubmine.com/match?bidder_id=20&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=ID5-afb1ueJm1pCJv0dqHV86LXGrA2dl_iJhNUous25t5g

43 B
809 B

25ms
24ms

Document
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/match?bidder_id=20&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=ID5-afb1ueJm1pCJv0dqHV86LXGrA2dl_iJhNUous25t5g
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

date: Thu, 16 Mar 2023 15:44:59 GMT
location: https://s.pubmine.com/match?bidder_id=20&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=ID5-afb1ueJm1pCJv0dqHV86LXGrA2dl_iJhNUous25t5g
p3p: CP="CAO PSA OUR"
strict-transport-security: max-age=63072000; includeSubDomains; preload
transfer-encoding: chunked
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H/1.1

200
OK

match Show response
s.pubmine.com/ Frame 391E
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D18%26external_user_id%3D%24%7BBSW_UUID%7D%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privac...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D18%26external_user_id%3D%24%7BBSW_UUID%7D%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_...
https://s.pubmine.com/match?bidder_id=18&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=

43 B
612 B

29ms
28ms

Document
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/match?bidder_id=18&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:44:59 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:44:59 GMT
Location: https://s.pubmine.com/match?bidder_id=18&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
Server: nginx

GET
H/1.1

200
OK

match Show response
s.pubmine.com/ Frame 405F
Redirect Chain

https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D29%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent...
https://s.pubmine.com/match?bidder_id=29&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=eed380a4

43 B
396 B

28ms
24ms

Document
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/match?bidder_id=29&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=eed380a4
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:44:59 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

cache-control: no-cache, must-revalidate
content-length: 0
date: Thu, 16 Mar 2023 15:44:59 GMT
location: https://s.pubmine.com/match?bidder_id=29&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=eed380a4
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
server: CloudFront
via: 1.1 9d35ce6897d7f02042955443076a54de.cloudfront.net (CloudFront)
x-amz-cf-id: aYu9nH9TOAz7AhVtfYI-CvSaTet9gruGxL4Q5OgzxIk6RnMEZqLJYw==
x-amz-cf-pop: EWR53-P1
x-cache: FunctionGeneratedResponse from cloudfront

GET
H/1.1

200
OK

match Show response
s.pubmine.com/ Frame 45C3
Redirect Chain

https://ups.analytics.yahoo.com/ups/58366/occ?uid=e3643ba5-6d29-4272-9941-c8ff19e04eb6
https://ups.analytics.yahoo.com/ups/58366/occ?uid=e3643ba5-6d29-4272-9941-c8ff19e04eb6&verify=true
https://s.pubmine.com/match?bidder_id=15&external_user_id=y-9lc2ruBE2uELq44caZfZ3pGK4X26tZdXxHVuUYA-~A&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6

43 B
562 B

67ms
26ms

Document
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/match?bidder_id=15&external_user_id=y-9lc2ruBE2uELq44caZfZ3pGK4X26tZdXxHVuUYA-~A&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:44:59 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

age: 0
content-length: 0
date: Thu, 16 Mar 2023 15:44:59 GMT
location: https://s.pubmine.com/match?bidder_id=15&external_user_id=y-9lc2ruBE2uELq44caZfZ3pGK4X26tZdXxHVuUYA-~A&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server: ATS/9.1.10.25
strict-transport-security: max-age=31536000

GET
H2 200 prbds2s Show response
rtb.gumgum.com/usync/ Frame C783 4 KB
2 KB 110ms
24ms Document
text/html 3.223.50.249
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.223.50.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-223-50-249.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ca521527d1f5c94284c69c1a6dd8740bfb8992e1e1865e2e267ac1e18a7ad677

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Thu, 16 Mar 2023 15:44:59 GMT
etag: W/"0b590ffcb6b2a4f2381ee05c291840aba"
server: nginx
timing-allow-origin: *

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/ib/static/usersync/v3/ Frame 2F54 995 B
1 KB 61ms
12ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 8730c26defc411dd8a51f1da47e5ae3804fab6868f7914a26b09d8e0791bbe39

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 27166836
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 506
Content-Type: text/html
Date: Thu, 16 Mar 2023 15:44:59 GMT
ETag: W/"573e714d-3e3"
Expires: Thu, 06 May 2021 05:24:22 GMT
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
Server: nginx/1.13.10
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 263, 28897
X-Served-By: cache-lga21960-LGA, cache-yul12828-YUL
X-Timer: S1678981500.507615,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B8FC 16 KB
6 KB 119ms
19ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=107154
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: Fri, 17 Mar 2023 21:30:53 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 50D7 281 B
554 B 94ms
24ms Document
text/html 23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 15:44:59 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame E242 36 KB
12 KB 151ms
50ms Document
text/html 23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Requested by

Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

250ec322699c4270969d3ea1f5114d6f478eaf480c8d650662d4fc1f2589751f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 11654
content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: Sat, 18 Mar 2023 15:44:59 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2

200

pd Show response
u.openx.net/w/1.0/ Frame F317
Redirect Chain

https://u.openx.net/w/1.0/pd
https://u.openx.net/w/1.0/pd?cc=1

749 B
816 B

24ms
18ms

Document
text/html

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?cc=1
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 1f49f874503a572ad4de1e09409614e1231be0ceaa036651babd68714308adf6

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 479
content-type: text/html
date: Thu, 16 Mar 2023 15:44:59 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Thu, 16 Mar 2023 15:44:59 GMT
location: https://u.openx.net/w/1.0/pd?cc=1
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
via: 1.1 google

GET
H2 200 iframe Show response
sync.teads.tv/ Frame D432 153 B
316 B 131ms
30ms Document
text/html 23.195.101.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.teads.tv/iframe
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.195.101.76 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-101-76.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 716a727e47216ad28191f60fb09d59015b1bcb3df8cc32b5bb94f73d534a5732

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-length: 153
content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: Thu, 16 Mar 2023 15:44:59 GMT
pragma: no-cache
server: akka-http/10.2.10

GET
H/1.1

200
OK

sync Show response
x.bidswitch.net/ Frame A9B8
Redirect Chain

https://x.bidswitch.net/sync?ssp=themediagrid&gdpr=0&gdpr_consent=&us_privacy=
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid&gdpr=0&gdpr_consent=&us_privacy=
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp=themediagrid&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=419&user_id=10596829190722811243&ssp=themediagrid&gdpr=0&gdpr_consent=

43 B
235 B

39ms
39ms

Document
image/gif

35.211.178.172
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://x.bidswitch.net/sync?dsp_id=419&user_id=10596829190722811243&ssp=themediagrid&gdpr=0&gdpr_consent=
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.211.178.172 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 172.178.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:44:59 GMT
Server: nginx

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Thu, 16 Mar 2023 15:44:59 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://x.bidswitch.net/sync?dsp_id=419&user_id=10596829190722811243&ssp=themediagrid&gdpr=0&gdpr_consent=
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
pragma: no-cache
server: Apache
via: 1.1 google
x-application-context: application

GET
H/1.1 200
OK pixel
s.pubmine.com/ 43 B
286 B 35ms
25ms Image
image/gif 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/pixel?id=15&type=img
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:44:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H/1.1

200
OK

match
s.pubmine.com/
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=18894&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0&gdpr_consent=&us_privacy=
https://s.pubmine.com/match?bidder_id=14&external_user_id=LFBA8GCO-24-1S47&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0

43 B
749 B

26ms
24ms

Image
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/match?bidder_id=14&external_user_id=LFBA8GCO-24-1S47&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:44:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://s.pubmine.com/match?bidder_id=14&external_user_id=LFBA8GCO-24-1S47&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 382e2818ca015d35b02cd449aa60881d
Expires: 0

GET
H/1.1

200
OK

match
s.pubmine.com/
Redirect Chain

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D12%26external_user_id%3D%24UID%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26ri...
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D12%26external_user_id%3D%24UID%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6...
https://s.pubmine.com/match?bidder_id=12&external_user_id=4629100391442130554158&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=

43 B
878 B

25ms
24ms

Image
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/match?bidder_id=12&external_user_id=4629100391442130554158&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

location: https://s.pubmine.com/match?bidder_id=12&external_user_id=4629100391442130554158&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
date: Thu, 16 Mar 2023 15:44:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

match
s.pubmine.com/
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D10%26external_user_id%3D%24UID%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26...
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.pubmine.com%252Fmatch%253Fbidder_id%253D10%2526external_user_id%253D%2524UID%2526ssp_data%253De3643ba5-6d29-4272-9941-c8ff19e04eb6%2526...
https://s.pubmine.com/match?bidder_id=10&external_user_id=1694000653285184985&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=

43 B
842 B

31ms
31ms

Image
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/match?bidder_id=10&external_user_id=1694000653285184985&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

Date: Thu, 16 Mar 2023 15:44:59 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.180; 149.56.153.180; 564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0afa3206-6816-4c8b-9e92-9f8c43951c78
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://s.pubmine.com/match?bidder_id=10&external_user_id=1694000653285184985&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

match
s.pubmine.com/
Redirect Chain

https://x.bidswitch.net/sync?ssp=wordpress&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&user_id=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=wordpress&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&user_id=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=0&gdpr_consent=
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=wordpress&bsw_custom_parameter=88b2fc1d-8ebb-4ab8-85b5-11599c163215
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=wordpress&bsw_custom_parameter=88b2fc1d-8ebb-4ab8-85b5-11599c163215
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=897e86b3-726e-4a27-8e37-ab5da3e3a153&user_group=1&ssp=wordpress&bsw_param=88b2fc1d-8ebb-4ab8-85b5-11599c163215
https://s.pubmine.com/match?bidder_id=1&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=&gdpr_consent=

43 B
866 B

38ms
24ms

Image
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/match?bidder_id=1&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

Location: //s.pubmine.com/match?bidder_id=1&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&gdpr=&gdpr_consent=
Date: Thu, 16 Mar 2023 15:45:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

match
s.pubmine.com/
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D1%26external_user_id%3D%24%7BBSW_UUID%7D%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%2...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D1%26external_user_id%3D%24%7BBSW_UUID%7D%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr...
https://s.pubmine.com/match?bidder_id=1&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&gdpr=0&gdpr_consent=&us_privacy=

43 B
840 B

30ms
29ms

Image
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/match?bidder_id=1&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

Location: https://s.pubmine.com/match?bidder_id=1&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&gdpr=0&gdpr_consent=&us_privacy=
Date: Thu, 16 Mar 2023 15:44:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

match
s.pubmine.com/
Redirect Chain

https://ssc-cms.33across.com/ps/?ri=0010b00002CphGRAAZ&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26r...
https://s.pubmine.com/match?bidder_id=6&external_user_id=212122484738814&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=

43 B
719 B

26ms
26ms

Image
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/match?bidder_id=6&external_user_id=212122484738814&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:44:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:44:59 GMT
referrer-policy: unsafe-url
server: 33XP001
x-33x-status: 100000000008200000C
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://s.pubmine.com/match?bidder_id=6&external_user_id=212122484738814&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 306 KB
87 KB 50ms
21ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fcef7cb04a9dacbf7f9f99d7267dbcd1d3a5d01225cb8ddb112433df6dd328b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://myreturnticket.ca/
Origin: https://myreturnticket.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Mar 2023 15:44:59 GMT
content-md5: tKjwbp+sx//pjdvC6iaZuw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88587
x-fb-rlafr: 0
x-fb-debug: 1LIaW1AGT23Qkp72L5/Sa1pQzN1Lhe/PjyT0/ScjiKpip5Qc38SLHaZ/IFyMvKNpInNTOeymE9ir5wj5uVVuxg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: d7e17f28becf9f14423afb0b0f5fd847
cross-origin-opener-policy: same-origin-allow-popups
etag: "386f41eb8497c7a246d634482f4dca55"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 12:18:54 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E204 15 KB
16 KB 78ms
19ms Font
font/woff2 2607:f8b0:4006:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 06:19:01 GMT
x-content-type-options: nosniff
age: 552358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Mar 2024 06:19:01 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E204 15 KB
15 KB 82ms
23ms Font
font/woff2 2607:f8b0:4006:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 19:06:33 GMT
x-content-type-options: nosniff
age: 74306
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 19:06:33 GMT

GET
H2 200 videopress-routes.min.js Show response
v0.wordpress.com/js/videojs/ Frame E039 1 MB
275 KB 84ms
82ms Script
application/javascript 192.0.78.13
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Requested by

Host: videopress.com
URL: https://videopress.com/embed/xBxg03xe?cover=1&preloadContent=metadata&useAverageColor=1&hd=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.13 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

faeb32352af50842ae43eeeeb493610d6a263c552467e7bde879f965eb4f6e9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: br
x-ac: 1.yyz _dca MISS
strict-transport-security: max-age=31536000
server: nginx
etag: W/"63e51d10-1019a7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Fri, 15 Mar 2024 15:44:59 GMT

GET
BLOB 200
OK 5ea6602f-364c-4e47-b778-05d672f6e03f
https://myreturnticket.ca/ 2 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://myreturnticket.ca/5ea6602f-364c-4e47-b778-05d672f6e03f
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ea6c65d8e460987a7ea8f98355f789fe6bfbe11b0afe7a1c65d6042da65ea33

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Length: 1567
Content-Type: text/javascript

GET
DATA 200
OK truncated
/ 394 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e40392e86c82f3bce196182c21ed8467cca4aea225e451db8fd16ca727fa52d8

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
public-api.wordpress.com/wp-admin/rest-proxy/ Frame D31D 8 KB
4 KB 90ms
34ms Document
text/html 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp-admin/rest-proxy/

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20230308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

82d7db2beaf0bed1398411ac2509f5fb4ca0564af181a066c77bec4b835b93bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://widgets.wp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:44:59 GMT
p3p: CP="CAO PSA OUR"
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-ac: 1.yyz _dca BYPASS

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 94F9 664 B
607 B 162ms
46ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=f94c82a81ad2e2472296dc3b0598011583709300

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fmyreturnticket.ca

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

b0e3dea3ead4a88d28a0203a5dd56155100bf5d61b73c371992aa9f211ff5480

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-response-time: 6
date: Thu, 16 Mar 2023 15:44:59 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Thu, 16 Mar 2023 15:44:59 GMT
server: tsa_b
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 74c670ab7669801f
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: f7d56398ea3125934834bea7b124e8c3c7a4ca5de0cac366358d456735b51939
content-length: 284

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame F317
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=ZBM5ewABwf-WXQBG
https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZBM5ewABwf-WXQBG&_test=ZBM5ewABwf-WXQBG

43 B
61 B

36ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZBM5ewABwf-WXQBG&_test=ZBM5ewABwf-WXQBG
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

x-served-by: cache-yul12823-YUL
pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1678981500.129459,VS0,VE0
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZBM5ewABwf-WXQBG&_test=ZBM5ewABwf-WXQBG
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 0502b635-63a8-e941-e68a-450c2a172578
pr-bh.ybp.yahoo.com/sync/openx/ Frame F317 43 B
604 B 90ms
35ms Image
image/gif 2600:1f18:4e9:5a02:460b:2b68:c137:43d7
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/0502b635-63a8-e941-e68a-450c2a172578?gdpr=0

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4e9:5a02:460b:2b68:c137:43d7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:44:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame F317
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=c913ac0c-efae-c0f2-1753-d16ebd7323d1
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=c913ac0c-efae-c0f2-1753-d16ebd7323d1&dcc=t

43 B
855 B

56ms
47ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=c913ac0c-efae-c0f2-1753-d16ebd7323d1&dcc=t

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 4G46STM0S7MG7VJEQT2F
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: T9ZK8VTM84TACT3FV35E
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=c913ac0c-efae-c0f2-1753-d16ebd7323d1&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame F317
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=91c5d071-f304-7b08-d75d-53f9d540e831&gdpr=0
https://match.adsrvr.org/track/cmb/openx?oxid=91c5d071-f304-7b08-d75d-53f9d540e831&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072971&val=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&ttd_puid=91c5d071-f304-7b08-d75d-53f9d540e831&gdpr=0&gdpr_consent=

43 B
62 B

25ms
17ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072971&val=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&ttd_puid=91c5d071-f304-7b08-d75d-53f9d540e831&gdpr=0&gdpr_consent=
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:01 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&ttd_puid=91c5d071-f304-7b08-d75d-53f9d540e831&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 335

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F317
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmRhYTAzYmItM2E3My0yNWFjLWMyYmQtMDk0MDFmYTIyNjUx
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmRhYTAzYmItM2E3My0yNWFjLWMyYmQtMDk0MDFmYTIyNjUx&google_tc=

170 B
188 B

68ms
47ms

Image
image/png

142.250.72.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmRhYTAzYmItM2E3My0yNWFjLWMyYmQtMDk0MDFmYTIyNjUx&google_tc=

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1

Protocol

Server

142.250.72.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmRhYTAzYmItM2E3My0yNWFjLWMyYmQtMDk0MDFmYTIyNjUx&google_tc=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame F317
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO9-HzUkuzijSkJ28h2vgmk&google_cver=1

43 B
61 B

59ms
51ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO9-HzUkuzijSkJ28h2vgmk&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?cc=1
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:01 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO9-HzUkuzijSkJ28h2vgmk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 50D7 33 KB
10 KB 20ms
20ms Script
text/html 23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 725009d861547b1ad980adb1aa845f2445a61d2a05e8aa3dbfee3403b1a3a590

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:44:59 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Mar 2023 23:28:55 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=27823
Connection: keep-alive
Content-Length: 9997
Expires: Thu, 16 Mar 2023 23:28:42 GMT

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
https://usersync.gumgum.com/usersync?b=apn&i=1694000653285184985

35 B
250 B

69ms
26ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=apn&i=1694000653285184985
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Date: Thu, 16 Mar 2023 15:44:59 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 11e9f0a8-f92e-4e6a-8069-eec78a5fad8d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://usersync.gumgum.com/usersync?b=apn&i=1694000653285184985
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_b7c2dee0-caea-4e8b-abbf-57324bbef484&gdpr=0&gdpr_consent=&us_privacy=
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=00c78c89-c149-493d-9f8b-619f396156a7&ssp=gumgum2
https://usersync.gumgum.com/usersync?b=bsw&i=88b2fc1d-8ebb-4ab8-85b5-11599c163215

35 B
250 B

25ms
24ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=bsw&i=88b2fc1d-8ebb-4ab8-85b5-11599c163215
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:02 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Location: //usersync.gumgum.com/usersync?b=bsw&i=88b2fc1d-8ebb-4ab8-85b5-11599c163215
Date: Thu, 16 Mar 2023 15:45:01 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

sn.ashx
pmp.mxptint.net/ Frame C783
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobR...
https://usersync.gumgum.com/usersync?b=obn&i=ENC%28EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_b7c2dee0-caea-4e8b-abbf-57324bbef484&obuid=ENC(EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://image8.pubmatic.com/AdServer/ImgSync?p=160065&gdpr=PM_GDPR&gdpr_consent=PM_CONSENT&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160065%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%...
https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=-1&gdpr_con...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=c63294f0-203b-4b30-9308-cb83039ba6ed&gdpr=-1&gdpr_consent=PM_CONSENT
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=PM_CONSENT
https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=PM_CONSENT
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B341_FFA08470_53A62AD8&r=https://pmp.mxptint.net/sn.ashx?ak=1
https://pmp.mxptint.net/sn.ashx?ak=1

43 B
266 B

71ms
59ms

Image
image/gif

204.2.255.233
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pmp.mxptint.net/sn.ashx?ak=1

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D

Protocol

HTTP/1.1

Server

204.2.255.233 Beaverton, United States, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=-361968307; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: -1
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:07 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=-361968307; includeSubDomains
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://pmp.mxptint.net/sn.ashx?ak=1
date: Thu, 16 Mar 2023 15:45:06 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://usersync.gumgum.com/usersync?b=opx&i=66f87401-db11-435e-b026-43141d10e977

35 B
250 B

55ms
27ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=opx&i=66f87401-db11-435e-b026-43141d10e977
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://usersync.gumgum.com/usersync?b=opx&i=66f87401-db11-435e-b026-43141d10e977
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=sta&i=0-4dc4839d-c658-578e-70ac-1dd3650e544d$ip$149.56.153.180

35 B
250 B

102ms
29ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=sta&i=0-4dc4839d-c658-578e-70ac-1dd3650e544d$ip$149.56.153.180
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Location: https://usersync.gumgum.com/usersync?b=sta&i=0-4dc4839d-c658-578e-70ac-1dd3650e544d$ip$149.56.153.180
Date: Thu, 16 Mar 2023 15:45:00 GMT
Connection: keep-alive
Content-Length: 128
Content-Type: text/html; charset=utf-8

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=oth&i=y-HotrQbxE2pdO6B.tRX4AuE_U5COWNRBaJ8xG~A

35 B
250 B

95ms
33ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=oth&i=y-HotrQbxE2pdO6B.tRX4AuE_U5COWNRBaJ8xG~A
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

date: Thu, 16 Mar 2023 15:45:00 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://usersync.gumgum.com/usersync?b=oth&i=y-HotrQbxE2pdO6B.tRX4AuE_U5COWNRBaJ8xG~A
content-length: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync...
https://usersync.gumgum.com/usersync?b=vnt&i=c63294f0-203b-4b30-9308-cb83039ba6ed

35 B
250 B

101ms
27ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=vnt&i=c63294f0-203b-4b30-9308-cb83039ba6ed
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Location: https://usersync.gumgum.com/usersync?b=vnt&i=c63294f0-203b-4b30-9308-cb83039ba6ed
Date: Thu, 16 Mar 2023 15:45:00 GMT
Connection: keep-alive
X-CI-RTID: 5168a31d-d5c9-42cb-b2eb-16791e21a67d
Content-Length: 108
Content-Type: text/html; charset=utf-8

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
https://usersync.gumgum.com/usersync?b=snc&i=3D2E27AC42E64EE8AD58528E3DA25669

35 B
250 B

57ms
34ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=snc&i=3D2E27AC42E64EE8AD58528E3DA25669
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

date: Thu, 16 Mar 2023 15:45:00 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 955999004
location: https://usersync.gumgum.com/usersync?b=snc&i=3D2E27AC42E64EE8AD58528E3DA25669
access-control-allow-origin: https://rtb.gumgum.com/
access-control-allow-credentials: true
content-length: 0

GET
H2 200 142
match.deepintent.com/usersync/ Frame C783 0
223 B 88ms
25ms Image
image/gif 38.91.45.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 38.91.45.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software: c /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 16 Mar 2023 15:44:59 GMT
server: c
content-length: 0
p3p: policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=u_b7c2dee0-caea-4e8b-abbf-57324bbef484&gdpr=0&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
https://stags.bluekai.com/site/23178?id=ohQ3xRp-TBXwq-_bWIsp&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LO...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT233IKEZXQUTQFVKEEWDXOEWV6YSXJFZXA
https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=ohQ3xRp-TBXwq-_bWIsp

35 B
250 B

29ms
28ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=ohQ3xRp-TBXwq-_bWIsp
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:02 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:01 GMT
Content-Type: text/html; charset=utf-8
Location: https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=ohQ3xRp-TBXwq-_bWIsp
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 103
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://usersync.gumgum.com/usersync?b=idi&i=369c474d-bcb1-496e-8b73-77f1f6fe3cfb

35 B
250 B

34ms
26ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=idi&i=369c474d-bcb1-496e-8b73-77f1f6fe3cfb
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:01 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=idi&i=369c474d-bcb1-496e-8b73-77f1f6fe3cfb
access-control-allow-origin: *
date: Thu, 16 Mar 2023 15:45:00 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://usersync.gumgum.com/usersync?b=pln&i=JUNCdIyla4Wq&ev=1&pid=558355

35 B
250 B

37ms
25ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=pln&i=JUNCdIyla4Wq&ev=1&pid=558355
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

strict-transport-security: max-age=15768000
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server: Jetty(9.4.50.v20221201)
content-language: en-CA
location: https://usersync.gumgum.com/usersync?b=pln&i=JUNCdIyla4Wq&ev=1&pid=558355
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7bbb45b5f-bn4l6
expires: -1

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame C783
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=sad&i=5271008299598803031

35 B
250 B

53ms
29ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=sad&i=5271008299598803031
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:01 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=sad&i=5271008299598803031
date: Thu, 16 Mar 2023 15:44:59 GMT
content-length: 0

GET
H/1.1 200
OK match
s.pubmine.com/ Frame C783 43 B
880 B 49ms
29ms Image
image/gif 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/match?bidder_id=25&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=u_b7c2dee0-caea-4e8b-abbf-57324bbef484
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H2 200 7126162573690490117 Show response
www.tiktok.com/embed/v2/ Frame E922 107 KB
20 KB 186ms
186ms Document
text/html 23.204.152.11
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed

Requested by

Host: lf16-tiktok-web.ttwstatic.com
URL: https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/embed_lib_v1.0.11.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.204.152.11 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-204-152-11.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e62ee4be449cf0c49c8bec3c89f6654f93d3e92b505c3d4c2ead7ef38520d981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:00 GMT
expires: Thu, 16 Mar 2023 15:45:00 GMT
pragma: no-cache
server: nginx
server-timing: inner; dur=152 cdn-cache; desc=MISS, edge; dur=0, origin; dur=161
strict-transport-security: max-age=31536000
x-akamai-request-id: 6a23fba
x-cache: TCP_MISS from a23-46-157-11.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 161,23.46.157.11
x-tt-logid: 202303161544581928B62D12E53C2BF7F2
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9ea8857b1194add93b627dabadad8701ae7432d6c4f7f43aeaf8d63bc99e90ae8cdff0e27edead021f22df4df278578b39f4890e7b5ac18f3f14bcec390b25a3647621900f3853239a9706da9429a5860
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 7126947579505429765 Show response
www.tiktok.com/embed/v2/ Frame 846A 109 KB
20 KB 172ms
172ms Document
text/html 23.204.152.11
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed

Requested by

Host: lf16-tiktok-web.ttwstatic.com
URL: https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/embed_lib_v1.0.11.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.204.152.11 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-204-152-11.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

93797d89682220b8c1a4cd106144370fc2f1df3e31a7c68184c9e4e7537e409e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:00 GMT
expires: Thu, 16 Mar 2023 15:45:00 GMT
pragma: no-cache
server: nginx
server-timing: inner; dur=132 cdn-cache; desc=MISS, edge; dur=1, origin; dur=142
strict-transport-security: max-age=31536000
x-akamai-request-id: 6a23fbd
x-cache: TCP_MISS from a23-46-157-11.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 143,23.46.157.11
x-tt-logid: 20230316154458CBAFD33129FE7329FDBE
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9ea8857b1194add93b627dabadad8701ad243a174297e9d704fc027a9bc7d7022a010e5ae9b175e9c81aca2303e8776518f0318fede9db13e3e7d845fcb936a2f082a83b6537f9127158db1a83834e1d6
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 7126810552805887237 Show response
www.tiktok.com/embed/v2/ Frame 8501 109 KB
20 KB 187ms
187ms Document
text/html 23.204.152.11
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed

Requested by

Host: lf16-tiktok-web.ttwstatic.com
URL: https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed/embed_lib_v1.0.11.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.204.152.11 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-204-152-11.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

07eef98522a75f3d26d7e00088266068506bb5812ab207b8412f15657ff01a7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:00 GMT
expires: Thu, 16 Mar 2023 15:45:00 GMT
pragma: no-cache
server: nginx
server-timing: inner; dur=124 cdn-cache; desc=MISS, edge; dur=0, origin; dur=159
strict-transport-security: max-age=31536000
x-akamai-request-id: 6a23fbe
x-cache: TCP_MISS from a23-46-157-11.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 159,23.46.157.11
x-tt-logid: 20230316154458FB1EEAF313759F2B542A
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9ea8857b1194add93b627dabadad8701aa1527f31986af9fa707d9dbd8de9f8e8d6d2492afccde42398e87314c19d6c8d5848770fe6c6248c44ec4a4e3b4a93a28238458f2d5d97cd9f15482311a14262
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 1C2D
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZBM5ew3lKTK1bGaeTrJAtAAADfcAAAAB&gpp=&gpp_sid=
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZBM5ew3lKTK1bGaeTrJAtAAADfcAAAAB&gpp=&gpp_sid=&dcc=t

43 B
855 B

69ms
67ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZBM5ew3lKTK1bGaeTrJAtAAADfcAAAAB&gpp=&gpp_sid=&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 3E6KE50MA70GGA8ZZ90P
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: Z4XRCNT0VK4PZ9T86PXS
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZBM5ew3lKTK1bGaeTrJAtAAADfcAAAAB&gpp=&gpp_sid=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 1C2D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZBM5ew3lKTK1bGaeTrJAtAAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFQ0g9ipn4TuWOOdFo8n7u8&google_cver=1

43 B
632 B

27ms
26ms

Image
image/gif

192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFQ0g9ipn4TuWOOdFo8n7u8&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
Protocol: HTTP/1.1
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:01 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFQ0g9ipn4TuWOOdFo8n7u8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1C2D
Redirect Chain

https://match.adsrvr.org/track/cmf/casale
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&expiration=1681573500&gdpr=0&gdpr_consent=

43 B
632 B

34ms
22ms

Image
image/gif

192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&expiration=1681573500&gdpr=0&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
Protocol: HTTP/1.1
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&expiration=1681573500&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 323

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 1C2D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZBM5ew3lKTK1bGaeTrJAtAAADfcAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEL_5ov4F6C_aaxvpTmdq51Q&google_cver=1

43 B
632 B

100ms
30ms

Image
image/gif

192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEL_5ov4F6C_aaxvpTmdq51Q&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
Protocol: HTTP/1.1
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEL_5ov4F6C_aaxvpTmdq51Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 364
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum.casalemedia.com/ Frame 1C2D
Redirect Chain

https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=1dfda7e5-333b-4c32-a54b-d6685ab75c82

43 B
632 B

173ms
35ms

Image
image/gif

192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=1dfda7e5-333b-4c32-a54b-d6685ab75c82
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
Protocol: HTTP/1.1
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

x-servername: Track001-iad
pragma: no-cache
date: Thu, 16 Mar 2023 15:44:09 GMT
strict-transport-security: max-age=31536000;
content-type: text/html; charset=utf-8
location: https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=1dfda7e5-333b-4c32-a54b-d6685ab75c82
cache-control: private,no-cache
content-length: 222
expires: -1

GET
H2 204 CookieIndex
rtb.adentifi.com/ Frame 1C2D 0
35 B 85ms
24ms Image
text/plain 52.207.206.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.207.206.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-206-215.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:00 GMT

GET
H/1.1

200
OK

rum
dsum.casalemedia.com/ Frame 1C2D
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
https://casale-match.dotomi.com/match/bounce/current?DotomiTest=dd63d5562a81878&is_secure=true&networkId=19998&version=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAFuHQLkAkIlwNMVvDnAAAAAAA&expiration=1679067901&is_secure=true

43 B
632 B

36ms
25ms

Image
image/gif

192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAFuHQLkAkIlwNMVvDnAAAAAAA&expiration=1679067901&is_secure=true
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
Protocol: HTTP/1.1
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:01 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:01 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAFuHQLkAkIlwNMVvDnAAAAAAA&expiration=1679067901&is_secure=true
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H/1.1

200
OK

crum
dsum.casalemedia.com/ Frame 1C2D
Redirect Chain

https://match.deepintent.com/usersync/113
https://dsum.casalemedia.com/crum?cm_dsp_id=176&external_user_id=di_ceccdb14380943aaae433

43 B
632 B

204ms
36ms

Image
image/gif

192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/crum?cm_dsp_id=176&external_user_id=di_ceccdb14380943aaae433
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
Protocol: HTTP/1.1
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

location: https://dsum.casalemedia.com/crum?cm_dsp_id=176&external_user_id=di_ceccdb14380943aaae433
date: Thu, 16 Mar 2023 15:44:59 GMT
content-type: image/gif
server: c
content-length: 0
p3p: policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'

GET
H/1.1 200
OK match
s.pubmine.com/ Frame 1C2D 43 B
849 B 26ms
25ms Image
image/gif 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/match?bidder_id=21&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=ZBM5ew3lKTK1bGaeTrJAtAAA%263575
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D21%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D&gdpr=0&gdpr_consent=&s=197465&us_privacy=&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

OPTIONS
H2 200 XO6mYVEb
public-api.wordpress.com/rest/v1.1/videos/ Frame 0
0 161ms
127ms Preflight
text/plain 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/rest/v1.1/videos/XO6mYVEb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://videopress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Authorization, Content-Type, X-Jetpack, X-WP-Nonce
access-control-allow-methods: GET, POST
access-control-allow-origin: https://videopress.com
access-control-max-age: 604800
cache-control: no-cache, must-revalidate, max-age=0
content-encoding: br
content-type: text/plain;charset=utf-8
date: Thu, 16 Mar 2023 15:45:00 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
host-header: WordPress.com
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Origin
x-ac: 1.yyz _dca BYPASS
x-hacker: Oh, Awesome: Opossum

GET
H2 200 XO6mYVEb Show response
public-api.wordpress.com/rest/v1.1/videos/ Frame 0A04 3 KB
889 B 141ms
140ms Fetch
application/json 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/rest/v1.1/videos/XO6mYVEb

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

620b91facf960edbb349af147c9d3c354a90a6fec12dc1486ed19e296413d877

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://videopress.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
content-type: application/json

Response headers

x-hacker: Oh, Awesome: Opossum
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: br
x-ac: 1.yyz _dca BYPASS
strict-transport-security: max-age=31536000
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: false
host-header: WordPress.com
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET

match
s.pubmine.com/ Frame E716
Redirect Chain

https://sync.technoratimedia.com/services?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consen...
https://s.pubmine.com/match?bidder_id=30&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=BF0CD8D4B2044F1D80A92505D97AF586

0
0

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame D31D 5 KB
1 KB 19ms
16ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a1dbbafdc3544cc1a9eafad30123a7da4f4dc92a9c282efea53821cb648a4aa3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 2
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: br
x-ac: 2.yyz _dca BYPASS
server: nginx
etag: W/"619d635a-1c9d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 23 Nov 2023 21:55:44 GMT

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 9AE1
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://usersync.gumgum.com/usersync?b=mmh&i=03136413-397c-4600-aab0-af469fd25e39&gdpr=0&gdpr_consent=

35 B
250 B

25ms
24ms

Document
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=mmh&i=03136413-397c-4600-aab0-af469fd25e39&gdpr=0&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:00 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:00 GMT
Expires: Thu, 16 Mar 2023 15:44:59 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 569 46451a0 master iad-pixel-x31 config:1.0.0
location: https://usersync.gumgum.com/usersync?b=mmh&i=03136413-397c-4600-aab0-af469fd25e39&gdpr=0&gdpr_consent=

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 2699
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=atm&i=ZBM5ewABwf-WXQBG&gdpr=0&gdpr_consent=

35 B
250 B

91ms
27ms

Document
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=atm&i=ZBM5ewABwf-WXQBG&gdpr=0&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:00 GMT
Expires: 0
Pragma: no-cache

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Thu, 16 Mar 2023 15:45:00 GMT
location: https://usersync.gumgum.com/usersync?b=atm&i=ZBM5ewABwf-WXQBG&gdpr=0&gdpr_consent=
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-yul12823-YUL
x-timer: S1678981500.122044,VS0,VE0

GET
H2

200

pixel Show response
cm.g.doubleclick.net/ Frame 924F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iN2MyZGVlMC1jYWVhLTRlOGItYWJiZi01NzMyNGJiZWY0ODQ=&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iN2MyZGVlMC1jYWVhLTRlOGItYWJiZi01NzMyNGJiZWY0ODQ=&gdpr=0&gdpr_consent=&google_tc=

170 B
243 B

52ms
49ms

Document
image/png

142.250.72.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iN2MyZGVlMC1jYWVhLTRlOGItYWJiZi01NzMyNGJiZWY0ODQ=&gdpr=0&gdpr_consent=&google_tc=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.72.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:00 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 364
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:00 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iN2MyZGVlMC1jYWVhLTRlOGItYWJiZi01NzMyNGJiZWY0ODQ=&gdpr=0&gdpr_consent=&google_tc=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame A758 16 KB
6 KB 23ms
21ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=107153
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Thu, 16 Mar 2023 15:45:00 GMT
expires: Fri, 17 Mar 2023 21:30:53 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame E7CB 2 KB
3 KB 76ms
20ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=88765547&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e7a3bdd1d9b0978713286dc890c849e82798bffef8c6207797d835438ecea518

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 15:44:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame A6DA
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=medianet
https://eus.rubiconproject.com/usync.html?p=medianet

281 B
554 B

20ms
20ms

Document
text/html

23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=medianet
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://contextual.media.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 15:45:00 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 16 Mar 2023 15:45:00 GMT
location: https://eus.rubiconproject.com/usync.html?p=medianet
server: AkamaiGHost

GET
H2

200

cksync.html Show response
contextual.media.net/ Frame DAD3
Redirect Chain

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Drkt%26refUrl%3D%26vid%3D89815002183219830991454823...
https://contextual.media.net/cksync.html?cs=13&vsid=3219830991454823000V10&type=rkt&refUrl=&vid=89815002183219830991454823000V10&ovsid=1797288120114298742

411 B
844 B

92ms
56ms

Document
text/html

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/cksync.html?cs=13&vsid=3219830991454823000V10&type=rkt&refUrl=&vid=89815002183219830991454823000V10&ovsid=1797288120114298742

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1875bb81ac5b62ff3f00f0ec569b3a3107f7e60e0d2a992e3621566c5f3ce6de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://contextual.media.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-length: 411
content-type: text/html;charset=UTF-8
date: Thu, 16 Mar 2023 15:45:00 GMT
expires: Thu, 16 Mar 2023 15:45:00 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
pragma: no-cache
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

Redirect headers

Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:00 GMT
Location: https://contextual.media.net/cksync.html?cs=13&vsid=3219830991454823000V10&type=rkt&refUrl=&vid=89815002183219830991454823000V10&ovsid=1797288120114298742
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.3.29.v20201019)

GET
H2

200

cksync.php
contextual.media.net/ Frame E242
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dapx%26refUrl%3D%26vid%3D89815002183219830991454823000V10%26ovsid%3D%24UID
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=apx&refUrl=&vid=89815002183219830991454823000V10&ovsid=1694000653285184985

237 B
646 B

194ms
177ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=apx&refUrl=&vid=89815002183219830991454823000V10&ovsid=1694000653285184985

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:00 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:00 GMT

Redirect headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.180; 149.56.153.180; 564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 84324cde-8ec6-4766-a0f8-3f0e79dd1b21
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=apx&refUrl=&vid=89815002183219830991454823000V10&ovsid=1694000653285184985
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame E242
Redirect Chain

https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=son&refUrl=&vid=89815002183219830991454823000V10&ovsid=[UID]
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=son&refUrl=&vid=89815002183219830991454823000V10&ovsid=7c3fb959-88fc-4f34-8df5-f97b7ca85c6d

237 B
659 B

194ms
176ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=son&refUrl=&vid=89815002183219830991454823000V10&ovsid=7c3fb959-88fc-4f34-8df5-f97b7ca85c6d

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:00 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-193
Content-Type: text/plain; charset=utf8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=son&refUrl=&vid=89815002183219830991454823000V10&ovsid=7c3fb959-88fc-4f34-8df5-f97b7ca85c6d
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame E242
Redirect Chain

https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dcon%26refUr...
https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=387dafb056f30594&is_secure=true&version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D...
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=con&refUrl=&vid=89815002183219830991454823000V10&ovsid=AAAB4nu1owEOvgNkva_pAAAAAAA&expiration=1679067901&is_secure=true

237 B
654 B

80ms
79ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=con&refUrl=&vid=89815002183219830991454823000V10&ovsid=AAAB4nu1owEOvgNkva_pAAAAAAA&expiration=1679067901&is_secure=true

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:02 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:02 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:01 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=con&refUrl=&vid=89815002183219830991454823000V10&ovsid=AAAB4nu1owEOvgNkva_pAAAAAAA&expiration=1679067901&is_secure=true
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2

200

cksync.html
contextual.media.net/ Frame E242
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D13%26vsid%3D321983099145482...
https://contextual.media.net/cksync.html?cs=13&vsid=3219830991454823000V10&type=opx&refUrl=&vid=89815002183219830991454823000V10&ovsid=59e9b9ee-5804-41e8-b412-2d9767af7aed

411 B
411 B

83ms
64ms

Image
text/html

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.html?cs=13&vsid=3219830991454823000V10&type=opx&refUrl=&vid=89815002183219830991454823000V10&ovsid=59e9b9ee-5804-41e8-b412-2d9767af7aed

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:00 GMT
server: Apache
vary: Accept-Encoding
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: text/html;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 411
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:00 GMT

Redirect headers

date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://contextual.media.net/cksync.html?cs=13&vsid=3219830991454823000V10&type=opx&refUrl=&vid=89815002183219830991454823000V10&ovsid=59e9b9ee-5804-41e8-b412-2d9767af7aed
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

cksync.php
contextual.media.net/ Frame E242
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=64&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dmma%26refUrl%3D%26vid%3D89815002183219830991454...
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=mma&refUrl=&vid=89815002183219830991454823000V10&ovsid=e7ef6413-397c-4900-b930-b5f1dddc2b71

237 B
659 B

180ms
172ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=mma&refUrl=&vid=89815002183219830991454823000V10&ovsid=e7ef6413-397c-4900-b930-b5f1dddc2b71

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:00 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:00 GMT

Redirect headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: MT3 569 46451a0 master iad-pixel-x23 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=mma&refUrl=&vid=89815002183219830991454823000V10&ovsid=e7ef6413-397c-4900-b930-b5f1dddc2b71
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 16 Mar 2023 15:44:59 GMT

GET
H2

204

services
sync.technoratimedia.com/ Frame E242
Redirect Chain

https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dr1%26refUrl%3D%26vid%3D8981500218321983099...
https://sync.1rx.io/usersync2/rmp1r1?sub=medianet&zcc=1&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Dr1%26refUrl%3D%26vid%3D8981500218321...
https://ad.turn.com/r/cs?pid=45&rndcb=6610854902
https://sync.1rx.io/usersync/turn/7826914019700556296?dspret=1&gdpr=&gdpr_consent=&us_privacy=
https://sync.targeting.unrulymedia.com/csync/RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005?redir=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D76%26uid%3DRX-d2b454e6-c171-4964-...
https://sync.technoratimedia.com/services?srv=cs&pid=76&uid=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005

0
681 B

43ms
41ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=76&uid=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 905270544
access-control-allow-origin: https://contextual.media.net/
access-control-allow-credentials: true

Redirect headers

Date: Thu, 16 Mar 2023 15:45:03 GMT
Server: Tengine
ETag: RXd2b454e6c1714964968292313ebf9f6a005
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://sync.technoratimedia.com/services?srv=cs&pid=76&uid=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
Content-Type: text/html
Connection: keep-alive

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame E242
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=13&google_nid=media&google_cm=1&google_hm=MzIxOTgzMDk5MTQ1NDgyMzAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=13&google_gid=CAESEL1EKEpxwdDczGaGgWQr2iQ&google_cver=1

237 B
804 B

182ms
78ms

Image
image/gif

23.52.167.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=13&google_gid=CAESEL1EKEpxwdDczGaGgWQr2iQ&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13
Protocol: HTTP/1.1
Server: 23.52.167.93 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-167-93.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 237
x-mnet-hl2: E
Expires: Thu, 16 Mar 2023 15:45:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.media.net/cksync?type=g&cs=13&google_gid=CAESEL1EKEpxwdDczGaGgWQr2iQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 302
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame E242
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Ddxu%26refUrl%3D%26vid%3D8981500218321983099145...
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3Ddxu%26refUrl%3D%26vid%3D8981500218321983...
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=dxu&refUrl=&vid=89815002183219830991454823000V10&ovsid=p7n9V5AJ1PCPMM5

237 B
645 B

141ms
105ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=dxu&refUrl=&vid=89815002183219830991454823000V10&ovsid=p7n9V5AJ1PCPMM5

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:01 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:01 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-770-gc22eae1#rel-ec2-master i-0cd448c17e58fbc75@us-east-1e@dxedge-app-us-east-1-prod-asg
Location: https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=dxu&refUrl=&vid=89815002183219830991454823000V10&ovsid=p7n9V5AJ1PCPMM5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame E242
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=05e6e464-9963-46c4-a9db-af7eb26de19c

237 B
809 B

173ms
150ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=05e6e464-9963-46c4-a9db-af7eb26de19c

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:00 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:44:59 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=05e6e464-9963-46c4-a9db-af7eb26de19c
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1820076
content-length: 0
expires: Thu, 16 Mar 2023 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame E242
Redirect Chain

https://visitor.omnitagjs.com/visitor/bsync?uid=4ed0cff4eef188d3fb2e7e9025d7855b&name=MEDIANET&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13%26vsid%3D3219830991454823000V10%26type%3...
https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=ayl&refUrl=&vid=89815002183219830991454823000V10&ovsid=891db04b52d1c464646f27898eed8846

237 B
657 B

72ms
42ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=ayl&refUrl=&vid=89815002183219830991454823000V10&ovsid=891db04b52d1c464646f27898eed8846

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:00 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://contextual.media.net/cksync.php?cs=13&vsid=3219830991454823000V10&type=ayl&refUrl=&vid=89815002183219830991454823000V10&ovsid=891db04b52d1c464646f27898eed8846
p3p: CP="CAO PSA OUR"
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 3
content-length: 0
expires: 0

GET
H2

200

cksync.php
contextual.media.net/ Frame E242
Redirect Chain

https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://t.pswec.com/bsw_sync?ssp=medianet&bsw_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215
https://t.pswec.com/ul_cb/bsw_sync?ssp=medianet&bsw_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215
https://x.bidswitch.net/sync?dsp_id=2&user_id=edc50dcb-743d-4993-aeee-f39c4644410b&expires=3&user_group=1&ssp=medianet
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=

237 B
658 B

76ms
75ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:03 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:03 GMT

Redirect headers

Location: //contextual.media.net/cksync.php?cs=1&type=bs&ovsid=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=
Date: Thu, 16 Mar 2023 15:45:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

cksync.php
contextual.media.net/ Frame E242
Redirect Chain

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php...
https://stags.bluekai.com/site/23178?id=WEha6rUd7_V4Ay6vDE19&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKXIVUGCNTSKVSDOX2WGRAXSNTWIRCTC...
https://contextual.media.net/cksync.php?cs=1&ovsid=WEha6rUd7_V4Ay6vDE19https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=89815002183219830991454...

236 B
484 B

84ms
83ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&ovsid=WEha6rUd7_V4Ay6vDE19https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=89815002183219830991454823000V10&vsid=3219830991454823000V10

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ec3a21a491af4587bee1627d1283c4ec4b36021a7e281dea2ea6e20fd827ce71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:02 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 236
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:02 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:01 GMT
Content-Type: text/html; charset=utf-8
Location: https://contextual.media.net/cksync.php?cs=1&ovsid=WEha6rUd7_V4Ay6vDE19https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D13&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=89815002183219830991454823000V10&vsid=3219830991454823000V10
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 285
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame E242
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3219830991454823000V10
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=3219830991454823000V10
https://contextual.media.net/cksync.php?type=mf&ovsid=a2ad1b4b-ff5f-4ad6-9ca7-6e34fbda1f27&cs=1

237 B
658 B

126ms
101ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?type=mf&ovsid=a2ad1b4b-ff5f-4ad6-9ca7-6e34fbda1f27&cs=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:01 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:01 GMT

Redirect headers

location: //contextual.media.net/cksync.php?type=mf&ovsid=a2ad1b4b-ff5f-4ad6-9ca7-6e34fbda1f27&cs=1
date: Thu, 16 Mar 2023 15:45:00 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

1000.gif
id.rlcdn.com/ Frame E242
Redirect Chain

https://id.rlcdn.com/710489.gif
https://id.rlcdn.com/1000.gif?memo=CNmuKxoNCP3yzKAGEgUI6AcQAEIASgA

42 B
310 B

57ms
46ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/1000.gif?memo=CNmuKxoNCP3yzKAGEgUI6AcQAEIASgA
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13
Protocol: H2
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Thu, 16 Mar 2023 15:45:01 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://id.rlcdn.com/1000.gif?memo=CNmuKxoNCP3yzKAGEgUI6AcQAEIASgA
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame E242
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f

237 B
814 B

190ms
85ms

Image
image/gif

23.52.167.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13
Protocol: HTTP/1.1
Server: 23.52.167.93 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-167-93.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 237
x-mnet-hl2: E
Expires: Thu, 16 Mar 2023 15:45:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 199

GET
H2

200

ProfilesEngineServlet
sync1.intentiq.com/profiles_engine/ Frame E242
Redirect Chain

https://contextual.media.net/cksync.php?cs=1&type=dat&ovsid=setstatuscode&redirect=https%3A%2F%2Ffei.pro-market.net%2Fengine%3Fsite%3D159195%3Bsize%3D1x1%3Bmimetype%3Dimg%3Bdu%3D15%3Bcsync%3D%24%7B...
https://fei.pro-market.net/engine?site=159195;size=1x1;mimetype=img;du=15;csync=3219830991454823000V10
https://fei.pro-market.net/engine?site=159195;size=1x1;mimetype=img;du=15;csync=3219830991454823000V10;sr
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-678723174275792080
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-678723174275792080&ckls=true&ci=SJOlR2RL0e&nc=false&trid=-234304758

43 B
1 KB

121ms
32ms

Image
image/gif

108.139.47.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-678723174275792080&ckls=true&ci=SJOlR2RL0e&nc=false&trid=-234304758
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?cid=8CU8HDVRS&cs=13
Protocol: H2
Server: 108.139.47.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-49.jfk50.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 a5bf84280caeb8a606c41eaba71ee8be.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: JFK50-P1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: GDX4XwR0BCrufx2w8pEI6K2j-RyvBCIhXpXIT3gj1HxcWRZ_0EUoyw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
via: 1.1 db615220fdf1b471c82cd306c2f4717a.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: JFK50-P1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-678723174275792080&ckls=true&ci=SJOlR2RL0e&nc=false&trid=-234304758
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
patent: https://www.almondnet.com/ip
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: GKb81xyRSfW0Q-zzwTqorUVavINy8XRA6nu17kaIbIYi-f6tzYKTOA==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame C1D3
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy=
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=

281 B
554 B

20ms
19ms

Document
text/html

23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 15:45:00 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 16 Mar 2023 15:45:00 GMT
location: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
server: AkamaiGHost

GET
H/1.1

200
OK

match
s.pubmine.com/ Frame 355E
Redirect Chain

https://ssc-cms.33across.com/ps/?_=1678981499650.&ri=zzz000000000002zzz&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-...
https://s.pubmine.com/match?bidder_id=24&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=212097253572021

43 B
859 B

47ms
27ms

Image
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/match?bidder_id=24&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=212097253572021
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
Protocol: HTTP/1.1
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:44:59 GMT
referrer-policy: unsafe-url
server: 33XP008
x-33x-status: 100000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://s.pubmine.com/match?bidder_id=24&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=212097253572021
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3

200

match
events-ssc.33across.com/ Frame 355E
Redirect Chain

https://x.bidswitch.net/sync?ssp=the33across&us_privacy=
https://t.pswec.com/bsw_sync?ssp=the33across&bsw_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215
https://t.pswec.com/ul_cb/bsw_sync?ssp=the33across&bsw_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215
https://x.bidswitch.net/sync?dsp_id=2&user_id=edc50dcb-743d-4993-aeee-f39c4644410b&expires=3&user_group=1&ssp=the33across
https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=88b2fc1d-8ebb-4ab8-85b5-11599c163215
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

30ms
30ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=10&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
referrer-policy: unsafe-url
server: 33XP008
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=10&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 355E
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1678981499650.4&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fe...
https://sync.mathtag.com/sync/img?us_privacy=&mt_exid=73&redir=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D
https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=1&external_user_id=e7ef6413-397c-4900-b930-b5f1dddc2b71

68 B
126 B

124ms
45ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=1&external_user_id=e7ef6413-397c-4900-b930-b5f1dddc2b71
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: MT3 569 46451a0 master iad-pixel-x29 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=1&external_user_id=e7ef6413-397c-4900-b930-b5f1dddc2b71
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 16 Mar 2023 15:44:59 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 355E
Redirect Chain

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE~A
https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE%7EA&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
126 B

113ms
31ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE%7EA&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
referrer-policy: unsafe-url
server: 33XP005
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE%7EA&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 355E
Redirect Chain

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy=
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=58f13e7f0eb920e6&is_secure=true&networkId=78390&version=1&us_privacy=
https://ssc-cms.33across.com/ps?xi=64&xu=AAALsB7EWatNiwMkwbVhAAAAAAA&expiration=1679067901&is_secure=true&us_privacy=
https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAALsB7EWatNiwMkwbVhAAAAAAA&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
126 B

140ms
138ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAALsB7EWatNiwMkwbVhAAAAAAA&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
referrer-policy: unsafe-url
server: 33XP001
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAALsB7EWatNiwMkwbVhAAAAAAA&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 355E
Redirect Chain

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID
https://ssc-cms.33across.com/ps/?us_privacy=&xi=33&xu=4629100391442130554158
https://events-ssc.33across.com/match?bidder_id=33&external_user_id=4629100391442130554158&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
225 B

112ms
28ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=33&external_user_id=4629100391442130554158&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D24%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D33XUSERID33X&id=zzz000000000002zzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
referrer-policy: unsafe-url
server: 33XP004
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=33&external_user_id=4629100391442130554158&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame B059
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy=
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=

281 B
554 B

280ms
271ms

Document
text/html

23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 15:45:00 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 16 Mar 2023 15:45:00 GMT
location: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
server: AkamaiGHost

GET
H3

200

match
events-ssc.33across.com/ Frame 618F
Redirect Chain

https://x.bidswitch.net/sync?ssp=the33across&us_privacy=
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=the33across
https://x.bidswitch.net/sync?dsp_id=188&user_id=TcSDncZYV45wrB3TZQ5UTZU4mbQ&user_group=1&ssp=the33across
https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=88b2fc1d-8ebb-4ab8-85b5-11599c163215
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

36ms
36ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=10&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
referrer-policy: unsafe-url
server: 33XP011
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=10&external_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 618F
Redirect Chain

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE~A
https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE%7EA&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
126 B

121ms
40ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE%7EA&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
referrer-policy: unsafe-url
server: 33XP009
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-5SMT6dlE2uFXBAsTkjl9EcN73StnpJRE%7EA&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 618F
Redirect Chain

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy=
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=77b41fdbf8c413f2&is_secure=true&networkId=78390&version=1&us_privacy=
https://ssc-cms.33across.com/ps?xi=64&xu=AAAHFgpS4pr8dwMR5t3IAAAAAAA&expiration=1679067901&is_secure=true&us_privacy=
https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAHFgpS4pr8dwMR5t3IAAAAAAA&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
126 B

32ms
32ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAHFgpS4pr8dwMR5t3IAAAAAAA&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
referrer-policy: unsafe-url
server: 33XP011
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAHFgpS4pr8dwMR5t3IAAAAAAA&ts=1678981502&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 618F
Redirect Chain

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID
https://ssc-cms.33across.com/ps/?us_privacy=&xi=33&xu=4629100391442130554158
https://events-ssc.33across.com/match?bidder_id=33&external_user_id=4629100391442130554158&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
126 B

127ms
46ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=33&external_user_id=4629100391442130554158&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:00 GMT
referrer-policy: unsafe-url
server: 33XP006
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=33&external_user_id=4629100391442130554158&ts=1678981500&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H/1.1

200
OK

match
s.pubmine.com/ Frame 618F
Redirect Chain

https://ssc-cms.33across.com/ps/?_=1678981499651.&ri=0010b00002CphGRAAZ&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSER...
https://s.pubmine.com/match?bidder_id=6&external_user_id=212097253572021&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&gdpr=0&gdpr_consent=&us_privacy=

43 B
859 B

48ms
34ms

Image
image/gif

44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/match?bidder_id=6&external_user_id=212097253572021&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Protocol: HTTP/1.1
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:44:59 GMT
referrer-policy: unsafe-url
server: 33XP002
x-33x-status: 100000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://s.pubmine.com/match?bidder_id=6&external_user_id=212097253572021&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 618F
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1678981499651.4&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fe...
https://sync.mathtag.com/sync/img?us_privacy=&mt_exid=73&redir=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D
https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=1&external_user_id=e7ef6413-397c-4900-b930-b5f1dddc2b71

68 B
126 B

117ms
38ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=1&external_user_id=e7ef6413-397c-4900-b930-b5f1dddc2b71
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0010b00002CphGRAAZ&gdpr_consent=&ru=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D6%26external_user_id%3D33XUSERID33X%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Server: MT3 569 46451a0 master iad-pixel-x31 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=1&external_user_id=e7ef6413-397c-4900-b930-b5f1dddc2b71
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 16 Mar 2023 15:44:59 GMT

GET
H2 200 webmssdk.js Show response
sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/ Frame 846A 619 KB
184 KB 255ms
121ms Script
application/javascript 104.126.118.203
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.203 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-203.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a9f2f7ad522f41e86ac8dbc907d37db9cd7bdd5f3c9dc4dec9b3f7deb48ffe59

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: a1dbd10
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: br
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: z6lb4ggvjhvby2nY7JSVRA==
x-cache: TCP_HIT from a104-126-118-199.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_MISS
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=2, inner; dur=278
content-length: 187296
x-tos-request-id: 4964a68c1bc87b06368c1bc-abc2190
x-tos-response-time: Mon, 07 Nov 2022 08:28:44 GMT
last-modified: Mon, 07 Nov 2022 03:53:53 GMT
server: nginx
etag: CLn13/mVm/sCEAE=
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=186
access-control-allow-credentials: false
x-tt-trace-host: 019b5856eaae8c9bf1cc06dd14332878a3e35e749df8b402002cd257560ef11bea52cda746aa94cce6d68440d10e473e08f59cf20f49efa796a42ce8c3a90e4c50c3e422128eff693d7bf40b6dc1185d5e4615d53bc55cf0451402ec9c04a0a1b513e736bacb026a76ba81960c940c8db3
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 tiktok-embed.module.83fa1c2949de12423f21.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/ Frame 846A 2 MB
520 KB 275ms
147ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d4b2d5aff0d450d7ab1ecf485419963e8e76f8708ac14499130d2bc589149a18

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f5d09
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 1++1KDHnBa8qdF7A9VD7sg==
x-cache: TCP_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 530504
last-modified: Wed, 15 Mar 2023 05:52:38 GMT
opc-request-id: iad-1:VRiFzjU3X1ySbGyw_ZSlybU2nVW_oDW6Tm6lIUgzepJYIwMq9sVDjN8A-gi4ALzJ
x-api-id: native
etag: 94eab7cd-e817-4ec8-aaad-fc59546b7522
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: 33d4ac07-7231-41f2-b8ce-ae269d9b1a43
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:00 GMT

GET
H2 200 vendors~home.module.c1f109fe9b7ac10a0101.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/ Frame 846A 153 KB
41 KB 191ms
64ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/vendors~home.module.c1f109fe9b7ac10a0101.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5b08ba63b71f17685e1d02326f767161e66896d565133dae25a86d6a17105fb9

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f5d0a
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 4ssIvIB0aw9ylNNcrZuWvw==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 41384
last-modified: Wed, 15 Mar 2023 05:52:38 GMT
opc-request-id: iad-1:PTxnZDOO2G9nzghQ-b6tnq_F1p6Juwf2YmvTY0JC83eu2p3CAV22TvUvMRqz81Go
x-api-id: native
etag: 140c4bfc-90d6-4245-8ddd-2537b25585ff
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: dac9de30-eda3-4529-a928-6a4c3ece4e5f
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:00 GMT

GET
H2 200 home.module.e987f8019f6bbff745fa.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/ Frame 846A 82 KB
22 KB 192ms
65ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/home.module.e987f8019f6bbff745fa.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4e41012b584c62c7aedd25964f4bd07766df2cb83267666346529b3020548a2e

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f5d0b
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: +owDt+pA9Nnu+hEUkxvs2Q==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1
storage-tier: Standard
content-length: 21631
last-modified: Wed, 15 Mar 2023 05:52:37 GMT
opc-request-id: iad-1:nIf3n04rBKtsnT9_G8lPZoKWso9kcJZ-N_UZ6ZWWvt9-MH2ckcu3S57Jcua_gC9T
x-api-id: native
etag: 7056ce5a-eeb6-4238-a67f-6cfc0a4d37f4
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: a3328adb-da4a-4ced-aaa0-de43d8b43c99
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:00 GMT

GET
H2 200 index.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/ Frame 846A 10 KB
4 KB 30ms
11ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/index.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8480ea8a09b83544a41d81eb16d1357253e0e7e5e6040441df9b55f35fab1d9d

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f6855
date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: zmnJ7gjPuKrzMUpUu7eb4w==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1
storage-tier: Standard
content-length: 3363
last-modified: Wed, 08 Mar 2023 04:15:09 GMT
opc-request-id: iad-1:4gDxsiWYfXcL4Sps13AfCxhjAdRHOo-Oih3hIWDMZyjSaqSg9OeCtAkNBacPNTKB
x-api-id: native
etag: bcc8f3e9-0662-4392-8836-0896a2b92429
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: df6d1be6-b0f0-4818-8e58-255c7a343c91
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:02 GMT

GET
H2 200 12c345af02fe46c185d9381bc621f11b.image
p16-sign-va.tiktokcdn.com/tos-maliva-p-0068/e462904ad9714b348252522ce7fbd2ee~tplv-dmt-logom:tos-useast2a-v-0068/ Frame 846A 163 KB
165 KB 135ms
61ms Image
image/jpeg 23.46.156.171
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p16-sign-va.tiktokcdn.com/tos-maliva-p-0068/e462904ad9714b348252522ce7fbd2ee~tplv-dmt-logom:tos-useast2a-v-0068/12c345af02fe46c185d9381bc621f11b.image?x-expires=1679000400&x-signature=CEZywZK2MPzUkikZs5TCiWWIH%2Fk%3D
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.156.171 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-46-156-171.deploy.static.akamaitechnologies.com
Software: nginx / ImageX
Resource Hash: c32a1d1b779a2bac3e9fd5fa716dfeceb0c19c6a11cb11dd91584f9f9aaff5cb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 113d12b5.1b238e10.1413ff3d.2f587513
date: Thu, 16 Mar 2023 15:45:03 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=static
x-check-cacheable: YES
nw-session-id: 2023031615434525C949095541ABB41D13bhcj721ff
x-powered-by: ImageX
x-cache: TCP_MISS from a23-46-151-171.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_MISS
x-parent-response-time: 5,23.201.44.194, 32,23.215.130.109, 41,23.46.151.171
cross-origin-resource-policy: cross-origin
akamai-mon-iucid-del: 971653
server-timing: cdn-cache; desc=MISS, edge; dur=42, origin; dur=0, inner; dur=447
x-length: 167042
content-length: 167042
last-modified: Thu, 16 Mar 2023 15:43:47 GMT
server: nginx
x-tt-logid: 2023031615434525C949095541ABB41D13
x-response-date: Thu, 16 Mar 2023 15:43:47 GMT
x-cache-remote: TCP_MISS from a23-215-130-109.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
content-type: image/jpeg
access-control-allow-origin: *
nw-session-trace: 2023-03-16T15:43:47.072716087Z 415
cache-control: max-age=31535943
x-tt-trace-host: 01923e44642bf5051fc674e5face53a04292189d086b2406da38473d87dd7602bea66d32d37cbb3ebd7398b5f869dfb93b0b8fb3e3f0a7ba8389acb356848d2416b6a6c6645f2c4de44d80f26b495202f81c9012ffff024af32c98fd653f568187350347d8a2555c776b315a3074810401
imagex-fmt: jpeg2jpeg
timing-allow-origin: *

GET
H2 200 webmssdk.js Show response
sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/ Frame E922 619 KB
184 KB 236ms
127ms Script
application/javascript 104.126.118.203
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.203 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-203.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a9f2f7ad522f41e86ac8dbc907d37db9cd7bdd5f3c9dc4dec9b3f7deb48ffe59

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: a1dbd11
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: br
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: z6lb4ggvjhvby2nY7JSVRA==
x-cache: TCP_HIT from a104-126-118-199.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_MISS
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=2, inner; dur=278
content-length: 187296
x-tos-request-id: 4964a68c1bc87b06368c1bc-abc2190
x-tos-response-time: Mon, 07 Nov 2022 08:28:44 GMT
last-modified: Mon, 07 Nov 2022 03:53:53 GMT
server: nginx
etag: CLn13/mVm/sCEAE=
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=186
access-control-allow-credentials: false
x-tt-trace-host: 019b5856eaae8c9bf1cc06dd14332878a3e35e749df8b402002cd257560ef11bea52cda746aa94cce6d68440d10e473e08f59cf20f49efa796a42ce8c3a90e4c50c3e422128eff693d7bf40b6dc1185d5e4615d53bc55cf0451402ec9c04a0a1b513e736bacb026a76ba81960c940c8db3
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 tiktok-embed.module.83fa1c2949de12423f21.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/ Frame E922 2 MB
520 KB 249ms
146ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d4b2d5aff0d450d7ab1ecf485419963e8e76f8708ac14499130d2bc589149a18

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f5d0d
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 1++1KDHnBa8qdF7A9VD7sg==
x-cache: TCP_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 530504
last-modified: Wed, 15 Mar 2023 05:52:38 GMT
opc-request-id: iad-1:VRiFzjU3X1ySbGyw_ZSlybU2nVW_oDW6Tm6lIUgzepJYIwMq9sVDjN8A-gi4ALzJ
x-api-id: native
etag: 94eab7cd-e817-4ec8-aaad-fc59546b7522
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: 33d4ac07-7231-41f2-b8ce-ae269d9b1a43
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:00 GMT

GET
H2 200 vendors~home.module.c1f109fe9b7ac10a0101.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/ Frame E922 153 KB
41 KB 225ms
122ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/vendors~home.module.c1f109fe9b7ac10a0101.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5b08ba63b71f17685e1d02326f767161e66896d565133dae25a86d6a17105fb9

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f5d0c
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 4ssIvIB0aw9ylNNcrZuWvw==
x-cache: TCP_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 41384
last-modified: Wed, 15 Mar 2023 05:52:38 GMT
opc-request-id: iad-1:PTxnZDOO2G9nzghQ-b6tnq_F1p6Juwf2YmvTY0JC83eu2p3CAV22TvUvMRqz81Go
x-api-id: native
etag: 140c4bfc-90d6-4245-8ddd-2537b25585ff
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: dac9de30-eda3-4529-a928-6a4c3ece4e5f
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:00 GMT

GET
H2 200 home.module.e987f8019f6bbff745fa.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/ Frame E922 82 KB
22 KB 216ms
113ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/home.module.e987f8019f6bbff745fa.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4e41012b584c62c7aedd25964f4bd07766df2cb83267666346529b3020548a2e

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f5d0e
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: +owDt+pA9Nnu+hEUkxvs2Q==
x-cache: TCP_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 21631
last-modified: Wed, 15 Mar 2023 05:52:37 GMT
opc-request-id: iad-1:nIf3n04rBKtsnT9_G8lPZoKWso9kcJZ-N_UZ6ZWWvt9-MH2ckcu3S57Jcua_gC9T
x-api-id: native
etag: 7056ce5a-eeb6-4238-a67f-6cfc0a4d37f4
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: a3328adb-da4a-4ced-aaa0-de43d8b43c99
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:00 GMT

GET
H2 200 index.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/ Frame E922 10 KB
4 KB 29ms
22ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/index.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8480ea8a09b83544a41d81eb16d1357253e0e7e5e6040441df9b55f35fab1d9d

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f6898
date: Thu, 16 Mar 2023 15:45:03 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: zmnJ7gjPuKrzMUpUu7eb4w==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 3363
last-modified: Wed, 08 Mar 2023 04:15:09 GMT
opc-request-id: iad-1:4gDxsiWYfXcL4Sps13AfCxhjAdRHOo-Oih3hIWDMZyjSaqSg9OeCtAkNBacPNTKB
x-api-id: native
etag: bcc8f3e9-0662-4392-8836-0896a2b92429
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: df6d1be6-b0f0-4818-8e58-255c7a343c91
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:03 GMT

GET
H2 200 e8bcb10c1bea46e59d7d010854fafa19.image
p16-sign-va.tiktokcdn.com/tos-maliva-p-0068/45f6f892ffff430493811c3fa7915ec2_1659189024~tplv-dmt-logom:tos-useast2a-v-0068/ Frame E922 138 KB
139 KB 127ms
120ms Image
image/jpeg 23.46.156.171
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p16-sign-va.tiktokcdn.com/tos-maliva-p-0068/45f6f892ffff430493811c3fa7915ec2_1659189024~tplv-dmt-logom:tos-useast2a-v-0068/e8bcb10c1bea46e59d7d010854fafa19.image?x-expires=1679000400&x-signature=WKvRA7MwFTuuqwrK7tssZIVRqqY%3D
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.156.171 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-46-156-171.deploy.static.akamaitechnologies.com
Software: nginx / ImageX
Resource Hash: a9c0cef076b1b383064b2a4c6646c3e39f18bfd8694bc7103c25a14a579842fa

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 191e4c2a.1387a8d0.118b6391.2f587514
date: Thu, 16 Mar 2023 15:45:03 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=static
x-check-cacheable: YES
nw-session-id: 202303161543452EDCC072CF132DB76981cnpbm21ff
x-powered-by: ImageX
x-cache: TCP_MISS from a23-46-151-171.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_MISS
x-parent-response-time: 19,23.204.146.4, 96,23.215.130.110, 100,23.46.151.171
cross-origin-resource-policy: cross-origin
akamai-mon-iucid-del: 971653
server-timing: cdn-cache; desc=MISS, edge; dur=101, origin; dur=0, inner; dur=321
x-length: 141067
content-length: 141067
last-modified: Thu, 16 Mar 2023 15:43:46 GMT
server: nginx
x-tt-logid: 202303161543452EDCC072CF132DB76981
x-response-date: Thu, 16 Mar 2023 15:43:46 GMT
x-cache-remote: TCP_MISS from a23-215-130-110.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
content-type: image/jpeg
access-control-allow-origin: *
nw-session-trace: 2023-03-16T15:43:46.964255615Z 308
cache-control: max-age=31535863
x-tt-trace-host: 01923e44642bf5051fc674e5face53a04292189d086b2406da38473d87dd7602be9c2b978cf017ad9f7e27cfee688a8926b055d2a176f3dba1203e6c1742a0722833de60af2802ef2b37a6c48e8d588e80beac3f4c9e967b64aa067bd00549081fe2a60dae130bec6bfd20cbcc8d4c63b0
imagex-fmt: jpeg2jpeg
timing-allow-origin: *

GET
H2 200 webmssdk.js Show response
sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/ Frame 8501 619 KB
184 KB 148ms
52ms Script
application/javascript 104.126.118.203
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.203 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-203.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a9f2f7ad522f41e86ac8dbc907d37db9cd7bdd5f3c9dc4dec9b3f7deb48ffe59

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: a1dbd12
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: br
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: z6lb4ggvjhvby2nY7JSVRA==
x-cache: TCP_MEM_HIT from a104-126-118-199.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_MISS
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=278
content-length: 187296
x-tos-request-id: 4964a68c1bc87b06368c1bc-abc2190
x-tos-response-time: Mon, 07 Nov 2022 08:28:44 GMT
last-modified: Mon, 07 Nov 2022 03:53:53 GMT
server: nginx
etag: CLn13/mVm/sCEAE=
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=186
access-control-allow-credentials: false
x-tt-trace-host: 019b5856eaae8c9bf1cc06dd14332878a3e35e749df8b402002cd257560ef11bea52cda746aa94cce6d68440d10e473e08f59cf20f49efa796a42ce8c3a90e4c50c3e422128eff693d7bf40b6dc1185d5e4615d53bc55cf0451402ec9c04a0a1b513e736bacb026a76ba81960c940c8db3
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 tiktok-embed.module.83fa1c2949de12423f21.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/ Frame 8501 2 MB
520 KB 174ms
85ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d4b2d5aff0d450d7ab1ecf485419963e8e76f8708ac14499130d2bc589149a18

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f5d0f
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 1++1KDHnBa8qdF7A9VD7sg==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 530504
last-modified: Wed, 15 Mar 2023 05:52:38 GMT
opc-request-id: iad-1:VRiFzjU3X1ySbGyw_ZSlybU2nVW_oDW6Tm6lIUgzepJYIwMq9sVDjN8A-gi4ALzJ
x-api-id: native
etag: 94eab7cd-e817-4ec8-aaad-fc59546b7522
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: 33d4ac07-7231-41f2-b8ce-ae269d9b1a43
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:00 GMT

GET
H2 200 vendors~home.module.c1f109fe9b7ac10a0101.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/ Frame 8501 153 KB
41 KB 229ms
140ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/vendors~home.module.c1f109fe9b7ac10a0101.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5b08ba63b71f17685e1d02326f767161e66896d565133dae25a86d6a17105fb9

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f5d10
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 4ssIvIB0aw9ylNNcrZuWvw==
x-cache: TCP_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 41384
last-modified: Wed, 15 Mar 2023 05:52:38 GMT
opc-request-id: iad-1:PTxnZDOO2G9nzghQ-b6tnq_F1p6Juwf2YmvTY0JC83eu2p3CAV22TvUvMRqz81Go
x-api-id: native
etag: 140c4bfc-90d6-4245-8ddd-2537b25585ff
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: dac9de30-eda3-4529-a928-6a4c3ece4e5f
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:00 GMT

GET
H2 200 home.module.e987f8019f6bbff745fa.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/ Frame 8501 82 KB
22 KB 257ms
168ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/home.module.e987f8019f6bbff745fa.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4e41012b584c62c7aedd25964f4bd07766df2cb83267666346529b3020548a2e

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f5d27
date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: +owDt+pA9Nnu+hEUkxvs2Q==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 21631
last-modified: Wed, 15 Mar 2023 05:52:37 GMT
opc-request-id: iad-1:nIf3n04rBKtsnT9_G8lPZoKWso9kcJZ-N_UZ6ZWWvt9-MH2ckcu3S57Jcua_gC9T
x-api-id: native
etag: 7056ce5a-eeb6-4238-a67f-6cfc0a4d37f4
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: a3328adb-da4a-4ced-aaa0-de43d8b43c99
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:00 GMT

GET
H2 200 index.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/ Frame 8501 10 KB
4 KB 23ms
17ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/index.js
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8480ea8a09b83544a41d81eb16d1357253e0e7e5e6040441df9b55f35fab1d9d

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f683c
date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: zmnJ7gjPuKrzMUpUu7eb4w==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 3363
last-modified: Wed, 08 Mar 2023 04:15:09 GMT
opc-request-id: iad-1:4gDxsiWYfXcL4Sps13AfCxhjAdRHOo-Oih3hIWDMZyjSaqSg9OeCtAkNBacPNTKB
x-api-id: native
etag: bcc8f3e9-0662-4392-8836-0896a2b92429
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: df6d1be6-b0f0-4818-8e58-255c7a343c91
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:02 GMT

GET
H2 200 55b2ded6d9cb426c818db51daa2f3b8c.image
p16-sign-va.tiktokcdn.com/tos-maliva-p-0068/82c12da3f0734c3aada28d25c1663713_1659339899~tplv-dmt-logom:tos-useast2a-v-0068/ Frame 8501 136 KB
138 KB 266ms
173ms Image
image/jpeg 23.46.156.171
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p16-sign-va.tiktokcdn.com/tos-maliva-p-0068/82c12da3f0734c3aada28d25c1663713_1659339899~tplv-dmt-logom:tos-useast2a-v-0068/55b2ded6d9cb426c818db51daa2f3b8c.image?x-expires=1679000400&x-signature=gVcd%2BVJk3YJux0q8OgQtnk%2BJwOc%3D
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.156.171 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-46-156-171.deploy.static.akamaitechnologies.com
Software: nginx / ImageX
Resource Hash: 8028eeb56bab92d02ae72e77370cd68b6b53fab8e8539f6b83f8370706a21e7a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 204e3bd2.1457af2a.2f587511
date: Thu, 16 Mar 2023 15:45:03 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=static
x-check-cacheable: YES
nw-session-id: 20230316154345D6820FAA56F287ABCA1Bc8p9621ff
x-powered-by: ImageX
x-cache: TCP_MISS from a23-46-151-171.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-parent-response-time: 144,23.215.130.117, 153,23.46.151.171
cross-origin-resource-policy: cross-origin
akamai-mon-iucid-del: 971653
server-timing: cdn-cache; desc=MISS, edge; dur=91, origin; dur=64, inner; dur=1
x-length: 139758
content-length: 139758
last-modified: Thu, 16 Mar 2023 15:43:47 GMT
server: nginx
x-tt-logid: 20230316154345D6820FAA56F287ABCA1B
x-response-date: Thu, 16 Mar 2023 15:43:47 GMT
x-cache-remote: TCP_MISS from a23-215-130-117.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
content-type: image/jpeg
access-control-allow-origin: *
nw-session-trace: 2023-03-16T15:43:47.010654316Z 365
cache-control: max-age=31535973
x-origin-response-time: 65,23.204.146.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d961d33cb5879831412c83bb8113e0172c686f540caee6834c47d0bfac4dcaa5d50034e1d94fea14a14b9fcac49469f5517add318139faf41ef866409aa8b11b0fe50a3ade39689c1c0afdafefcd39196f0012b93e3ad5d66d2eb4a97e22baf31ca9c4caa02843d115177b5311f4cf4adb
imagex-fmt: jpeg2jpeg
timing-allow-origin: *

POST
H/1.1 200
OK adconf Show response
s.pubmine.com/ 84 B
453 B 30ms
30ms XHR
text/javascript 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/adconf?pvid=bb493c7c-6d38-41f0-840f-8ac4d116dee8&rid=980833864949
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e9b808c0f6120ffa74bd8a8e2b90c01447161b3b713518d9abbea2d8f7315d42

Request headers

Referer: https://myreturnticket.ca/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-type: text/plain

Response headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: https://myreturnticket.ca
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H/1.1 200
OK async_usersync Show response
secure.adnxs.com/ Frame 2F54 0
861 B 61ms
60ms Script
text/html 68.67.178.10
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/async_usersync?cbfn=AN_async_load

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:00 GMT
AN-X-Request-Uuid: 0d6a70c4-8244-47ab-99c8-9493b2601870
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame E204 113 B
630 B 404ms
31ms XHR
application/json 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/837bca82/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3b55b8a231a3a6a1a4bebc091b611a55f6a0ceb161f1ef403c808f96e719a4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame E204 29 B
495 B 332ms
19ms Script
text/javascript 2607:f8b0:4006:81c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/837bca82/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2006 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:36:01 GMT
x-content-type-options: nosniff
age: 539
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 15:51:01 GMT

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame E07E
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=ttd&i=3d9ac594-fe09-4c7e-87b5-bf29cab7004f

35 B
250 B

55ms
28ms

Document
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=ttd&i=3d9ac594-fe09-4c7e-87b5-bf29cab7004f
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:00 GMT
Expires: 0
Pragma: no-cache

Redirect headers

cache-control: private,no-cache, must-revalidate
content-length: 193
content-type: text/html
date: Thu, 16 Mar 2023 15:45:00 GMT
location: https://usersync.gumgum.com/usersync?b=ttd&i=3d9ac594-fe09-4c7e-87b5-bf29cab7004f
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 0B33
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://usersync.gumgum.com/usersync?b=sus&i=ZBM5fcCo8XoAAFrgCrwAAAAA

35 B
250 B

28ms
26ms

Document
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=sus&i=ZBM5fcCo8XoAAFrgCrwAAAAA
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:01 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:01 GMT
Location: https://usersync.gumgum.com/usersync?b=sus&i=ZBM5fcCo8XoAAFrgCrwAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
Server: nginx
X-SO-Ads-Time: 4
X-SO-Cluster-ID: 0
X-SO-HostName: m-ad156.dc4p.scaleout.jp
X-SO-IP: 149.56.153.180
X-SO-Key: ZBM5fcCo8XoAAFrgCrwAAAAA
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":false,"ipv4":"149.56.153.180","key":"ZBM5fcCo8XoAAFrgCrwAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad156"}
X-SO-LB-Hostname: m-tgng22.dc4p.scaleout.jp
X-SO-Upstream-ID: m-ad156

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame B242
Redirect Chain

https://cs.admanmedia.com/sync/gumgum?puid=u_b7c2dee0-caea-4e8b-abbf-57324bbef484&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Daad%26i%3D%5BDSP_USER_ID%5D&gdpr=0&gdpr_consent=&ccpa=
https://usersync.gumgum.com/usersync?b=aad&i=d15241ba-d2da-4c8b-89fb-be3a9c3d1612

35 B
250 B

54ms
26ms

Document
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=aad&i=d15241ba-d2da-4c8b-89fb-be3a9c3d1612
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:00 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Date: Thu, 16 Mar 2023 15:45:00 GMT
Expires: 0
Location: https://usersync.gumgum.com/usersync?b=aad&i=d15241ba-d2da-4c8b-89fb-be3a9c3d1612
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Transfer-Encoding: chunked
X-Frame-Options: DENY

OPTIONS
H2 200 xBxg03xe
public-api.wordpress.com/rest/v1.1/videos/ Frame 0
0 161ms
157ms Preflight
text/plain 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/rest/v1.1/videos/xBxg03xe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://videopress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Authorization, Content-Type, X-Jetpack, X-WP-Nonce
access-control-allow-methods: GET, POST
access-control-allow-origin: https://videopress.com
access-control-max-age: 604800
cache-control: no-cache, must-revalidate, max-age=0
content-encoding: br
content-type: text/plain;charset=utf-8
date: Thu, 16 Mar 2023 15:45:00 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
host-header: WordPress.com
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Origin
x-ac: 1.yyz _dca BYPASS
x-hacker: Oh, Awesome: Opossum

GET
H2 200 xBxg03xe Show response
public-api.wordpress.com/rest/v1.1/videos/ Frame E039 3 KB
895 B 332ms
311ms Fetch
application/json 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/rest/v1.1/videos/xBxg03xe

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

28aeb734703e8168f4ea0a79217438e09456a12a43a04270424788cad24540bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://videopress.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
content-type: application/json

Response headers

x-hacker: Oh, Awesome: Opossum
date: Thu, 16 Mar 2023 15:45:01 GMT
content-encoding: br
x-ac: 1.yyz _dca BYPASS
strict-transport-security: max-age=31536000
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: false
host-header: WordPress.com
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame A6DA 33 KB
10 KB 40ms
33ms Script
text/html 23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=medianet
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 725009d861547b1ad980adb1aa845f2445a61d2a05e8aa3dbfee3403b1a3a590

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=medianet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Mar 2023 23:28:55 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=27822
Connection: keep-alive
Content-Length: 9997
Expires: Thu, 16 Mar 2023 23:28:42 GMT

GET
H2 200 browser.maliva.js Show response
sf16-short-va.bytedapm.com/slardar/fe/sdk-web/ Frame 846A 42 KB
16 KB 209ms
23ms Script
application/javascript 104.126.118.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-short-va.bytedapm.com/slardar/fe/sdk-web/browser.maliva.js?bid=tiktok_web_embed&globalName=SlardarWeb
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.210 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a83c4abbd4a9722051a75c74939b8a81dc2a5f502780942da2a305b41c96279d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 58a8e39
date: Thu, 16 Mar 2023 15:45:03 GMT
content-encoding: br
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: yQqMprMyUk6o7vCGAeQbmQ==
x-tt-trace-id: 00-e85b95d5105f81437e655546011c049c-e85b95d5105f8143-01
x-cache: TCP_HIT from a104-126-118-206.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=2
content-length: 15411
x-tos-request-id: a0cc2f1285de6567641285de-abe9819
x-tos-response-time: Thu, 16 Mar 2023 02:58:38 GMT
last-modified: Thu, 16 Mar 2023 02:57:20 GMT
server: nginx
x-tt-logid: 20230316025921B4B174AAEC97F846B505
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=300
x-origin-response-time: 72,23.222.242.140
access-control-allow-credentials: false
x-tt-trace-host: 01bb360603587d0b2e3083d4ea844714ac14a2382b65aae3f990320826fdc77bfab882fa089a92a48b1ea63197bd928752611da463fa2ef6cdf6d1c21dc36c621198067ece3d7821d1fc30fa8863a36d39dfa6f352c84775d462f524f0089adfbe5d21a0b8ae2f3ca8e8b0fe9ed684cddfeaea60979f411ce819e44aed95ea79828c51ae85045c1c459cac74292189b911
timing-allow-origin: *
access-control-allow-headers: *
expires: Thu, 16 Mar 2023 15:50:03 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C1D3 33 KB
10 KB 378ms
371ms Script
text/html 23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 725009d861547b1ad980adb1aa845f2445a61d2a05e8aa3dbfee3403b1a3a590

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Mar 2023 23:28:55 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=27822
Connection: keep-alive
Content-Length: 9997
Expires: Thu, 16 Mar 2023 23:28:42 GMT

GET
H2 200 browser.maliva.js Show response
sf16-short-va.bytedapm.com/slardar/fe/sdk-web/ Frame E922 42 KB
16 KB 142ms
22ms Script
application/javascript 104.126.118.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-short-va.bytedapm.com/slardar/fe/sdk-web/browser.maliva.js?bid=tiktok_web_embed&globalName=SlardarWeb
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.210 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a83c4abbd4a9722051a75c74939b8a81dc2a5f502780942da2a305b41c96279d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 58a8e3a
date: Thu, 16 Mar 2023 15:45:03 GMT
content-encoding: br
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: yQqMprMyUk6o7vCGAeQbmQ==
x-tt-trace-id: 00-e85b95d5105f81437e655546011c049c-e85b95d5105f8143-01
x-cache: TCP_MEM_HIT from a104-126-118-206.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=2
content-length: 15411
x-tos-request-id: a0cc2f1285de6567641285de-abe9819
x-tos-response-time: Thu, 16 Mar 2023 02:58:38 GMT
last-modified: Thu, 16 Mar 2023 02:57:20 GMT
server: nginx
x-tt-logid: 20230316025921B4B174AAEC97F846B505
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=300
x-origin-response-time: 72,23.222.242.140
access-control-allow-credentials: false
x-tt-trace-host: 01bb360603587d0b2e3083d4ea844714ac14a2382b65aae3f990320826fdc77bfab882fa089a92a48b1ea63197bd928752611da463fa2ef6cdf6d1c21dc36c621198067ece3d7821d1fc30fa8863a36d39dfa6f352c84775d462f524f0089adfbe5d21a0b8ae2f3ca8e8b0fe9ed684cddfeaea60979f411ce819e44aed95ea79828c51ae85045c1c459cac74292189b911
timing-allow-origin: *
access-control-allow-headers: *
expires: Thu, 16 Mar 2023 15:50:03 GMT

GET
H2 200 browser.maliva.js Show response
sf16-short-va.bytedapm.com/slardar/fe/sdk-web/ Frame 8501 42 KB
16 KB 225ms
19ms Script
application/javascript 104.126.118.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-short-va.bytedapm.com/slardar/fe/sdk-web/browser.maliva.js?bid=tiktok_web_embed&globalName=SlardarWeb
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.210 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a83c4abbd4a9722051a75c74939b8a81dc2a5f502780942da2a305b41c96279d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 58a8e38
date: Thu, 16 Mar 2023 15:45:03 GMT
content-encoding: br
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: yQqMprMyUk6o7vCGAeQbmQ==
x-tt-trace-id: 00-e85b95d5105f81437e655546011c049c-e85b95d5105f8143-01
x-cache: TCP_MEM_HIT from a104-126-118-206.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=2
content-length: 15411
x-tos-request-id: a0cc2f1285de6567641285de-abe9819
x-tos-response-time: Thu, 16 Mar 2023 02:58:38 GMT
last-modified: Thu, 16 Mar 2023 02:57:20 GMT
server: nginx
x-tt-logid: 20230316025921B4B174AAEC97F846B505
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=300
x-origin-response-time: 72,23.222.242.140
access-control-allow-credentials: false
x-tt-trace-host: 01bb360603587d0b2e3083d4ea844714ac14a2382b65aae3f990320826fdc77bfab882fa089a92a48b1ea63197bd928752611da463fa2ef6cdf6d1c21dc36c621198067ece3d7821d1fc30fa8863a36d39dfa6f352c84775d462f524f0089adfbe5d21a0b8ae2f3ca8e8b0fe9ed684cddfeaea60979f411ce819e44aed95ea79828c51ae85045c1c459cac74292189b911
timing-allow-origin: *
access-control-allow-headers: *
expires: Thu, 16 Mar 2023 15:50:03 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 107ms
31ms Preflight
text/html 2607:f8b0:4006:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 16 Mar 2023 15:45:00 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame E204 65 KB
30 KB 41ms
40ms XHR
application/json+protobuf 2607:f8b0:4006:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b8b82aaec29dbca3104d2d57256a6951954fc95fb5fc79ef89ef9e68e83d611d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30799
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/ Frame E204 116 KB
36 KB 31ms
30ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6303d4462378ddfc0b91eed4f9c84f0fa8cc6f7c5f3868aa128114b598bae52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 17:55:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 164994
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36347
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 00:17:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 13 Mar 2024 17:55:06 GMT

GET
H2 200 W1rPsxnPvRrAUqr6O9TSVsmAP55o0wYEfnX-BwJJajM.js Show response
www.google.com/js/th/ Frame E204 36 KB
15 KB 99ms
23ms Script
text/javascript 2607:f8b0:4006:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/W1rPsxnPvRrAUqr6O9TSVsmAP55o0wYEfnX-BwJJajM.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2004 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b5acfb319cfbd1ac052aafa3bd4d256c9803f9e68d306047e75fe0702496a33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 19:40:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14357
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 19:40:01 GMT

GET
H2 200 sddefault.jpg
i.ytimg.com/vi/nimv_DfBYTc/ Frame E204 35 KB
35 KB 139ms
84ms Image
image/jpeg 2607:f8b0:4006:81f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/nimv_DfBYTc/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGEQgWShlMA8=&rs=AOn4CLCwaBCZbP2IaLpAsReP19rw31GhwA

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2016 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c9fa5e24179855811108cfa316758b0cf1a76552909bc33a92f927452410f84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35358
x-xss-protection: 0
server: sffe
etag: "1661041244"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 16 Mar 2023 17:45:01 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/ Frame E204 27 KB
8 KB 36ms
35ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b81545e6162f1d5814081df0790eed545b7d8cddf9af33d443571c200fc9dc13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:38:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 180381
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8611
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 00:17:14 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 13 Mar 2024 13:38:40 GMT

GET
DATA 200
OK truncated
/ Frame E204 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 3gJrUTKhaeAAqx1-BybbreOiVDb2oNfxhIzm5SN2doTMwr0kwyY_5AdOHRs-k2FiMSHDkjNUtg=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame E204 3 KB
3 KB 169ms
105ms Image
image/jpeg 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/3gJrUTKhaeAAqx1-BybbreOiVDb2oNfxhIzm5SN2doTMwr0kwyY_5AdOHRs-k2FiMSHDkjNUtg=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

976aa8f863de17f9e879dfc3716a8b440275a49bc39f30da334ecd568ed41d51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="channels4_profile.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2907
x-xss-protection: 0
expires: Fri, 17 Mar 2023 15:45:01 GMT

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 921D 43 KB
13 KB 163ms
120ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12361c2c99f7d4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b7fe72fa7c50526641c33344cb251bcd64570ae2077d02443af6091ff7403d27

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: oR8bALPSJU943rIc3hSmralpX4fmhcGqWbF2H3e0KEP8fJeZKEhmFHc9nn2g7CULM/povPbOzWwEY+ofiNRz3Q==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 2C46 43 KB
13 KB 155ms
127ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16dce22928f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

02937e82ec51d1062fb9484c9d118e5daa2eedcb6f958853322ff63c22ba9044

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 1FYxMGLNH/bsS+aAVlQdB8NJp2k2H5BXjoUftq5ofo9WdvOz+jr9JhWswwHimy7ZeAQGYkxQHAlCrwbhnLELPw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame C1A0 43 KB
13 KB 147ms
136ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df11712ebd11f8f4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

05ad56421e9fae5e03e99164b482906ea998136040e11e6074a5f63bbcd842c3

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: mjUsvlIThTQrPucDqT7UGs6cHu+NpmdDCxoJGcaMsZatPe6Z02HRqGCyU5IwpEi38IrRrfxo3rQ+hhSNdP/T8w==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 7058 43 KB
15 KB 99ms
98ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df38eefccae9443c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

28591c05e2f139616458dd439196f4abb148b6b3a4cee13a273d00515d32f4e7

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: jRPMkCYWwNkMr/DjuDc9ZcaaB8s4i3BYOJQFNKnn0eJgM8htvdgEiP47eLuzk7HxgvKvqbISivibkc/CKj6rwg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame E951 43 KB
13 KB 120ms
119ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1fc091b6732c3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ce0a15177d7493376c4107e6ed4c87d7224642995692c17376eb00e0b63e05fe

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 3ovmmppG3hiM+GlmOdJWDu7hTx+zh13qt1YECPfOG2ulcpImxSa1GApggapFGBXJvC2ow3aquemgfbFM0tIIqg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 1E0A 43 KB
13 KB 101ms
100ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df126a7dc9ebf35c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ad47ba94a10ae1d33ae560908be64e82a702d3a8bc37b6036093926531d8211f

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: JjSV7DQwN4goHzgjFTNYwNANZKfhXrAY78zxy8+iGZZ0jNvbBvrbfnGX/IDrdyrYiTCBdSduSi4zuppCX6upgg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 5665 43 KB
13 KB 95ms
93ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa9dea79c0a67%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b06364ba73f029b1ae3576c98bd92cfcbdc717bb43cc875c48f76e6b0b6d93e9

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: zlov5PzP0p9FtbNLxGspccU1qsI8eU9NiVhf+RW+qBjQgQWrW91WVhWdQlLsTr+vH70pfK5lIpv6TfJZCn4o+w==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 1C2B 43 KB
13 KB 98ms
98ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3139072c8d26cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2acb4e29daf1b1354c36fbc6dcebf7ba357508a6c3c89e68cc0bf85dc8996a71

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Bf2HWii/j0YzGr34XV+uHDIgElhB8QxZAlu+MqWdiQ08C+CDlh1QldTcueVUqnG2/5zx6J0o4wnVkaX7rCRa+A==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame DE21 43 KB
13 KB 105ms
103ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d13390679573%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b043531311546e69ef15d19c719f394bed075b10a4d3dd56628cabda1e46b9d3

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: U67Im9HSp9vyL1HxcIJTApQGmk03PcjhHEhyARzTg5cBVMsGOoRiH1DUAN7PNZD/LwxfDkMaIEYFsSAbsFb2BA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 80C4 43 KB
13 KB 114ms
112ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3a1bf68f3b245c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f8fba15bcc32240859f0e8e3630392574ca991861c7f84ae1850badb458fbf5e

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Q1ycGPDYOqFoqrUvsJnRv8MoopZiejfTf9O8HJOwL9IKmcGFP2lOkgLy4sfyI+ecEJ5rfXZM6VorcrxzoicjcA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 3308 43 KB
13 KB 107ms
107ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29412e21d1188%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3dd4f09f2b161e0f7162cf65f859ea4826d509aa986cc05e2363da0b32472dc4

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: aUDFOf/dTjnvz2anrVuzU8412QIONiGHvc8PGUWr4RMD49GZwNzP0p4b7G5xohkfl8VxioPUWQXJHiBV/7K3NA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame BFE0 43 KB
13 KB 103ms
103ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8050d5534904c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7ce4c25aa7c2fa24b63c05cbd733dbc89c677bdcc50aaec21fca9f2af33f7f3d

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: rrEzGyEZoELorfYObyzbDlZoPXgLWcysgshl/L5xZJfDjE8s9Q17yEd3fc+vMc+XJFht0RcJo8bLlfH6B0KUow==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 29DD 43 KB
13 KB 102ms
101ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3281427e9dd52c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0b00a33b7b6d0eeeb7db07965105ad7577a2dd0b590ca917fedd8dff078a588b

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: FzXfvrp8KrXIHdX0TDVQeAeJJpxzF0rbHVJMoNjJba7iEg8dErrzZIiClArwQALf/ypii149M6C689RjsT1ZLg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 6ED6 43 KB
13 KB 108ms
107ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df31d258f2cc1284%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9cf7b580e825b8c9b0c022210900d67bfe63a0dc473ce54084e2bc57c75d6b19

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: eR1F7fmfaDVMlc+h13W48TXM6zepJ1KPAVhn845c4hHBsO7V1l7vNU+mTiODbsDaEXbUs9cZXPa+4d3bcrS+yw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 1B3B 43 KB
13 KB 97ms
95ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df386c1fa1b38654%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6e074a5f0edb1270587c096bac6fe90794a2380d8d670f994d65b954dcfe1df5

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: HJyWawi0foqq5zCd3QhI65ELkJjL0+vx/BAPv0vHRZexpGoRZXG/uAicppJj27m4++C8MtdDeBhfDKt8sWLTNA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 83D9 43 KB
13 KB 113ms
112ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3f0fc5f604bdc8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

af07e8e8f5c056dbb8096bc11e0a1cd33a3a93633f6fc3936a04cdc956328dab

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: SoBXCRXZTnYTnUPxP+aq/TZ7QolntAgFEtpe/quCDCHrzapfRnPEuwKhWQNTQmUes5vv0nLyJaZ5UsPmn/k69Q==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame A2B7 43 KB
13 KB 122ms
122ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3f4bd191231f3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fc419a10a98b1613255943931a9d1aeba15d57844b8e29153b7ed41fbd777f22

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: sFMbegtfegjEmmVL3hd+iZAN6AEqiSgcrAOEOSDDDDfT/xXPwdVt5fq+11J9o5tc9b7wIAjXe2LrnzxG28mekQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 75CF 43 KB
13 KB 111ms
111ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1be0b88631d384%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b9711fdc2eb806e7f86b266d9bbc6cd03f3fda68c6ec902aa3a942b99ba4f213

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: lPx4JYawdyBMm3h0QY827Nw3abkC5zLp2GDNc00wnPMP4OFQAXOY7ABfVlZQ/i4/lSHdPaSXHi9o/fySJB0dOw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame F5A2 43 KB
13 KB 103ms
102ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df357107d9ec87c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3bcd2bc141b162d74683eccdb193b3e616cc5bd2f342f5c734df96ace8fbb9b3

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: VLm+wyf7/A5jZk06Cx2mYJXe0yt3Eh2ldddanvDkLaWZVvM6NAOoYchpiYaXsIC8wm737QTe804Gzi6JGcxFaw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 8F38 43 KB
13 KB 153ms
152ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df25e888e9b5340c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0286cc2a8c1be55a9775ea0ccd2f698e21a3a71a1e443229aac98f8e6990ea5c

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 6f7dBLmdtUCCcUS62YuF8FWD1GAL13+fiJG6U/sNwEicAdjcjCPPrjnK66uBYri8CeKHvNoW6ri0kWl64VH6Xg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 92DA 43 KB
13 KB 145ms
144ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df36421571d5c168%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

527d891c609b8d1b97924b466683f588753b2ad822821bdb8360a302d184a77c

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: ahswujRUJ1yf86KWW5BCC44T5rpf9nfc47bmHkAAGprGWpOV/M+iFmQ2kdav9fqWNupM7hE20WpGKbnxKPTNmg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 504F 43 KB
13 KB 106ms
105ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1bdfe3eb461d3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2db59f523430f3b88c530c7a8fe51aa23948a64a1b438d7ed5c11aa6fd3136c2

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: CiwPMfPGN1+Ho3GEq+MDFxykuuIDk8CkPdms4Uopb7h9PCm3hA4aKIkgqPMQXQCbBVUAcBtjGu7/GtbSTfMI5g==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame CCA2 43 KB
13 KB 132ms
132ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8d56b09166fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9b49659fb26f046c8c7491a2aa736d47a1424e22a043646e4a0621e405f625cb

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 9OZXu5Jl4D1/XQOgXH3c5uL2d1j9/tY2JVvzJMDSljY1+0mPU74W1haMqMnlO1Fm4DTvhnj+ef/Yf7Wl1/E8zA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 62D4 43 KB
13 KB 172ms
171ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2af2cd18b64858%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c7bb55ef8544f9e9c9c6513e0bee9dabd9e8baf9d89c89b6f1ec8048dc0b66f9

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: TAHgrJ8Pgr0fJ/zgkyrY4we4OVu1SEjlLcdXObhm4+aPsPlNDFhw/OmPj909wypwWGtxtM8IefDCjqJ+98tXsw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame DF21 43 KB
13 KB 116ms
114ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbbeba45fe82e4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

be22b9b288ee2731863854b80b4fb652412a6a513c4c2e56c609425c1dedbac5

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: fGsJmi3FVkAUuTKjZI7bA4nHJ9RRBgm2nllgK4+9Hkr4ZARTBHqDHAjoodWA0ODLomjQGwy2cOSNZqnEBxxPbw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 0E10 43 KB
13 KB 133ms
132ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df154ec589a1e54%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0054bb64379007e1dc5b4b03fa5b95379384d70ab260bb7b4c7695884de2fe21

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: zN591/vTSBmuTH+2rVkOK9AfBUzJeBwAI2baeEW37DQr2bKysrdGA/vtmK3HZfL43pDYOvQFiZX+QnKvrq52zA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 947F 43 KB
13 KB 103ms
103ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df133eab01a6144%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8bff9960f704c72b0888bc3e2d51bd2765d79634485c21d1af8f47e6591c0a7b

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: QOsAnybvF9Vz3shzj+rNCtIR00xB1bW+l+iJcybGq6Hx0Pqe2yqLJDqDyD7EpBXXktiLyOtHCRy2ibtoOpGXHQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 2120 43 KB
13 KB 101ms
100ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3a836cf35f6894%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ca7d7dff6307e8decc45de9e33dab490312ebf338508f6952e33aae33d63c280

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Q4ri8jvYRlX5XHEyLtXbL6XhUwRN7E9wVP5dVJoa+e3TatWIFZEZwsgRn4YBjfH7DMN8h/fCeJR0bpEoZfnufQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 9C3F 43 KB
13 KB 100ms
100ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df31fe254f1a7f4c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

780f397af51cc4e5ff03ae3928d04e33b8cf2f9522513955200408fb2e56cbc9

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: n/UuY8On7H2oPMKOq5PdocwmxIeGE+a0rhaVF+Xb+mcz0RAWQYgX6kScZXm7oWufc6I+tuJ6zqX91BO0Wh9Fkw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 7284 43 KB
13 KB 153ms
137ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df32da7cff0d6fa4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

872db3cfe3551af5452187ced39a006550cdff8ee2a508014591081d39b6ecc4

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: JsYtxHUndms1W+oV4K3jZmqL0HTpjX8G07rv81aPt/upiHEQv8cWU6dutabrSPxDV+WuWrfnjm6+utVKrAwyKg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3

200

/
www.facebook.com/login/ Frame BB1D
Redirect Chain

https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfc0065a501c0a8%26domain%3Dmyreturn...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbit...

0
0

118ms
108ms

Document
text/html

2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfc0065a501c0a8%2526domain%253Dmyreturnticket.ca%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmyreturnticket.ca%25252Ff3eee10fad7a17c%2526relation%253Dparent.parent%26container_width%3D222%26height%3D577%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmyreturnticket%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dtimeline%26width%3D338

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Mar 2023 15:45:01 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 1t4kb07Lsc3G/SnEFEjiZs5OoASjV2xNfFPTu+IH84iAVzNXxuuMJDCU5mWFlzIBJklL5WCIteHNvCk6hsWX3g==
x-frame-options: DENY
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:01 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfc0065a501c0a8%2526domain%253Dmyreturnticket.ca%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmyreturnticket.ca%25252Ff3eee10fad7a17c%2526relation%253Dparent.parent%26container_width%3D222%26height%3D577%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmyreturnticket%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dtimeline%26width%3D338
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
x-fb-debug: KxpmFmWyrrf5RlLrt2jn8AUo80vxWhicyQh58c+Ai5sG0uEbCNsx+53QxtwcovtYZWfmFHradCxNSw4UwSfLXA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H/1.1 200
OK usermatchredir Show response
ssum-sec.casalemedia.com/ Frame 9DEB 43 B
632 B 19ms
19ms Document
image/gif 192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=189872&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:01 GMT
Expires: 0
Keep-Alive: timeout=1, max=499
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame AFC9
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://usersync.gumgum.com/usersync?b=rth&i=kjbsEGvaAZbLcNsn551P&pi=gumgum&tc=1

35 B
250 B

34ms
33ms

Document
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=rth&i=kjbsEGvaAZbLcNsn551P&pi=gumgum&tc=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:02 GMT
Expires: 0
Pragma: no-cache

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Thu, 16 Mar 2023 15:45:02 GMT Thu, 16 Mar 2023 15:45:02 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://usersync.gumgum.com/usersync?b=rth&i=kjbsEGvaAZbLcNsn551P&pi=gumgum&tc=1
pragma: no-cache

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 50D7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMiBXiCNGyciSQ_2RPFQNVE&google_cver=1

42 B
831 B

104ms
25ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMiBXiCNGyciSQ_2RPFQNVE&google_cver=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: ffef7c53154b04a892ce1f9531c32cb1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMiBXiCNGyciSQ_2RPFQNVE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dcm
aax-eu.amazon-adsystem.com/s/ Frame 50D7 43 B
855 B 555ms
188ms Image
image/gif 67.220.224.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.220.224.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:02 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 0PJ2WQV73XTENJQ7WS3Q
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 50D7
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&gdpr=0&gdpr_consent=&expires=30

42 B
831 B

31ms
29ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&gdpr=0&gdpr_consent=&expires=30
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: ffef7c53154b04a892ce1f9531c32cb1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&gdpr=0&gdpr_consent=&expires=30
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 289

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 50D7
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LFBA8GCO-24-1S47

0
516 B

99ms
49ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LFBA8GCO-24-1S47
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 7C48BE188C8346AFA7715DCBD101C5F6 Ref B: YMQ01EDGE0510 Ref C: 2023-03-16T15:45:02Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX3BlgNjS7WgQM2JAIwIg==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LFBA8GCO-24-1S47
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 0190a17a18f2299b1b85aeb1793e601c
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 50D7
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTJiMGJiMTRjYzY3YjMwNTA0MWYzYTEzNjQ0OGI3MjU2ODZlZWJhYw

170 B
188 B

47ms
46ms

Image
image/png

142.250.72.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTJiMGJiMTRjYzY3YjMwNTA0MWYzYTEzNjQ0OGI3MjU2ODZlZWJhYw

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html

Protocol

Server

142.250.72.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTJiMGJiMTRjYzY3YjMwNTA0MWYzYTEzNjQ0OGI3MjU2ODZlZWJhYw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: af308bb17a856a105b8c87aaae7d7f8c
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 50D7
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/wWJbXCQ4GZOZLVPD5l_uDMn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-p4GVTudE2oJmLwSuEx1luUDTw3oc3cfiy7ZOFQ--~A

42 B
831 B

34ms
33ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-p4GVTudE2oJmLwSuEx1luUDTw3oc3cfiy7ZOFQ--~A
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: e1bddfc34a927e97bda010c0d8a62b62
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Thu, 16 Mar 2023 15:45:02 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-p4GVTudE2oJmLwSuEx1luUDTw3oc3cfiy7ZOFQ--~A
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 50D7
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZCQThHQ08tMjQtMVM0Nw==

170 B
188 B

46ms
45ms

Image
image/png

142.250.72.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZCQThHQ08tMjQtMVM0Nw==

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html

Protocol

Server

142.250.72.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZCQThHQ08tMjQtMVM0Nw==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d67ad46d58ddbab9fb03c088eabaaff8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 50D7
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ZHcTKwQhTpSlRnnaecl_Kg&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ZHcTKwQhTpSlRnnaecl_Kg

43 B
479 B

40ms
39ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ZHcTKwQhTpSlRnnaecl_Kg

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:03 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 3QE5T1BYB16CV1WK0EJC
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ZHcTKwQhTpSlRnnaecl_Kg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 966e54b6201ecd300c4db0efc0f5781a
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame B059 33 KB
10 KB 23ms
22ms Script
text/html 23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 725009d861547b1ad980adb1aa845f2445a61d2a05e8aa3dbfee3403b1a3a590

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:01 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Mar 2023 23:28:55 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=27821
Connection: keep-alive
Content-Length: 9997
Expires: Thu, 16 Mar 2023 23:28:42 GMT

GET
H2 204 services
sync.technoratimedia.com/ Frame E716 0
0 27ms
26ms Fetch 2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.technoratimedia.com/services?srv=cs&source=ipv6&uid=2607%3A5300%3A60%3A7867%3A%3A11&atip=0&tbk=0&nbk=0
Requested by: Host: ad-cdn.technoratimedia.com
URL: https://ad-cdn.technoratimedia.com/html/usersync.html?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 354959784
access-control-allow-origin: https://ad-cdn.technoratimedia.com
access-control-allow-credentials: true

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 6B82
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=synacor_xapi&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=synacor_xapi&endpoint=us-east

281 B
554 B

37ms
31ms

Document
text/html

23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=synacor_xapi&endpoint=us-east
Requested by: Host: ad-cdn.technoratimedia.com
URL: https://ad-cdn.technoratimedia.com/html/usersync.html?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://ad-cdn.technoratimedia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 15:45:01 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 16 Mar 2023 15:45:01 GMT
location: https://eus.rubiconproject.com/usync.html?p=synacor_xapi&endpoint=us-east
server: AkamaiGHost

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B847 16 KB
6 KB 63ms
39ms Document
text/html 23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Requested by: Host: ad-cdn.technoratimedia.com
URL: https://ad-cdn.technoratimedia.com/html/usersync.html?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://ad-cdn.technoratimedia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=107152
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Thu, 16 Mar 2023 15:45:01 GMT
expires: Fri, 17 Mar 2023 21:30:53 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H3 200 cm Show response
us-u.openx.net/w/1.0/ Frame 6893 1 KB
680 B 29ms
16ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Requested by: Host: ad-cdn.technoratimedia.com
URL: https://ad-cdn.technoratimedia.com/html/usersync.html?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 29bf2a50aee014094acec5526b47e1a370f0b6e312514eec31fd3e853f8daff0

Request headers

Referer: https://ad-cdn.technoratimedia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 661
content-type: text/html
date: Thu, 16 Mar 2023 15:45:01 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame C564
Redirect Chain

https://pixel.33across.com/ps?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X

2 KB
4 KB

73ms
40ms

Document
text/html

67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Requested by: Host: ad-cdn.technoratimedia.com
URL: https://ad-cdn.technoratimedia.com/html/usersync.html?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: 3e535ec26b28458329f030affe83de91d405ff6e80d740df0c623f28ee2ddd18

Request headers

Referer: https://ad-cdn.technoratimedia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 2195
content-type: text/html
date: Thu, 16 Mar 2023 15:45:01 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
date: Thu, 16 Mar 2023 15:45:01 GMT
expires: Thu, 01-Jan-70 00:00:01 GMT
location: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma: no-cache
referrer-policy: unsafe-url
server: 33XP019
x-33x-status: 8340000A

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame A7D1 2 KB
815 B 105ms
14ms Document
text/html 51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=572a470226457b8

Requested by

Host: ad-cdn.technoratimedia.com
URL: https://ad-cdn.technoratimedia.com/html/usersync.html?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip184.ip-51-222-39.net

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://ad-cdn.technoratimedia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H2 200 sync Show response
eb2.3lift.com/ Frame AF40 1 KB
2 KB 41ms
27ms Document
text/html 52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Requested by: Host: ad-cdn.technoratimedia.com
URL: https://ad-cdn.technoratimedia.com/html/usersync.html?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: 962c75c86fd0722b9d27e2f3f9c94f41c14af8a2c9c899cee408558556f15151

Request headers

Referer: https://ad-cdn.technoratimedia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1249
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:01 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

204

services
uat-net.technoratimedia.com/ Frame E716
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=technoratimedia&ttd_tpi=1
https://uat-net.technoratimedia.com/services?srv=cs&pid=7&uid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f

0
677 B

35ms
26ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uat-net.technoratimedia.com/services?srv=cs&pid=7&uid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 295194675
access-control-allow-origin: https://ad-cdn.technoratimedia.com/
access-control-allow-credentials: true

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://uat-net.technoratimedia.com/services?srv=cs&pid=7&uid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 227

GET
H2

204

services
sync.technoratimedia.com/ Frame E716
Redirect Chain

https://secure.adnxs.com/getuid?https://sync.technoratimedia.com/services?srv=cs&pid=46&uid=$UID
https://sync.technoratimedia.com/services?srv=cs&pid=46&uid=1694000653285184985

0
666 B

42ms
24ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=46&uid=1694000653285184985
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 1034493229
access-control-allow-origin: https://ad-cdn.technoratimedia.com/
access-control-allow-credentials: true

Redirect headers

Date: Thu, 16 Mar 2023 15:45:01 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9dd47dec-e874-45d4-ab6d-96c0b59f1a58
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://sync.technoratimedia.com/services?srv=cs&pid=46&uid=1694000653285184985
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

204

services
sync.technoratimedia.com/ Frame E716
Redirect Chain

https://gum.criteo.com/sync?c=372&r=1&u=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D64%26uid%3D%40USERID%40
https://sync.technoratimedia.com/services?srv=cs&pid=64&uid=sqXAZiAazWpjCwTq9HOq8td9EEzBY3h_

0
678 B

27ms
26ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=64&uid=sqXAZiAazWpjCwTq9HOq8td9EEzBY3h_
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 912114604
access-control-allow-origin: https://ad-cdn.technoratimedia.com/
access-control-allow-credentials: true

Redirect headers

location: https://sync.technoratimedia.com/services?srv=cs&pid=64&uid=sqXAZiAazWpjCwTq9HOq8td9EEzBY3h_
date: Thu, 16 Mar 2023 15:45:01 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 3691490
content-length: 0

GET
H2

204

services
sync.technoratimedia.com/ Frame E716
Redirect Chain

https://match.prod.bidr.io/cookie-sync/syn
https://match.prod.bidr.io/cookie-sync/syn?_bee_ppp=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFHm07IJnMAAB-p_D8lqA&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csyn&bee_sync_current_partner=pm&bee_sync_initiator=syn&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAFHm07IJnMAAB-p_D8lqA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsyn%26bee_sync_current_partner%3Dpp%26bee_sy...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=syn&bee_sync_current_partner=pp&bee_sync_initiator=syn&bee_sync_hop_count=2&ev=AAFHm07IJnMAAB-p_D8lqA&pid=558502&do=add
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAFHm07IJnMAAB-p_D8lqA

0
546 B

37ms
36ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAFHm07IJnMAAB-p_D8lqA
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:07 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 1028237597
access-control-allow-origin: https://ad-cdn.technoratimedia.com/
access-control-allow-credentials: true

Redirect headers

location: https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAFHm07IJnMAAB-p_D8lqA
Date: Thu, 16 Mar 2023 15:45:06 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
sync.targeting.unrulymedia.com/csync/ Frame E716
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=synacor
https://ad.turn.com/r/cs?pid=45&rndcb=2551809949
https://sync.1rx.io/usersync/turn/7826914019700556296?dspret=1&gdpr=0&gdpr_consent=&us_privacy=
https://sync.targeting.unrulymedia.com/csync/RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005

43 B
452 B

34ms
33ms

Image
image/gif

199.127.204.171
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 199.127.204.171 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:03 GMT
Server: Tengine
Connection: keep-alive
Content-Length: 43
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:03 GMT
Server: Tengine
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.targeting.unrulymedia.com/csync/RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2

204

services
sync.technoratimedia.com/ Frame E716
Redirect Chain

https://ad.360yield.com/server_match?partner_id=1669&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D79%26uid%3D%7BPUB_USER_ID%7D
https://sync.technoratimedia.com/services?srv=cs&pid=79&uid=369c474d-bcb1-496e-8b73-77f1f6fe3cfb

0
676 B

34ms
26ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=79&uid=369c474d-bcb1-496e-8b73-77f1f6fe3cfb
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 1040550455
access-control-allow-origin: https://ad-cdn.technoratimedia.com/
access-control-allow-credentials: true

Redirect headers

location: https://sync.technoratimedia.com/services?srv=cs&pid=79&uid=369c474d-bcb1-496e-8b73-77f1f6fe3cfb
access-control-allow-origin: *
date: Thu, 16 Mar 2023 15:45:01 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

204

services
uat-net.technoratimedia.com/ Frame E716
Redirect Chain

https://ups.analytics.yahoo.com/ups/58266/sync?redir=true
https://uat-net.technoratimedia.com/services?srv=cs&pid=80&uid=y-I.IRXxNE2uGU0hjFU6GayyWjqzi6tT0E~A

0
680 B

25ms
24ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uat-net.technoratimedia.com/services?srv=cs&pid=80&uid=y-I.IRXxNE2uGU0hjFU6GayyWjqzi6tT0E~A
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 295194681
access-control-allow-origin: https://ad-cdn.technoratimedia.com/
access-control-allow-credentials: true

Redirect headers

location: https://uat-net.technoratimedia.com/services?srv=cs&pid=80&uid=y-I.IRXxNE2uGU0hjFU6GayyWjqzi6tT0E~A
date: Thu, 16 Mar 2023 15:45:01 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

services
sync.technoratimedia.com/ Frame E716
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=191740&cb=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D82%26uid%3D
https://sync.technoratimedia.com/services?srv=cs&pid=82&uid=ZBM5ew3lKTK1bGaeTrJAtAAA%263575

0
673 B

41ms
28ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=82&uid=ZBM5ew3lKTK1bGaeTrJAtAAA%263575
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 1021846745
access-control-allow-origin: https://ad-cdn.technoratimedia.com/
access-control-allow-credentials: true

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:01 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://sync.technoratimedia.com/services?srv=cs&pid=82&uid=ZBM5ew3lKTK1bGaeTrJAtAAA%263575
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

idSync
sync.aralego.com/ Frame E716
Redirect Chain

https://sync.aralego.com/idSync?ucf_nid=par-488A3E6BD8D997D0ED8B3BD34D8BA4B&ucf_user_id=3D2E27AC42E64EE8AD58528E3DA25669&redirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%...
https://x.bidswitch.net/sync?ssp=ucfunnel&user_id=b5f949c1-909b-34e0-aab6-e55c10862ebd&gdpr=0&gdpr_consent=
https://dis.criteo.com/dis/usersync.aspx?r=25&p=52&dis=0&gdpr=0&gdpr_consent=&url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D462%26ssp%3Ducfunnel%26user_id%3D%40%40CRITEO_USERID%40%40
https://x.bidswitch.net/sync?dsp_id=462&ssp=ucfunnel&user_id=k-Aone-ztpe8e1CwsTRvwvZhSlOFMyehVopnhoWg&gdpr=0&gdpr_consent=
https://sync.aralego.com/idSync?redirect=&ucf_nid=dsp-6AABDA2D3AA6EAD1E94E9442DE6444A&ucf_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215

35 B
155 B

380ms
75ms

Image
image/gif

162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idSync?redirect=&ucf_nid=dsp-6AABDA2D3AA6EAD1E94E9442DE6444A&ucf_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 162.210.196.208 Elkridge, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:04 GMT
connection: close
content-length: 35
content-type: image/gif

Redirect headers

Location: //sync.aralego.com/idSync?redirect=&ucf_nid=dsp-6AABDA2D3AA6EAD1E94E9442DE6444A&ucf_user_id=88b2fc1d-8ebb-4ab8-85b5-11599c163215
Date: Thu, 16 Mar 2023 15:45:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

204

services
uat-net.technoratimedia.com/ Frame E716
Redirect Chain

https://x.bidswitch.net/sync?ssp=synacor&user_id=3D2E27AC42E64EE8AD58528E3DA25669
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dsynacor%26bsw_param%3D88b2fc1d-8ebb-4ab8-85b5-11599c16321...
https://x.bidswitch.net/sync?dsp_id=80&user_id=e7ef6413-397c-4900-b930-b5f1dddc2b71&expires=30&ssp=synacor&bsw_param=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=
https://uat-net.technoratimedia.com/services?srv=cs&pid=48&uid=88b2fc1d-8ebb-4ab8-85b5-11599c163215

0
678 B

25ms
24ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uat-net.technoratimedia.com/services?srv=cs&pid=48&uid=88b2fc1d-8ebb-4ab8-85b5-11599c163215
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 1030038406
access-control-allow-origin: https://ad-cdn.technoratimedia.com/
access-control-allow-credentials: true

Redirect headers

Location: //uat-net.technoratimedia.com/services?srv=cs&pid=48&uid=88b2fc1d-8ebb-4ab8-85b5-11599c163215
Date: Thu, 16 Mar 2023 15:45:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

204

services
uat-net.technoratimedia.com/ Frame E716
Redirect Chain

https://synacor-match.dotomi.com/match/bounce/current?networkId=63258&version=1&nuid=3D2E27AC42E64EE8AD58528E3DA25669
https://synacor-match.dotomi.com/match/bounce/current?DotomiTest=1951d39320d04de&is_secure=true&networkId=63258&version=1&nuid=3D2E27AC42E64EE8AD58528E3DA25669
https://uat-net.technoratimedia.com/services?srv=cs&pid=49&uid=AAAJNwbPpexnAANRMcZVAAAAAAA&expiration=1679067902&nuid=3D2E27AC42E64EE8AD58528E3DA25669&is_secure=true

0
674 B

30ms
29ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uat-net.technoratimedia.com/services?srv=cs&pid=49&uid=AAAJNwbPpexnAANRMcZVAAAAAAA&expiration=1679067902&nuid=3D2E27AC42E64EE8AD58528E3DA25669&is_secure=true
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 984733626
access-control-allow-origin: https://ad-cdn.technoratimedia.com/
access-control-allow-credentials: true

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://uat-net.technoratimedia.com/services?srv=cs&pid=49&uid=AAAJNwbPpexnAANRMcZVAAAAAAA&expiration=1679067902&nuid=3D2E27AC42E64EE8AD58528E3DA25669&is_secure=true
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2

204

services
sync.technoratimedia.com/ Frame E716
Redirect Chain

https://contextual.media.net/cksync.php?cs=3&type=syn&ovsid=3D2E27AC42E64EE8AD58528E3DA25669&redir=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D62%26uid%3D%5BUSER_ID%5D
https://sync.technoratimedia.com/services?srv=cs&pid=62&uid=3219830991454823000V10

0
668 B

27ms
24ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=62&uid=3219830991454823000V10
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 935621803
access-control-allow-origin: https://ad-cdn.technoratimedia.com/
access-control-allow-credentials: true

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:01 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
location: https://sync.technoratimedia.com/services?srv=cs&pid=62&uid=3219830991454823000V10
content-type: text/html
cache-control: max-age=0, no-cache, no-store
content-length: 154
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:01 GMT

GET
H2 200 rtb-h
sync.taboola.com/sg/synacorrtb-network/1/ Frame E716 0
231 B 118ms
34ms Image
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/synacorrtb-network/1/rtb-h?taboola_hm=3D2E27AC42E64EE8AD58528E3DA25669
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ad-cdn.technoratimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 23756

POST
H/1.1 200
OK adjr Show response
s.pubmine.com/ 3 KB
2 KB 166ms
157ms XHR
application/json 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/adjr?pvid=bb493c7c-6d38-41f0-840f-8ac4d116dee8&rid=980833864949
Requested by: Host: c0.pubmine.com
URL: https://c0.pubmine.com/2.37.11677685674593/ata.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5bdbed60ac40be9a1f9b5ce25a04a5805e713f9a6f6a784b620bb03cdb443443

Request headers

Referer: https://myreturnticket.ca/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:01 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://myreturnticket.ca
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: 0

GET
H2 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 921D 272 B
548 B 21ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12361c2c99f7d4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H2 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 2C46 272 B
418 B 38ms
38ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16dce22928f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H2 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame C1A0 272 B
418 B 36ms
33ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df11712ebd11f8f4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H2 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 7058 272 B
418 B 38ms
35ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df38eefccae9443c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H2 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame E951 272 B
418 B 22ms
21ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1fc091b6732c3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H2 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 1E0A 272 B
418 B 21ms
21ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df126a7dc9ebf35c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 5665 272 B
327 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa9dea79c0a67%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:01 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 1C2B 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3139072c8d26cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame DE21 272 B
324 B 21ms
20ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d13390679573%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 80C4 272 B
324 B 24ms
23ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3a1bf68f3b245c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 3308 272 B
324 B 21ms
20ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29412e21d1188%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame BFE0 272 B
324 B 20ms
20ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8050d5534904c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 29DD 272 B
324 B 23ms
22ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3281427e9dd52c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 6ED6 272 B
324 B 23ms
21ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df31d258f2cc1284%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 1B3B 272 B
324 B 22ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df386c1fa1b38654%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 83D9 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3f0fc5f604bdc8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame A2B7 272 B
324 B 20ms
20ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3f4bd191231f3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 75CF 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1be0b88631d384%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame F5A2 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df357107d9ec87c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 8F38 272 B
324 B 20ms
20ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df25e888e9b5340c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 92DA 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df36421571d5c168%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 504F 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1bdfe3eb461d3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame CCA2 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8d56b09166fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame DF21 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbbeba45fe82e4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 947F 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df133eab01a6144%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 2120 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3a836cf35f6894%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 0E10 272 B
324 B 20ms
20ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df154ec589a1e54%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 9C3F 272 B
324 B 19ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df31fe254f1a7f4c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 62D4 272 B
324 B 21ms
20ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2af2cd18b64858%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 8E17
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

20ms
20ms

Document
text/html

23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 15:45:02 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 16 Mar 2023 15:45:02 GMT
location: https://eus.rubiconproject.com/usync.html?p=gumgum
server: AkamaiGHost

GET
H/1.1 200
OK button.e7f9415a2e000feaab02c86dd5802747.js Show response
platform.twitter.com/js/ 8 KB
3 KB 20ms
19ms Script
application/javascript 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.e7f9415a2e000feaab02c86dd5802747.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:02 GMT
Content-Encoding: gzip
Age: 67941
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2618
Last-Modified: Tue, 24 Jan 2023 21:41:06 GMT
Server: ECS (nyb/1D0F)
Etag: "506673dbdb9085e7201e137e893cc152+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H2 200 b9pj45k4 Show response
sync-tm.everesttech.net/upi/pid/ Frame 22A7 85 B
259 B 29ms
27ms Document
image/png 151.101.66.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: no-cache
content-length: 85
content-type: image/png
date: Thu, 16 Mar 2023 15:45:02 GMT
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma: no-cache
server: Jetty(9.4.35.v20201120)
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yul12823-YUL
x-timer: S1678981502.384164,VS0,VE14

GET
H/1.1 200
OK dcm Show response
s.amazon-adsystem.com/ Frame 3B33 43 B
855 B 37ms
36ms Document
image/gif 52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=4BA59E21-32B2-424E-991B-86C3DF8ACE81&redir=true&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:02 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: DBS1D8F9NTQX35K72QYN

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame E13B
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGSG0wN0lKbk1BQUItcF9EOGxxQQ&gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&b...
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFHm07IJnMAAB-p_D8lqA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsyn%252Cpp%252C...
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=syn%2Cpp%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=2&userid=5271008299598803031&gdpr=0&gdpr_consent=
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAFHm07IJnMAAB-p_D8lqA&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D5271008299598803031%26gdpr%3D0%26gdpr_cons...
https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=5271008299598803031&gdpr=0&gdpr_consent=&bee_sync_partners=pp,pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=3
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAFHm07IJnMAAB-p_D8lqA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D5271008299598803031%26gdpr%3D0%26bee_sync_pa...
https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=5271008299598803031&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=4&ev=AAFHm07IJnMAAB-p_D8lq...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFHm07IJnMAAB-p_D8lqA&gdpr=0

42 B
428 B

126ms
28ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFHm07IJnMAAB-p_D8lqA&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:02 GMT
Server: gunicorn
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFHm07IJnMAAB-p_D8lqA&gdpr=0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H/1.1 200
OK match Show response
s.pubmine.com/ Frame 22B6 43 B
866 B 27ms
25ms Document
image/gif 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/match?bidder_id=26&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:02 GMT
Server: nginx
Transfer-Encoding: chunked

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E7CB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=S6WeITKyQk6ZG4bD34rOgQ%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

29ms
26ms

Image
text/html

23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=107150
accept-ranges: bytes
content-length: 5554
expires: Fri, 17 Mar 2023 21:30:53 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame E7CB
Redirect Chain

https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=&ct=y

49 B
543 B

54ms
52ms

Image
image/gif

18.210.31.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=&ct=y
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Server: 18.210.31.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-31-252.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.8.215
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=&ct=y
cache-control: no-cache
x-server: 10.40.6.222
content-length: 0
expires: 0

GET
H2 200 xuid
eb2.3lift.com/ Frame E7CB 37 B
354 B 34ms
28ms Image
image/gif 52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=7976&xuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&dongle=u6nf&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 16 Mar 2023 15:45:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

insync
thrtle.com/ Frame E7CB
Redirect Chain

https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&vxii_pid=12&vxii_pid1=10067&vxii_rcid=df188d4b-7e2e-49b1-bbc6-212e4c472a38

43 B
293 B

28ms
26ms

Image
image/gif

3.234.22.82
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&vxii_pid=12&vxii_pid1=10067&vxii_rcid=df188d4b-7e2e-49b1-bbc6-212e4c472a38
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Server: 3.234.22.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-22-82.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

p3p: CP="NOI OUR BUS UNI COM NAV"
date: Thu, 16 Mar 2023 15:45:03 GMT
content-length: 43
content-type: image/gif

Redirect headers

location: https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&vxii_pid=12&vxii_pid1=10067&vxii_rcid=df188d4b-7e2e-49b1-bbc6-212e4c472a38
date: Thu, 16 Mar 2023 15:45:02 GMT
content-type: text/html; charset=utf-8
content-length: 211
p3p: CP="NOI OUR BUS UNI COM NAV"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E7CB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEJBNTlFMjEtMzJCMi00MjRFLTk5MUItODZDM0RGOEFDRTgx&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

56ms
30ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:01 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E7CB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHgJtB_TbD0IjyZHVfK0U5M&google_cver=1

42 B
379 B

54ms
29ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHgJtB_TbD0IjyZHVfK0U5M&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:02 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHgJtB_TbD0IjyZHVfK0U5M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E7CB
Redirect Chain

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:AA77F830412244B9A960431CFB8DC128

42 B
209 B

27ms
26ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:AA77F830412244B9A960431CFB8DC128
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date: Thu, 16 Mar 2023 15:45:02 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:AA77F830412244B9A960431CFB8DC128
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 15 Mar 2023 15:45:02 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E7CB
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7826914019700556296&gdpr=0&gdpr_consent=&us_privacy=

1 B
405 B

95ms
28ms

Image
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7826914019700556296&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7826914019700556296&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Thu, 16 Mar 2023 15:45:01 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E7CB
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&gdpr=0&gdpr_consent=

42 B
297 B

106ms
29ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 355

GET
H2 200 4BA59E21-32B2-424E-991B-86C3DF8ACE81
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame E7CB 43 B
602 B 41ms
38ms Image
image/gif 2600:1f18:4e9:5a02:460b:2b68:c137:43d7
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/4BA59E21-32B2-424E-991B-86C3DF8ACE81?gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4e9:5a02:460b:2b68:c137:43d7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame E7CB
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-rco5rENE2uUt1m1PWv1VZbSGIetM8WE-~A&gdpr=0

0
260 B

103ms
20ms

Image
text/plain

162.248.18.34
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-rco5rENE2uUt1m1PWv1VZbSGIetM8WE-~A&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Server: 162.248.18.34 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-rco5rENE2uUt1m1PWv1VZbSGIetM8WE-~A&gdpr=0
date: Thu, 16 Mar 2023 15:45:02 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 7284 272 B
324 B 33ms
32ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df32da7cff0d6fa4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H2 204 services
sync.technoratimedia.com/ Frame 6893 0
670 B 45ms
27ms Image
text/plain 2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=50&uid=aca99fcf-9453-433b-bd9d-4d99e1a0d6d7
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 1010382277
access-control-allow-origin: https://us-u.openx.net/
access-control-allow-credentials: true

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 6893
Redirect Chain

https://aorta.clickagy.com/pixel.gif?ch=4&cm=8e4be494-a17e-4746-a1c8-c8b83172e600&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537073026%26val%3D%7Bvisitor_id%7D
https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:bc61a7eaaf4da9ddef88b7d1abda3820

43 B
61 B

15ms
14ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:bc61a7eaaf4da9ddef88b7d1abda3820
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Thu, 16 Mar 2023 15:45:02 GMT
server: Aorta/20230315.636f269b3
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/plain
location: https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:bc61a7eaaf4da9ddef88b7d1abda3820
access-control-allow-origin: *
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: fbabea20a4ef
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H2

200

dds
rtb.openx.net/sync/ Frame 6893
Redirect Chain

https://rtb.openx.net/sync/dds
https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=TpNaTVqCwiYxKR9OBlnSiw==&ox_sc=1&ox_init=1
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1

43 B
145 B

17ms
16ms

Image
image/gif

35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Protocol: H2
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:04 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 3t6s80l146ik1m9bf006pe90bis2btmc

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 249
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 6893
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://us-u.openx.net/w/1.0/sd?id=536872786&val=e7ef6413-397c-4900-b930-b5f1dddc2b71

43 B
61 B

14ms
14ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=536872786&val=e7ef6413-397c-4900-b930-b5f1dddc2b71
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 16 Mar 2023 15:45:03 GMT
Server: MT3 569 46451a0 master iad-pixel-x17 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://us-u.openx.net/w/1.0/sd?id=536872786&val=e7ef6413-397c-4900-b930-b5f1dddc2b71
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 16 Mar 2023 15:45:02 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 6893
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://us-u.openx.net/w/1.0/sd?id=537073028&val=${ADELPHIC_CUID}
https://us-u.openx.net/w/1.0/sd?id=537073028&val=c63294f0-203b-4b30-9308-cb83039ba6ed

43 B
61 B

15ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073028&val=c63294f0-203b-4b30-9308-cb83039ba6ed
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://us-u.openx.net/w/1.0/sd?id=537073028&val=c63294f0-203b-4b30-9308-cb83039ba6ed
Date: Thu, 16 Mar 2023 15:45:03 GMT
Connection: keep-alive
X-CI-RTID: 205a4620-2f89-4636-ae90-a3f86a6bafab
Content-Length: 112
Content-Type: text/html; charset=utf-8

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 6893
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=4&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072977&val=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=

43 B
61 B

16ms
16ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072977&val=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://us-u.openx.net/w/1.0/sd?id=537072977&val=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 6893
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=1955&partner_device_id=97bba38d-a803-468f-9dbc-cb2fe6cc293d
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1955&partner_device_id=97bba38d-a803-468f-9dbc-cb2fe6cc293d

95 B
436 B

42ms
41ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1955&partner_device_id=97bba38d-a803-468f-9dbc-cb2fe6cc293d

Requested by

Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

date: Thu, 16 Mar 2023 15:45:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1955&partner_device_id=97bba38d-a803-468f-9dbc-cb2fe6cc293d
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58294/ Frame 6893 0
348 B 32ms
24ms Image
text/plain 52.45.33.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=bf0153f8-2b6e-4141-847a-92f342e31c58

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.45.33.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-45-33-138.compute-1.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

458249.gif
idsync.rlcdn.com/ Frame 6893
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D
https://id.rlcdn.com/464246.gif?partner_uid=c403af17-3e43-4d68-8824-d30aecdb89e9
https://pippio.com/api/sync?pid=5324&it=1&iv=a50d89b93e8fc77998d86167ef7378aef6f21d6a769d0e74a5872df097b175d0791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBhNTBkODliOTNlOGZjNzc5OThkODYxNjdlZjczNzhhZWY2ZjIxZDZhNzY5ZDBlNzRhNTg3MmRmMDk3YjE3NWQwNzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBhNTBkODliOTNlOGZjNzc5OThkODYxNjdlZjczNzhhZWY2ZjIxZDZhNzY5ZDBlNzRhNTg3MmRmMDk3YjE3NWQwNzkxNDI2YjU0MTdkY2UyMRAAGgwIgPPMoAYSBAgCEABCAEoA&goog...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=4f654d6e-652e-420e-aacd-15ef59c9e751

42 B
308 B

73ms
44ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=4f654d6e-652e-420e-aacd-15ef59c9e751
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Protocol: H2
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:07 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=4f654d6e-652e-420e-aacd-15ef59c9e751
date: Thu, 16 Mar 2023 15:45:06 GMT
via: 1.1 google
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
content-type: text/html; charset=utf-8

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 6893
Redirect Chain

https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://us-u.openx.net/w/1.0/sd?id=537072399&val=1694000653285184985

43 B
61 B

15ms
14ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072399&val=1694000653285184985
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 16 Mar 2023 15:45:03 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.180; 149.56.153.180; 564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 3332358c-ae96-4168-9c96-86ae61fa22b6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://us-u.openx.net/w/1.0/sd?id=537072399&val=1694000653285184985
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 6893
Redirect Chain

https://ad.turn.com/r/cs?pid=9&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537073061&val=7826914019700556296&gdpr=0&gdpr_consent=&us_privacy=

43 B
61 B

15ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073061&val=7826914019700556296&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=8da2f9dd-77de-4961-a71d-959c5609fdb1&ph=9c552f28-6766-4d68-8e0e-995276acc8c6&r=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D50%26uid%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537073061&val=7826914019700556296&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 img_1369_mov_hd_1080p.original.jpg
videos.files.wordpress.com/XO6mYVEb/ Frame 0A04 104 KB
105 KB 780ms
777ms Image
image/jpeg 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://videos.files.wordpress.com/XO6mYVEb/img_1369_mov_hd_1080p.original.jpg

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6d6905234cdd5f45051bece6da239c116e4c6d027c817e96e30d2ab7d1d33591

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 3
date: Thu, 16 Mar 2023 15:45:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:09:54 GMT
server: nginx
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
content-length: 106989
expires: Mon, 24 Apr 2023 17:58:25 GMT

GET
DATA 200
OK truncated
/ Frame 0A04 450 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5cdaccdb5ae058fbc4f9051562b0a5142372082152eeded79045550c079c32f

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0A04 772 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b38e8d0671497a9d9bd6fba89ffe2260743f8d331644fee79659d45fe42fb764

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 img_1369_mov_hd_1080p.original.jpg
videos.files.wordpress.com/XO6mYVEb/ Frame 0A04 104 KB
105 KB 268ms
228ms Image
image/jpeg 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://videos.files.wordpress.com/XO6mYVEb/img_1369_mov_hd_1080p.original.jpg

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6d6905234cdd5f45051bece6da239c116e4c6d027c817e96e30d2ab7d1d33591

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://videopress.com/
Origin: https://videopress.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:09:54 GMT
server: nginx
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
content-length: 106989
expires: Mon, 24 Apr 2023 17:58:25 GMT

GET
H2 200 img_1369_mov.thumbgrid_0.jpg
videos.files.wordpress.com/XO6mYVEb/ Frame 0A04 23 KB
23 KB 348ms
346ms Image
image/webp 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://videos.files.wordpress.com/XO6mYVEb/img_1369_mov.thumbgrid_0.jpg?h=1440

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6cc3327e9f74d8440ff73c82bad544eae316dfdc3d1529cb66d75dfd0ba13dfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Thu, 16 Mar 2023 15:45:02 GMT
a8c-edge-cache: cache
x-nc: MISS yyz 3
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:09:05 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: *
host-header: WordPress.com
accept-ranges: bytes
content-length: 23132
expires: Thu, 06 Apr 2023 11:08:45 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame AF40
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=3658&xuid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&dongle=0cfd&gdpr=0&gdpr_consent=

37 B
354 B

31ms
30ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3658&xuid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&dongle=0cfd&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Protocol: H2
Server: 52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://eb2.3lift.com/xuid?mid=3658&xuid=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&dongle=0cfd&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 251

GET
H2

200

ebda
eb2.3lift.com/ Frame AF40
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDYyOTEwMDM5MTQ0MjEzMDU1NDE1OA%3D%3D
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=

37 B
139 B

25ms
25ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Protocol: H2
Server: 52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame AF40
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEDHONjuZduwrbuPDk8U0SHo&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1

37 B
354 B

28ms
27ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEDHONjuZduwrbuPDk8U0SHo&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Protocol: H2
Server: 52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEDHONjuZduwrbuPDk8U0SHo&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AF40
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDYyOTEwMDM5MTQ0MjEzMDU1NDE1OA%3D%3D

170 B
188 B

37ms
37ms

Image
image/png

142.250.72.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDYyOTEwMDM5MTQ0MjEzMDU1NDE1OA%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar

Protocol

Server

142.250.72.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDYyOTEwMDM5MTQ0MjEzMDU1NDE1OA%3D%3D
date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame AF40 0
143 B 76ms
73ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=4629100391442130554158&dbredirect=true&gdpr=0&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 4504FF3277CC4A7390AFA78E4DCC3224 Ref B: YMQ01EDGE0510 Ref C: 2023-03-16T15:45:03Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX3BlgVg2qaECDRy3n0Qg==

GET
H2

200

xuid
eb2.3lift.com/ Frame AF40
Redirect Chain

https://x.bidswitch.net/sync?ssp=triplelift&user_id=4629100391442130554158&gdpr=0&gdpr_consent=
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift
https://x.bidswitch.net/sync?dsp_id=59&user_id=ed5cac5a-1761-4a6e-89a2-2143c80f6b22&ssp=triplelift
https://eb2.3lift.com/xuid?mid=2409&xuid=88b2fc1d-8ebb-4ab8-85b5-11599c163215&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=

37 B
354 B

27ms
26ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2409&xuid=88b2fc1d-8ebb-4ab8-85b5-11599c163215&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Protocol: H2
Server: 52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 16 Mar 2023 15:45:05 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location: //eb2.3lift.com/xuid?mid=2409&xuid=88b2fc1d-8ebb-4ab8-85b5-11599c163215&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Date: Thu, 16 Mar 2023 15:45:05 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

xuid
eb2.3lift.com/ Frame AF40
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/4629100391442130554158?gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-_lOvdLBE2oRyBVimzTJ1ko6gYbDRbPl59kiaP9UVBw--~A&dongle=0883

37 B
354 B

26ms
26ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-_lOvdLBE2oRyBVimzTJ1ko6gYbDRbPl59kiaP9UVBw--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Protocol: H2
Server: 52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Thu, 16 Mar 2023 15:45:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-_lOvdLBE2oRyBVimzTJ1ko6gYbDRbPl59kiaP9UVBw--~A&dongle=0883
content-length: 0

GET
H/1.1 200
OK 757c0557066e95cfd4c7
s.amazon-adsystem.com/x/ Frame AF40 0
0 42ms
40ms Image
text/html 52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=0&gdpr_consent=&uid=4629100391442130554158
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H2 200 c.gif
c.bing.com/ Frame AF40 42 B
668 B 84ms
46ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=4629100391442130554158&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
last-modified: Wed, 08 Mar 2023 02:16:31 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 726E54A237A845BC8C78496A1D9B34B0 Ref B: YMQ01EDGE0315 Ref C: 2023-03-16T15:45:03Z
etag: "417a6ff6351d91:0"
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-type: image/gif
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

GET
H2

200

xuid
eb2.3lift.com/ Frame AF40
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent=
https://eb2.3lift.com/xuid?mid=3335&xuid=1694000653285184985&dongle=4d58&gdpr=0&gdpr_consent=

37 B
354 B

27ms
26ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3335&xuid=1694000653285184985&dongle=4d58&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Protocol: H2
Server: 52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Date: Thu, 16 Mar 2023 15:45:03 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.180; 149.56.153.180; 564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 8a252bd0-7ea6-4f31-97c2-23a6cb3b8fa7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://eb2.3lift.com/xuid?mid=3335&xuid=1694000653285184985&dongle=4d58&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 services
sync.technoratimedia.com/ Frame AF40 0
657 B 27ms
25ms Image
text/plain 2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=88&uid=4629100391442130554158
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?redird=SN85RLf7qQar
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 1030038372
access-control-allow-origin: https://eb2.3lift.com/
access-control-allow-credentials: true

GET
H2

200

cksync.php
contextual.media.net/ Frame A6DA
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=medianet&khaos=LFBA8GCO-24-1S47
https://contextual.media.net/cksync.php?type=rbcn&ovsid=LFBA8GCO-24-1S47

237 B
644 B

66ms
65ms

Image
image/gif

23.195.100.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?type=rbcn&ovsid=LFBA8GCO-24-1S47

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=medianet

Protocol

Server

23.195.100.26 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-100-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 15:45:03 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Thu, 16 Mar 2023 15:45:03 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://contextual.media.net/cksync.php?type=rbcn&ovsid=LFBA8GCO-24-1S47
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d67ad46d58ddbab9fb03c088eabaaff8
Expires: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 6B82 33 KB
10 KB 76ms
76ms Script
text/html 23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=synacor_xapi&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 725009d861547b1ad980adb1aa845f2445a61d2a05e8aa3dbfee3403b1a3a590

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=synacor_xapi&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Mar 2023 23:28:55 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=27820
Connection: keep-alive
Content-Length: 9997
Expires: Thu, 16 Mar 2023 23:28:42 GMT

GET
H3

200

match
events-ssc.33across.com/ Frame C1D3
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=&khaos=LFBA8GCO-24-1S47
https://ssc-cms.33across.com/ps/?xi=1&xu=LFBA8GCO-24-1S47
https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LFBA8GCO-24-1S47&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

114ms
113ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LFBA8GCO-24-1S47&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
referrer-policy: unsafe-url
server: 33XP011
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LFBA8GCO-24-1S47&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 921D 522 KB
135 KB 20ms
19ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 2C46 522 KB
135 KB 30ms
29ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16dce22928f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame C1A0 522 KB
135 KB 32ms
27ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df11712ebd11f8f4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 7058 522 KB
135 KB 26ms
26ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df38eefccae9443c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame E951 522 KB
135 KB 21ms
20ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1fc091b6732c3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 1E0A 522 KB
135 KB 21ms
21ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df126a7dc9ebf35c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H2 200 houseads-difm-en-set1-build-1x-728x90-upload.png
wordadsmediafiles.files.wordpress.com/2023/02/ Frame E32B 6 KB
6 KB 133ms
19ms Image
image/png 192.0.72.25
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wordadsmediafiles.files.wordpress.com/2023/02/houseads-difm-en-set1-build-1x-728x90-upload.png

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.25 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

159bbfc67b046563c4677800806ba13bd6e25e5e0b4237df34c33ad284425728

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 25 np
date: Thu, 16 Mar 2023 15:45:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 09 Feb 2023 21:35:05 GMT
server: nginx
x-orig-src: 01_mogdir
vary: Origin
content-type: image/png
access-control-allow-origin: https://wordadsmediafiles.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 5955
expires: Fri, 21 Apr 2023 19:16:46 GMT

GET
H/1.1 200
OK imp_pixel
s.pubmine.com/ Frame E32B 43 B
286 B 28ms
24ms Image
image/gif 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/imp_pixel?pc=_ysRbQRQG27hpyBZcy14YsXhX8sHF1ZcgDwbEKzEY99wqfzTVyUf-uuLAVbTuPe4hzYFi8Y0VniLFKXJEDO_tdmXVBXGnS5zVAtzMSWthfa4e5_ZvaIC5EwmCLvf-ZT2jdHFt8ECmO28MZY5maERUGFRJgI4sKisHwK-nLUIniXzIkq3iA&tuuid=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H/1.1 200
OK wl_pixel
s.pubmine.com/ Frame E32B 43 B
286 B 29ms
25ms Image
image/gif 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/wl_pixel?tuuid=e3643ba5-6d29-4272-9941-c8ff19e04eb6&pc=_ysRbQRQG27hpyBZcy14YsXhX8sHF1ZcgDwbEKzEY99wqfzTVyUf-uuLAVbTuPe4hzYFi8Y0VniLFKXJEDO_tdmXVBXGnS5zVAtzMSWthfa4e5_ZvaIC5EwmCLvf-ZT2jdHFt8ECmO28MZY5maERUGFRJgI4sKisHwK-nLUIniXzIkq3iA
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 5665 522 KB
135 KB 50ms
20ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa9dea79c0a67%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 1C2B 522 KB
135 KB 48ms
21ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3139072c8d26cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame DE21 522 KB
135 KB 44ms
23ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d13390679573%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 80C4 522 KB
135 KB 52ms
36ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3a1bf68f3b245c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 3308 522 KB
135 KB 51ms
41ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29412e21d1188%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame BFE0 522 KB
135 KB 50ms
44ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8050d5534904c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 29DD 522 KB
135 KB 48ms
46ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3281427e9dd52c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 6ED6 522 KB
135 KB 51ms
51ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df31d258f2cc1284%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 1B3B 522 KB
135 KB 45ms
22ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df386c1fa1b38654%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 83D9 522 KB
135 KB 36ms
24ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3f0fc5f604bdc8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame A2B7 522 KB
135 KB 34ms
26ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3f4bd191231f3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 75CF 522 KB
135 KB 34ms
27ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1be0b88631d384%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame F5A2 522 KB
135 KB 37ms
28ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df357107d9ec87c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 8F38 522 KB
135 KB 34ms
30ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df25e888e9b5340c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 92DA 522 KB
135 KB 26ms
21ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df36421571d5c168%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 504F 522 KB
135 KB 27ms
21ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1bdfe3eb461d3c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame CCA2 522 KB
135 KB 27ms
21ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8d56b09166fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame DF21 522 KB
135 KB 35ms
32ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbbeba45fe82e4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 947F 522 KB
135 KB 77ms
75ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df133eab01a6144%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 2120 522 KB
135 KB 71ms
71ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3a836cf35f6894%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 0E10 522 KB
135 KB 29ms
25ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df154ec589a1e54%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 9C3F 522 KB
135 KB 30ms
24ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df31fe254f1a7f4c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 62D4 522 KB
135 KB 31ms
22ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2af2cd18b64858%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 8E17 33 KB
10 KB 45ms
40ms Script
text/html 23.3.115.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-115-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 725009d861547b1ad980adb1aa845f2445a61d2a05e8aa3dbfee3403b1a3a590

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Mar 2023 23:28:55 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=27820
Connection: keep-alive
Content-Length: 9997
Expires: Thu, 16 Mar 2023 23:28:42 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 7284 522 KB
135 KB 22ms
21ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df32da7cff0d6fa4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame E204 28 B
50 B 46ms
45ms XHR
application/json 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/837bca82/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
X-Goog-Request-Time: 1678981503045
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
X-YouTube-Client-Version: 1.20230312.00.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtVQ3Rrb1VFUTRZQSj78sygBg%3D%3D
X-YouTube-Ad-Signals: dt=1678981500061&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C222%2C314&vis=1&wgl=true&ca_type=image&bid=ANyPxKq2etqJvZrUT6R4nz6FQQrOIEOrN-bkwKco_pmfRnsg84ndSFkm4wi5IyEOux1VMfIP39hSuOrOlh9b9Yg-dH6p8KWwhA

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

GET
H2 200 img_1369_mov.adaptive_4.m3u8 Show response
videos.files.wordpress.com/XO6mYVEb/ Frame 0A04 2 KB
2 KB 217ms
216ms XHR
application/x-mpegurl 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/XO6mYVEb/img_1369_mov.adaptive_4.m3u8

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6348a488689f9ba812aebafed7f1c9b9a9347b057c4aad3075dc05b6d6b9ea93

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:10:31 GMT
server: nginx
vary: Origin
content-type: application/x-mpegURL
access-control-allow-origin: *
accept-ranges: bytes
content-length: 2220
expires: Fri, 07 Apr 2023 18:32:34 GMT

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame E204 90 B
134 B 31ms
30ms XHR
application/json+protobuf 2607:f8b0:4006:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0328ddfa9da0bdee54740bf571c4db6ef8d6ec908351a313f99599972ef3185b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 29ms
28ms Preflight
text/html 2607:f8b0:4006:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 16 Mar 2023 15:45:03 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 img_1371_mov_hd_1080p.original.jpg
videos.files.wordpress.com/xBxg03xe/ Frame E039 108 KB
109 KB 299ms
297ms Image
image/jpeg 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://videos.files.wordpress.com/xBxg03xe/img_1371_mov_hd_1080p.original.jpg

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6efb84b87f5aa5b2fbae4ca22ce3458652c84df358f431ad6afe97f251c4747a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: HIT yyz 3
date: Thu, 16 Mar 2023 15:45:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:14:06 GMT
server: nginx
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
content-length: 111006
expires: Sat, 15 Apr 2023 05:38:44 GMT

GET
DATA 200
OK truncated
/ Frame E039 450 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5cdaccdb5ae058fbc4f9051562b0a5142372082152eeded79045550c079c32f

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E039 772 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b38e8d0671497a9d9bd6fba89ffe2260743f8d331644fee79659d45fe42fb764

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 img_1371_mov_hd_1080p.original.jpg
videos.files.wordpress.com/xBxg03xe/ Frame E039 108 KB
109 KB 212ms
210ms Image
image/jpeg 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://videos.files.wordpress.com/xBxg03xe/img_1371_mov_hd_1080p.original.jpg

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6efb84b87f5aa5b2fbae4ca22ce3458652c84df358f431ad6afe97f251c4747a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://videopress.com/
Origin: https://videopress.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:14:06 GMT
server: nginx
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
content-length: 111006
expires: Sat, 15 Apr 2023 05:38:44 GMT

GET
H2 200 img_1371_mov.thumbgrid_0.jpg
videos.files.wordpress.com/xBxg03xe/ Frame E039 32 KB
33 KB 320ms
319ms Image
image/webp 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://videos.files.wordpress.com/xBxg03xe/img_1371_mov.thumbgrid_0.jpg?h=1440

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

89530c720f670e5e215b13e96e84db774002f83e659da7b48909aa81de084e56

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Thu, 16 Mar 2023 15:45:03 GMT
a8c-edge-cache: cache
x-nc: MISS yyz 3
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:11:56 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: *
host-header: WordPress.com
accept-ranges: bytes
content-length: 33162
expires: Thu, 06 Apr 2023 23:54:47 GMT

GET
H2

200

user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame A3E1
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1678981501831.2&ri=25&ru=https%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fuser_sync.html%3F%26p%3D156423%26us_privacy%3D%24%7BUS_PRIVACY%7D%26predire...
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D

16 KB
6 KB

29ms
20ms

Document
text/html

23.52.161.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.161.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-161-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=107150
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Thu, 16 Mar 2023 15:45:03 GMT
expires: Fri, 17 Mar 2023 21:30:53 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
date: Thu, 16 Mar 2023 15:45:02 GMT
expires: Thu, 01-Jan-70 00:00:01 GMT
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma: no-cache
referrer-policy: unsafe-url
server: 33XP001
x-33x-status: 40000000008200000A

GET
H3

200

cm Show response
us-u.openx.net/w/1.0/ Frame E2E4
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1678981501831.6&ri=70&ru=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Dc6a5ba0d-ce02-41bd-a1ea-842c68bd5108%26ph%3D8f5ed5d4-642c-4222-968a-d709c...
https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D...

974 B
594 B

22ms
17ms

Document
text/html

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: f20787bfc7f1fa72a25b34791bb22ad02d6d6b225d757989712d37395c4cccf2

Request headers

Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 575
content-type: text/html
date: Thu, 16 Mar 2023 15:45:03 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
date: Thu, 16 Mar 2023 15:45:03 GMT
expires: Thu, 01-Jan-70 00:00:01 GMT
location: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma: no-cache
referrer-policy: unsafe-url
server: 33XP013
x-33x-status: 40000000008200000A

GET
H2

204

services
sync.technoratimedia.com/ Frame C564
Redirect Chain

https://ssc-cms.33across.com/ps/?_=1678981501831.&ri=0014000001aXjnGAAS&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D...
https://sync.technoratimedia.com/services?srv=cs&pid=61&uid=212097253572021

0
752 B

25ms
25ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=61&uid=212097253572021
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 1035771150
access-control-allow-origin: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
access-control-allow-credentials: true

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
referrer-policy: unsafe-url
server: 33XP016
x-33x-status: 100000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://sync.technoratimedia.com/services?srv=cs&pid=61&uid=212097253572021
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
cms-xch-chicago.33across.com/ Frame C564
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=f0v35ew&ttd_tpi=1&us_privacy=
https://ssc-cms.33across.com/ps/?ri=102&ru=https%3A%2F%2Fcms-xch-chicago.33across.com%2Fmatch%3Fbidder_id%3D102%26ttl%3D1681573503%26external_user_id%3D3d9ac594-fe09-4c7e-87b5-bf29cab7004f
https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1681573503&external_user_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f

68 B
225 B

384ms
35ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1681573503&external_user_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:04 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:03 GMT
referrer-policy: unsafe-url
server: 33XP003
x-33x-status: 40000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://cms-xch-chicago.33across.com/match?bidder_id=102&ttl=1681573503&external_user_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3

200

match
events-ssc.33across.com/ Frame C564
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1678981501831.4&ri=2&ru=https%3A%2F%2Fssum-sec.casalemedia.com%2Fusermatchredir%3Fs%3D191740%26us_privacy%3D%24%7BUS_PRIVACY%7D%26cb%3Dhttps%253A%252...
https://ssum-sec.casalemedia.com/usermatchredir?s=191740&us_privacy=&cb=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D2%26external_user_id%3D
https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=2&external_user_id=ZBM5ew3lKTK1bGaeTrJAtAAA%263575

68 B
82 B

41ms
36ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=2&external_user_id=ZBM5ew3lKTK1bGaeTrJAtAAA%263575
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:04 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=2&external_user_id=ZBM5ew3lKTK1bGaeTrJAtAAA%263575
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3

200

match
events-ssc.33across.com/ Frame C564
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=104&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D%7BuserId%7D
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&partner_url=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26...
https://ssc-cms.33across.com/ps/?us_privacy=&xi=45&xu=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341
https://events-ssc.33across.com/match?bidder_id=45&external_user_id=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&ts=1678981504&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

42ms
36ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=45&external_user_id=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&ts=1678981504&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:05 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:04 GMT
referrer-policy: unsafe-url
server: 33XP006
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=45&external_user_id=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&ts=1678981504&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3

200

match
events-ssc.33across.com/ Frame C564
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=33across&us_privacy=
https://ssc-cms.33across.com/ps/?xi=120&xu=TcSDncZYV45wrB3TZQ5UTZU4mbQ
https://events-ssc.33across.com/match?bidder_id=120&external_user_id=TcSDncZYV45wrB3TZQ5UTZU4mbQ&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

38ms
34ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=120&external_user_id=TcSDncZYV45wrB3TZQ5UTZU4mbQ&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:04 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:02 GMT
referrer-policy: unsafe-url
server: 33XP002
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=120&external_user_id=TcSDncZYV45wrB3TZQ5UTZU4mbQ&ts=1678981503&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H/1.1 206
Partial Content /
v19-web-newkey.tiktokcdn.com/ea426929f321999d09802ed10591d101/64138df7/video/tos/useast2a/tos-useast2a-ve-0068c001/2e85a2dae89b4c07b4e9bab66231846c/ Frame 8501 5 MB
0 250ms
176ms Media
video/mp4 146.75.34.113
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://v19-web-newkey.tiktokcdn.com/ea426929f321999d09802ed10591d101/64138df7/video/tos/useast2a/tos-useast2a-ve-0068c001/2e85a2dae89b4c07b4e9bab66231846c/?a=1988&ch=0&cr=0&dr=0&lr=tiktok_m&cd=0%7C0%7C1%7C0&cv=1&br=4690&bt=2345&cs=0&ds=3&ft=ApKJEBBPq8ZmoXvt~c_vjqex8AhLrus&mime_type=video_mp4&qs=0&rc=ZjxnMzczO2UzO2dlPDtpNEBpM21oMzU6ZjhyZTMzNzczM0BiLTNiMi1fNi0xNjQ0NC5hYSNtMTJucjRfLWdgLS1kMTZzcw%3D%3D&l=20230316154458FB1EEAF313759F2B542A&btag=80000
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.34.113 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

Expires: Tue, 12 Sep 2023 15:45:03 GMT
Date: Thu, 16 Mar 2023 15:45:03 GMT
Via: 1.1 varnish
x-tt-trace-tag: id=19;cdn-cache=hit;type=static
Age: 0
X-Cache: HIT
Content-Range: bytes 0-8533356/8533357
Connection: keep-alive
server-timing: inner; dur=134, cdn-cache;desc=hit, edge;dur=151
Content-Length: 8533357
X-Served-By: cache-iad-kjyo7100127-IAD
X-Storagegw-Request-Id: 202303161545030101920520171BCA1A5E
Last-Modified: Mon, 01 Aug 2022 07:45:22 GMT
X-Timer: S1678981503.470465,VS0,VE151
Etag: "CIKs+vSSpfkCEAE="
content-type: video/mp4
Access-Control-Allow-Origin: *
X-Storagegw-Response-Time: Thu, 16 Mar 2023 15:45:03 GMT
Cache-Control: max-age=15552000
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d99b6fd2a83423ae4c7b4dbee95adc71c55f40c938a643550afda757badcbe9ae383a932993b7a1210daa1f9a69a1ace08d110eb46cb29c3820abfc1a43059885e37fb023ff707eedf0a7c2f3d68b94d03038bdcb7eef4fb86cb6d8cc3cdb32dad
Accept-Ranges: bytes
x-response-cache: edge_hit
BD-Request-Id: cd9c38811896bb77d3c02c29660afeda
X-Cache-Hits: 0

GET
H/1.1 206
Partial Content /
v19-web-newkey.tiktokcdn.com/ea426929f321999d09802ed10591d101/64138df7/video/tos/useast2a/tos-useast2a-ve-0068c001/2e85a2dae89b4c07b4e9bab66231846c/ Frame 8501 1 MB
0 250ms
177ms Media
video/mp4 146.75.34.113
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://v19-web-newkey.tiktokcdn.com/ea426929f321999d09802ed10591d101/64138df7/video/tos/useast2a/tos-useast2a-ve-0068c001/2e85a2dae89b4c07b4e9bab66231846c/?a=1988&ch=0&cr=0&dr=0&lr=tiktok_m&cd=0%7C0%7C1%7C0&cv=1&br=4690&bt=2345&cs=0&ds=3&ft=ApKJEBBPq8ZmoXvt~c_vjqex8AhLrus&mime_type=video_mp4&qs=0&rc=ZjxnMzczO2UzO2dlPDtpNEBpM21oMzU6ZjhyZTMzNzczM0BiLTNiMi1fNi0xNjQ0NC5hYSNtMTJucjRfLWdgLS1kMTZzcw%3D%3D&l=20230316154458FB1EEAF313759F2B542A&btag=80000
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.34.113 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

Expires: Tue, 12 Sep 2023 15:45:03 GMT
Date: Thu, 16 Mar 2023 15:45:03 GMT
Via: 1.1 varnish
x-tt-trace-tag: id=19;cdn-cache=miss;type=static
Age: 0
X-Cache: MISS
Content-Range: bytes 0-8533356/8533357
Connection: keep-alive
server-timing: inner; dur=134, cdn-cache;desc=miss, edge;dur=13, origin;dur=137
Content-Length: 8533357
X-Served-By: cache-iad-kjyo7100021-IAD
X-Storagegw-Request-Id: 202303161545030101920520171BCA1A5E
Last-Modified: Mon, 01 Aug 2022 07:45:22 GMT
X-Timer: S1678981503.471287,VS0,VE150
Etag: "CIKs+vSSpfkCEAE="
content-type: video/mp4
Access-Control-Allow-Origin: *
X-Storagegw-Response-Time: Thu, 16 Mar 2023 15:45:03 GMT
Cache-Control: max-age=15552000
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d99b6fd2a83423ae4c7b4dbee95adc71c55f40c938a643550afda757badcbe9ae383a932993b7a1210daa1f9a69a1ace08d110eb46cb29c3820abfc1a43059885e37fb023ff707eedf0a7c2f3d68b94d03038bdcb7eef4fb86cb6d8cc3cdb32dad
Accept-Ranges: bytes
x-response-cache: miss
BD-Request-Id: cd9c38811896bb77d3c02c29660afeda
X-Cache-Hits: 0

GET
H/1.1 206
Partial Content /
v19-web-newkey.tiktokcdn.com/9651c8e1389bddcdfc24474118736df4/64138df8/video/tos/useast2a/tos-useast2a-pve-0068/120b5db036604b2a976a5187c19d0fd6/ Frame 846A 5 MB
0 195ms
145ms Media
video/mp4 146.75.34.113
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://v19-web-newkey.tiktokcdn.com/9651c8e1389bddcdfc24474118736df4/64138df8/video/tos/useast2a/tos-useast2a-pve-0068/120b5db036604b2a976a5187c19d0fd6/?a=1988&ch=0&cr=0&dr=0&lr=tiktok_m&cd=0%7C0%7C1%7C0&cv=1&br=3960&bt=1980&cs=0&ds=3&ft=ApKJEBBPq8ZmoXvt~c_vjnIe8AhLrus&mime_type=video_mp4&qs=0&rc=ODVnOTc4NGg2ZTo1aTdmPEBpM208ZTw6ZjZ5ZTMzNzczM0A2YTIuLTU2Xi8xNjE0MS1gYSMxaGlscjRncWdgLS1kMTZzcw%3D%3D&l=20230316154458CBAFD33129FE7329FDBE&btag=80000
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.34.113 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

Expires: Tue, 12 Sep 2023 15:45:03 GMT
Date: Thu, 16 Mar 2023 15:45:03 GMT
Via: 1.1 varnish
x-tt-trace-tag: id=19;cdn-cache=miss;type=static
Age: 0
X-Cache: MISS
Content-Range: bytes 0-7475903/7475904
Connection: keep-alive
server-timing: inner; dur=108, cdn-cache;desc=miss, edge;dur=13, origin;dur=107
Content-Length: 7475904
X-Served-By: cache-iad-kjyo7100060-IAD
X-Storagegw-Request-Id: 2023031615450301019103014729DCEEBA
Last-Modified: Mon, 01 Aug 2022 16:36:52 GMT
X-Timer: S1678981503.471448,VS0,VE120
Etag: "CMDc0NuJpvkCEAE="
content-type: video/mp4
Access-Control-Allow-Origin: *
X-Storagegw-Response-Time: Thu, 16 Mar 2023 15:45:03 GMT
Cache-Control: max-age=15552000
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9352cb66b9273d2885117a9915c2e9b54a7479718b43b00c1bba8ad93dc8979401771109cb49b36d9eeba5cf2f3c848677bc66c6340ba314a7570d53fd8b7f0ede71e1e01605cc34e564ffd528a590f76e3b8d470d4dfdf7ead6195fb49afc12c
Accept-Ranges: bytes
x-response-cache: miss
BD-Request-Id: b8f995fb2e45362712bc2813bcd0d42c
X-Cache-Hits: 0

GET
H/1.1 206
Partial Content /
v19-web-newkey.tiktokcdn.com/9651c8e1389bddcdfc24474118736df4/64138df8/video/tos/useast2a/tos-useast2a-pve-0068/120b5db036604b2a976a5187c19d0fd6/ Frame 846A 1 MB
0 197ms
146ms Media
video/mp4 146.75.34.113
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://v19-web-newkey.tiktokcdn.com/9651c8e1389bddcdfc24474118736df4/64138df8/video/tos/useast2a/tos-useast2a-pve-0068/120b5db036604b2a976a5187c19d0fd6/?a=1988&ch=0&cr=0&dr=0&lr=tiktok_m&cd=0%7C0%7C1%7C0&cv=1&br=3960&bt=1980&cs=0&ds=3&ft=ApKJEBBPq8ZmoXvt~c_vjnIe8AhLrus&mime_type=video_mp4&qs=0&rc=ODVnOTc4NGg2ZTo1aTdmPEBpM208ZTw6ZjZ5ZTMzNzczM0A2YTIuLTU2Xi8xNjE0MS1gYSMxaGlscjRncWdgLS1kMTZzcw%3D%3D&l=20230316154458CBAFD33129FE7329FDBE&btag=80000
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.34.113 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

Expires: Tue, 12 Sep 2023 15:45:03 GMT
Date: Thu, 16 Mar 2023 15:45:03 GMT
Via: 1.1 varnish
x-tt-trace-tag: id=19;cdn-cache=hit;type=static
Age: 0
X-Cache: HIT
Content-Range: bytes 0-7475903/7475904
Connection: keep-alive
server-timing: inner; dur=108, cdn-cache;desc=hit, edge;dur=120
Content-Length: 7475904
X-Served-By: cache-iad-kjyo7100066-IAD
X-Storagegw-Request-Id: 2023031615450301019103014729DCEEBA
Last-Modified: Mon, 01 Aug 2022 16:36:52 GMT
X-Timer: S1678981503.471298,VS0,VE120
Etag: "CMDc0NuJpvkCEAE="
content-type: video/mp4
Access-Control-Allow-Origin: *
X-Storagegw-Response-Time: Thu, 16 Mar 2023 15:45:03 GMT
Cache-Control: max-age=15552000
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9352cb66b9273d2885117a9915c2e9b54a7479718b43b00c1bba8ad93dc8979401771109cb49b36d9eeba5cf2f3c848677bc66c6340ba314a7570d53fd8b7f0ede71e1e01605cc34e564ffd528a590f76e3b8d470d4dfdf7ead6195fb49afc12c
Accept-Ranges: bytes
x-response-cache: edge_hit
BD-Request-Id: b8f995fb2e45362712bc2813bcd0d42c
X-Cache-Hits: 0

GET
H/1.1 206
Partial Content /
v19-web-newkey.tiktokcdn.com/e7045954e15faea7c8b7793570fab537/64138deb/video/tos/useast2a/tos-useast2a-pve-0068/dc42564ab203481896f3b336499b88e8/ Frame E922 3 MB
0 198ms
148ms Media
video/mp4 146.75.34.113
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://v19-web-newkey.tiktokcdn.com/e7045954e15faea7c8b7793570fab537/64138deb/video/tos/useast2a/tos-useast2a-pve-0068/dc42564ab203481896f3b336499b88e8/?a=1988&ch=0&cr=0&dr=0&lr=tiktok_m&cd=0%7C0%7C1%7C0&cv=1&br=3174&bt=1587&cs=0&ds=3&ft=ApKJEBBPq8ZmoXvt~c_vj.AeKAhLrus&mime_type=video_mp4&qs=0&rc=Nmg7Ozo1OWU3ZzlnPGY5Z0BpM2dzaDY6ZnFtZTMzNzczM0AyYzU0M15fNjUxNjUxXy4yYSMwZGdzcjRvX2ZgLS1kMTZzcw%3D%3D&l=202303161544581928B62D12E53C2BF7F2&btag=80000
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.34.113 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

Expires: Tue, 12 Sep 2023 15:45:03 GMT
Date: Thu, 16 Mar 2023 15:45:03 GMT
Via: 1.1 varnish
x-tt-trace-tag: id=19;cdn-cache=miss;type=static
Age: 0
X-Cache: MISS
Content-Range: bytes 0-3296757/3296758
Connection: keep-alive
server-timing: inner; dur=108, cdn-cache;desc=miss, edge;dur=14, origin;dur=110
Content-Length: 3296758
X-Served-By: cache-iad-kjyo7100124-IAD
X-Storagegw-Request-Id: 2023031615450301018904909550E1F83A
Last-Modified: Sat, 30 Jul 2022 13:50:35 GMT
X-Timer: S1678981503.479731,VS0,VE124
Etag: "CLGdxujgoPkCEAE="
content-type: video/mp4
Access-Control-Allow-Origin: *
X-Storagegw-Response-Time: Thu, 16 Mar 2023 15:45:03 GMT
Cache-Control: max-age=15552000
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9c7fd048b5035c4f337ae1b2c46b3530c3e589e9332175f531fa3034d3523dc178ef0563269a6b6498dce10cba73f9c3eb333a8d9da01cfa164f09d38ed94958b036dd021d69fa5cc1f5f99aa5e583b510a7612aa8aa1b04a3dc9350fd1a24b12
Accept-Ranges: bytes
x-response-cache: miss
BD-Request-Id: 87f264839328c56636dcd64468252bab
X-Cache-Hits: 0

GET
H/1.1 206
Partial Content /
v19-web-newkey.tiktokcdn.com/e7045954e15faea7c8b7793570fab537/64138deb/video/tos/useast2a/tos-useast2a-pve-0068/dc42564ab203481896f3b336499b88e8/ Frame E922 1 MB
0 199ms
149ms Media
video/mp4 146.75.34.113
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://v19-web-newkey.tiktokcdn.com/e7045954e15faea7c8b7793570fab537/64138deb/video/tos/useast2a/tos-useast2a-pve-0068/dc42564ab203481896f3b336499b88e8/?a=1988&ch=0&cr=0&dr=0&lr=tiktok_m&cd=0%7C0%7C1%7C0&cv=1&br=3174&bt=1587&cs=0&ds=3&ft=ApKJEBBPq8ZmoXvt~c_vj.AeKAhLrus&mime_type=video_mp4&qs=0&rc=Nmg7Ozo1OWU3ZzlnPGY5Z0BpM2dzaDY6ZnFtZTMzNzczM0AyYzU0M15fNjUxNjUxXy4yYSMwZGdzcjRvX2ZgLS1kMTZzcw%3D%3D&l=202303161544581928B62D12E53C2BF7F2&btag=80000
Requested by: Host: www.tiktok.com
URL: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.34.113 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

Expires: Tue, 12 Sep 2023 15:45:03 GMT
Date: Thu, 16 Mar 2023 15:45:03 GMT
Via: 1.1 varnish
x-tt-trace-tag: id=19;cdn-cache=hit;type=static
Age: 0
X-Cache: HIT
Content-Range: bytes 0-3296757/3296758
Connection: keep-alive
server-timing: inner; dur=108, cdn-cache;desc=hit, edge;dur=119
Content-Length: 3296758
X-Served-By: cache-iad-kjyo7100031-IAD
X-Storagegw-Request-Id: 2023031615450301018904909550E1F83A
Last-Modified: Sat, 30 Jul 2022 13:50:35 GMT
X-Timer: S1678981503.484755,VS0,VE119
Etag: "CLGdxujgoPkCEAE="
content-type: video/mp4
Access-Control-Allow-Origin: *
X-Storagegw-Response-Time: Thu, 16 Mar 2023 15:45:03 GMT
Cache-Control: max-age=15552000
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9c7fd048b5035c4f337ae1b2c46b3530c3e589e9332175f531fa3034d3523dc178ef0563269a6b6498dce10cba73f9c3eb333a8d9da01cfa164f09d38ed94958b036dd021d69fa5cc1f5f99aa5e583b510a7612aa8aa1b04a3dc9350fd1a24b12
Accept-Ranges: bytes
x-response-cache: edge_hit
BD-Request-Id: 87f264839328c56636dcd64468252bab
X-Cache-Hits: 0

GET
BLOB 200
OK 871336f0-3b57-47b7-94ba-092a07ea35e0
https://videopress.com/ Frame 0A04 6 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://videopress.com/871336f0-3b57-47b7-94ba-092a07ea35e0
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d9586dc23491b8f02252d2ee8f0b8dc080ebf4a1f24d052a6f2d0794bb2c1b46

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Length: 5872
Content-Type: application/javascript

GET
BLOB 200
OK ebfe7fa8-35af-47bc-a15c-5ad8bd55329d
https://videopress.com/ Frame 0A04 78 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://videopress.com/ebfe7fa8-35af-47bc-a15c-5ad8bd55329d
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7483b63b9a8f2c8c5ac42c149c723c29c58c5e50ff7f39eececd2d23f6c664f3

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Length: 80326
Content-Type: application/javascript

GET
BLOB 200
OK 12d789cc-9ba7-4b88-9810-490aefd65571
https://videopress.com/ Frame 0A04 78 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://videopress.com/12d789cc-9ba7-4b88-9810-490aefd65571
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7483b63b9a8f2c8c5ac42c149c723c29c58c5e50ff7f39eececd2d23f6c664f3

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Length: 80326
Content-Type: application/javascript

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 936E 2 KB
3 KB 20ms
20ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=32395601&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 0798b5cd2edc4e8646e9f707d54be00af3322cc069a36bd7fd85f4f1a7c45eb7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 15:45:02 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame B8FC 2 KB
2 KB 21ms
20ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=259083&p=156204&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 0798b5cd2edc4e8646e9f707d54be00af3322cc069a36bd7fd85f4f1a7c45eb7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 15:45:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 img_1371_mov.adaptive_4.m3u8 Show response
videos.files.wordpress.com/xBxg03xe/ Frame E039 2 KB
2 KB 88ms
87ms XHR
application/x-mpegurl 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/xBxg03xe/img_1371_mov.adaptive_4.m3u8

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2503a70f3f3392baf783ae9c7ba12599b8587163724f2309616faba1e23ec585

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:14:05 GMT
server: nginx
vary: Origin
content-type: application/x-mpegURL
access-control-allow-origin: *
accept-ranges: bytes
content-length: 2216
expires: Mon, 24 Apr 2023 17:46:56 GMT

GET
H2

204

services
uat-net.technoratimedia.com/ Frame 6B82
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=synacor_xapi&khaos=LFBA8GCO-24-1S47
https://uat-net.technoratimedia.com/services?srv=cs&pid=44&uid=LFBA8GCO-24-1S47

0
662 B

28ms
24ms

Image
text/plain

2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uat-net.technoratimedia.com/services?srv=cs&pid=44&uid=LFBA8GCO-24-1S47
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=synacor_xapi&endpoint=us-east
Protocol: H2
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:04 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 844258108
access-control-allow-origin: https://eus.rubiconproject.com/
access-control-allow-credentials: true

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://uat-net.technoratimedia.com/services?srv=cs&pid=44&uid=LFBA8GCO-24-1S47
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 03d4828e33e22cf7b4098c5a68746480
Expires: 0

GET
H2 200 img_1369_mov_dvd.playlist.m3u8 Show response
videos.files.wordpress.com/XO6mYVEb/ Frame 0A04 482 B
562 B 92ms
92ms XHR
application/x-mpegurl 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/XO6mYVEb/img_1369_mov_dvd.playlist.m3u8

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

adb109500959e94d22eec1e26da77730b763a7b0d993559d4fe27074757c06a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:09:27 GMT
server: nginx
vary: Origin
content-type: application/x-mpegURL
access-control-allow-origin: *
accept-ranges: bytes
content-length: 482
expires: Tue, 18 Apr 2023 21:37:15 GMT

GET
H3 200 match
events-ssc.33across.com/ Frame E2E4 68 B
82 B 31ms
31ms Image
image/png 34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=70&external_user_id=e7aedc1f-2d8f-4be7-bb6a-5c29df147a6e
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:03 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame E2E4
Redirect Chain

https://i.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://us-u.openx.net/w/1.0/sd?id=537072979&val=p7n9V5AJ1PCPMM5

43 B
61 B

82ms
16ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072979&val=p7n9V5AJ1PCPMM5
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:03 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-770-gc22eae1#rel-ec2-master i-0231cb64a9a2a4c51@us-east-1b@dxedge-app-us-east-1-prod-asg
Location: https://us-u.openx.net/w/1.0/sd?id=537072979&val=p7n9V5AJ1PCPMM5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame E2E4
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8357322694280695671

43 B
172 B

32ms
16ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8357322694280695671
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:05 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8357322694280695671
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame E2E4
Redirect Chain

https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=WK0zbF2gOm9DrzFoWa4vZ12rYW5DrTVqW_0u7IZG

43 B
61 B

28ms
17ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=WK0zbF2gOm9DrzFoWa4vZ12rYW5DrTVqW_0u7IZG
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:05 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:04 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=WK0zbF2gOm9DrzFoWa4vZ12rYW5DrTVqW_0u7IZG
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame E2E4
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dopenx
https://x.bidswitch.net/sync?dsp_id=59&user_id=ed5cac5a-1761-4a6e-89a2-2143c80f6b22&ssp=openx
https://us-u.openx.net/w/1.0/sd?id=537072968&val=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&us_privacy=

43 B
61 B

24ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&us_privacy=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:06 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: //us-u.openx.net/w/1.0/sd?id=537072968&val=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&us_privacy=
Date: Thu, 16 Mar 2023 15:45:06 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame E2E4
Redirect Chain

https://p.rfihub.com/cm?pub=25&in=1
https://us-u.openx.net/w/1.0/sd?id=537073062&val=1797288120114298742

43 B
61 B

47ms
19ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073062&val=1797288120114298742
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:05 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://us-u.openx.net/w/1.0/sd?id=537073062&val=1797288120114298742
Date: Thu, 16 Mar 2023 15:45:04 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame E2E4
Redirect Chain

https://um.simpli.fi/ox_match
https://us-u.openx.net/w/1.0/sd?id=537072966&val=AA77F830412244B9A960431CFB8DC128

43 B
61 B

48ms
22ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072966&val=AA77F830412244B9A960431CFB8DC128
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:05 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Thu, 16 Mar 2023 15:45:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://us-u.openx.net/w/1.0/sd?id=537072966&val=AA77F830412244B9A960431CFB8DC128
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 15 Mar 2023 15:45:04 GMT

GET
H/1.1

200
OK

sync
x.bidswitch.net/ Frame E2E4
Redirect Chain

https://i.liadm.com/s/57424?bidder_id=206088&bidder_uuid=91730cf5-c4de-4179-95db-afff5fd629de
https://i.liadm.com/s/57424?bidder_id=206088&bidder_uuid=91730cf5-c4de-4179-95db-afff5fd629de&_li_chk=true&previous_uuid=e50a6accab9c4036a28eb4d4abf4d276
https://i.liadm.com/s/64716?md5=&sha1=&sha2=&bidder_id=206088&bidder_uuid=91730cf5-c4de-4179-95db-afff5fd629de&previous_uuid=58f43b10b9de4606b71817d88db76763
https://d.turn.com/r/dd/id/L21rdC8xOTcxL2NpZC8xNzQ5ODczMjc1L3QvMg/url/https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=$!{TURN_UUID}
https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=7826914019700556296
https://mid.rkdms.com/bct?pid=bcccb40a-06d2-44fe-bdd2-a91ef4a5bfd0&&puid=e50a6acc-ab9c-4036-a28e-b4d4abf4d276&liid=&_ct=im
https://i.liadm.com/s/19948?bidder_id=178256&bidder_uuid=99735d0ae76c66c5b1089dab49097d14
https://x.bidswitch.net/sync?dsp_id=42&user_id=

43 B
235 B

37ms
37ms

Image
image/gif

35.211.178.172
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=42&user_id=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: HTTP/1.1
Server: 35.211.178.172 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 172.178.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/sync?dsp_id=42&user_id=
Date: Thu, 16 Mar 2023 15:45:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 3

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame E2E4 43 B
656 B 245ms
22ms Image
image/gif 52.85.61.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212314908&puid=8d47300f-bcc8-4099-bd1f-df7355867a17
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-93.ewr53.r.cloudfront.net
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:04 GMT
via: 1.1 6e01480ef7aa01c23bf600698a613304.cloudfront.net (CloudFront)
server: AAWebServer
x-amz-cf-pop: EWR53-P1
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-cache: Miss from cloudfront
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
x-amz-cf-id: H9aVyrN2UAA12OiB4h5TONfpvQ-NOw7d69BPbAS_-Ba-L3z_6ktkbg==
expires: 0

GET
H2 200 37274
stags.bluekai.com/site/ Frame E2E4 62 B
540 B 140ms
127ms Image
image/gif 23.205.77.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/37274?limit=1&id=b6d188d7-c673-4689-adaa-ccdd4e108882
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.77.247 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-77-247.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:04 GMT
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
cache-control: max-age=0, no-cache, no-store
content-length: 62
bk-server: 8f87
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 200 709996.gif
id.rlcdn.com/ Frame E2E4 42 B
60 B 58ms
49ms Image
image/gif 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709996.gif
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:04 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
DATA 200
OK truncated
/ Frame 8501 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 846A 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 8E17
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=LFBA8GCO-24-1S47
https://usersync.gumgum.com/usersync?b=mag&i=LFBA8GCO-24-1S47

35 B
250 B

59ms
59ms

Image
image/gif

3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=mag&i=LFBA8GCO-24-1S47
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:04 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://usersync.gumgum.com/usersync?b=mag&i=LFBA8GCO-24-1S47
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 2fcb300b847bad3e7dd1184ec8a1c2f5
Expires: 0

GET
DATA 200
OK truncated
/ Frame E922 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif

OPTIONS
H/1.1 200
OK webid
mcs-va.tiktok.com/v1/user/ Frame 0
0 127ms
34ms Preflight 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/user/webid
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Max-Age: 1800
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:04 GMT
Expires: Thu, 16 Mar 2023 15:45:04 GMT
Pragma: no-cache
Server: nginx
Server-Timing: inner; dur=2 cdn-cache; desc=MISS, edge; dur=1, origin; dur=14
X-Akamai-Request-ID: 99f5ee9
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 15,23.40.16.22
X-Tt-Logid: 202303161545033592E767C17F2D79FC92
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402e7c014e4b83affc172baaf510fe59e8f6267b702d6a257316408cde63dba7e67afed0d213e2fc523b4e316fa4bc151e4f29ec7519697a028d1ceeece72ef7e77
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H/1.1 200
OK webid Show response
mcs-va.tiktok.com/v1/user/ Frame 846A 58 B
1 KB 72ms
69ms XHR
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/user/webid
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: c8aee342812ce7c5e0f7f3f96501065bb598f8556583ccfc2f8a549448c5b92a

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 99f5f01
Date: Thu, 16 Mar 2023 15:45:04 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Server-Timing: inner; dur=9, cdn-cache; desc=MISS, edge; dur=2, origin; dur=32
Connection: keep-alive
Content-Length: 58
Pragma: no-cache
Server: nginx
X-Tt-Logid: 20230316154503C4B42AC318F8F3CE01F8
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 33,23.40.16.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f40276fa0cae1703568eaf7d26498ac1b20324cb3bdd3d42a2d94e0f861d02c68f4ce2bba4d70f49160f9705d3b92fda61baa151f4e6eee666ee8e6c4510068d91c7
Expires: Thu, 16 Mar 2023 15:45:04 GMT

OPTIONS
H/1.1 200
OK webid
mcs-va.tiktok.com/v1/user/ Frame 0
0 81ms
37ms Preflight 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/user/webid
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Max-Age: 1800
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:04 GMT
Expires: Thu, 16 Mar 2023 15:45:04 GMT
Pragma: no-cache
Server: nginx
Server-Timing: inner; dur=2 cdn-cache; desc=MISS, edge; dur=1, origin; dur=16
X-Akamai-Request-ID: 99f5eea
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 17,23.40.16.22
X-Tt-Logid: 20230316154503C4B42AC318F8F3CE01ED
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f40276fa0cae1703568eaf7d26498ac1b20324cb3bdd3d42a2d94e0f861d02c68f4cfc69d5546949f1ef62efcb58fdcbe873ae9eb1eefaf7419609021095d0fc9b10
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H/1.1 200
OK webid Show response
mcs-va.tiktok.com/v1/user/ Frame E922 58 B
1 KB 45ms
42ms XHR
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/user/webid
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: ee1c3df88658889dd16eb51f1be75e083f5bfcf340c74622f52cd257393174b2

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 99f5f2c
Date: Thu, 16 Mar 2023 15:45:04 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Server-Timing: inner; dur=10, cdn-cache; desc=MISS, edge; dur=0, origin; dur=20
Connection: keep-alive
Content-Length: 58
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545033592E767C17F2D79FC98
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 20,23.40.16.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402e7c014e4b83affc172baaf510fe59e8f6267b702d6a257316408cde63dba7e674a50397e4a1d2562799661abeec78672319e7b5ccb4bc6d34f19056a335a6701
Expires: Thu, 16 Mar 2023 15:45:04 GMT

POST
H/1.1 200
OK webid Show response
mcs-va.tiktok.com/v1/user/ Frame 8501 58 B
1 KB 53ms
52ms XHR
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/user/webid
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b625dfad220f1313e782af595c9c08d584a8b34c2f473732f3ed76228d579574

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 99f5f3b
Date: Thu, 16 Mar 2023 15:45:04 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Server-Timing: inner; dur=8, cdn-cache; desc=MISS, edge; dur=4, origin; dur=27
Connection: keep-alive
Content-Length: 58
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545030CEB64C18EE3FABF00A0
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 27,23.40.16.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f40276fa0cae1703568eaf7d26498ac1b20351f4510af49b975da63d667e23e0b135aa1137e958f83ccddf0a0db932c88d702a5cdd6c9222b1dfa0c94fa3e9989b8c
Expires: Thu, 16 Mar 2023 15:45:04 GMT

OPTIONS
H/1.1 200
OK webid
mcs-va.tiktok.com/v1/user/ Frame 0
0 66ms
32ms Preflight 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/user/webid
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Max-Age: 1800
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:04 GMT
Expires: Thu, 16 Mar 2023 15:45:04 GMT
Pragma: no-cache
Server: nginx
Server-Timing: inner; dur=3 cdn-cache; desc=MISS, edge; dur=2, origin; dur=11
X-Akamai-Request-ID: 99f5efd
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 12,23.40.16.22
X-Tt-Logid: 20230316154503C4B42AC318F8F3CE01F4
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f40276fa0cae1703568eaf7d26498ac1b20324cb3bdd3d42a2d94e0f861d02c68f4c28565c16077ffce552cb452fe1ab42336bf38d3a0fa88b5cbfbb97d52270295f
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
BLOB 200
OK d8fcf1af-c927-40b3-80f4-bdf4ce332092
https://videopress.com/ Frame E039 6 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://videopress.com/d8fcf1af-c927-40b3-80f4-bdf4ce332092
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d9586dc23491b8f02252d2ee8f0b8dc080ebf4a1f24d052a6f2d0794bb2c1b46

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Length: 5872
Content-Type: application/javascript

GET
BLOB 200
OK 0601a5e2-f138-4318-98ba-67354541dca7
https://videopress.com/ Frame E039 78 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://videopress.com/0601a5e2-f138-4318-98ba-67354541dca7
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7483b63b9a8f2c8c5ac42c149c723c29c58c5e50ff7f39eececd2d23f6c664f3

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Length: 80326
Content-Type: application/javascript

GET
BLOB 200
OK 24ee3078-1356-48ed-bbc0-144d5fe78e50
https://videopress.com/ Frame E039 78 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://videopress.com/24ee3078-1356-48ed-bbc0-144d5fe78e50
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7483b63b9a8f2c8c5ac42c149c723c29c58c5e50ff7f39eececd2d23f6c664f3

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Length: 80326
Content-Type: application/javascript

GET
H2 200 img_1371_mov_dvd.playlist.m3u8 Show response
videos.files.wordpress.com/xBxg03xe/ Frame E039 537 B
617 B 190ms
178ms XHR
application/x-mpegurl 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/xBxg03xe/img_1371_mov_dvd.playlist.m3u8

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c1dde03ff77bdd49b0c9be61c1c719dab315d38a900f3341824249b2bac6907f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:13:02 GMT
server: nginx
vary: Origin
content-type: application/x-mpegURL
access-control-allow-origin: *
accept-ranges: bytes
content-length: 537
expires: Mon, 24 Apr 2023 18:25:15 GMT

GET
H2 200 img_1369_mov_dvd.audio.m3u8 Show response
videos.files.wordpress.com/XO6mYVEb/ Frame 0A04 526 B
606 B 112ms
112ms XHR
application/x-mpegurl 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/XO6mYVEb/img_1369_mov_dvd.audio.m3u8

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9ec71e36acf5205e5dfaf0358b1e08bc9d240d1e4878d940b5fd1d0b1a39ee7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:09:27 GMT
server: nginx
vary: Origin
content-type: application/x-mpegURL
access-control-allow-origin: *
accept-ranges: bytes
content-length: 526
expires: Mon, 10 Apr 2023 12:49:26 GMT

GET
H2 200 core.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/ Frame 8501 50 KB
18 KB 20ms
19ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/core.js?globalName=__PNS_RUNTIME__
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/index.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 831d0297ef02248d890cec3436dd2085945d14cc82c37d761c93db656055241e

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f6faf
date: Thu, 16 Mar 2023 15:45:04 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: NLwKb3tjkhjoXl11xmStjw==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 17789
last-modified: Wed, 08 Mar 2023 04:15:10 GMT
opc-request-id: iad-1:r74A3Vb0d8n174JosDmtdLcrVE-Ax5xrLakZyk7_NSHYIuSYg_4OmZ5mUuRk_e4t
x-api-id: native
etag: ac01c66c-a9cc-4c3a-854c-6dbba1ece391
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: f3b18be7-7b83-4c25-a5f8-a1e1543b1862
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:04 GMT

GET
H2 200 core.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/ Frame 846A 50 KB
18 KB 20ms
20ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/core.js?globalName=__PNS_RUNTIME__
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/index.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 831d0297ef02248d890cec3436dd2085945d14cc82c37d761c93db656055241e

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f6fb0
date: Thu, 16 Mar 2023 15:45:04 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: NLwKb3tjkhjoXl11xmStjw==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 17789
last-modified: Wed, 08 Mar 2023 04:15:10 GMT
opc-request-id: iad-1:r74A3Vb0d8n174JosDmtdLcrVE-Ax5xrLakZyk7_NSHYIuSYg_4OmZ5mUuRk_e4t
x-api-id: native
etag: ac01c66c-a9cc-4c3a-854c-6dbba1ece391
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: f3b18be7-7b83-4c25-a5f8-a1e1543b1862
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:04 GMT

GET
H/1.1 200
OK resource Show response
mssdk-va.byteoversea.com/web/ Frame 8501 519 B
2 KB 203ms
74ms XHR
application/json 23.40.18.4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mssdk-va.byteoversea.com/web/resource?eq=qd4zAKRVu7PpE9-Y/xJmHwCnmMKy2bBUi9IhCXdvGEFsg2S-ffpatAmfuBKR--8eSDsnJiADdgGb2OWXNWk7bp8VocDKOqJ3
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.18.4 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-40-18-4.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f6629f41802994e457edcb7e45ad40a5dde8583afefde5221ffe66c92ac02cae

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

X-Akamai-Request-ID: 1ebe2536.5c75408
Date: Thu, 16 Mar 2023 15:45:04 GMT
Content-Encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-17-4.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 27,23.40.17.4
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=19, inner; dur=13
Content-Length: 453
X-Ms-Token: TuyYsZJIvBeKbP2JBcJqFRv7GsP_vyXkzuJhoP4xatEdVQ6yOvG_eAfUJ7I9yZCWF24OK0vkC7fOwWR9eXeSvOdV9OgV1QlcvjbDmH4CX44=
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545031EB4853D1B2287CFA11B
X-Cache-Remote: TCP_MISS from a23-39-229-23.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Expose-Headers: x-ms-token,x-ms-resp
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 19,23.39.229.23
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d915d7a2d9f8ef53ad7f39dc2868de3977f8fa05634ce6a1179187a0fb01048ac646cb1575e1589b60bed816edba93dbc3e4f3a7a8b632518578dba297214e2153fdc1caadbbdce8a28702e9e8cc054990
Access-Control-Allow-Headers: x-mssdk-info,x-ms-req
Expires: Thu, 16 Mar 2023 15:45:04 GMT

GET
H2 200 core.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/ Frame E922 50 KB
18 KB 21ms
21ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/core.js?globalName=__PNS_RUNTIME__
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/index.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 831d0297ef02248d890cec3436dd2085945d14cc82c37d761c93db656055241e

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f6fda
date: Thu, 16 Mar 2023 15:45:04 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: NLwKb3tjkhjoXl11xmStjw==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 17789
last-modified: Wed, 08 Mar 2023 04:15:10 GMT
opc-request-id: iad-1:r74A3Vb0d8n174JosDmtdLcrVE-Ax5xrLakZyk7_NSHYIuSYg_4OmZ5mUuRk_e4t
x-api-id: native
etag: ac01c66c-a9cc-4c3a-854c-6dbba1ece391
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: f3b18be7-7b83-4c25-a5f8-a1e1543b1862
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:04 GMT

GET
H/1.1 200
OK resource Show response
mssdk-va.byteoversea.com/web/ Frame 846A 519 B
2 KB 184ms
102ms XHR
application/json 23.40.18.4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mssdk-va.byteoversea.com/web/resource?eq=OpWhWoaYMKtTT/JAX2e4vi0pRRAx8AOl-SVV7H/-2S77D8zuhUPxbqCliIUjOpUBgCyrDFWo4P5K69VXDEkDNG5xqj9x//tW
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.18.4 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-40-18-4.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: ca3a0dcad7ffc7ec4ffd3481e69bee559c81ed31f481027b43e05db41f534fd6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

X-Akamai-Request-ID: 1ebe4c4f.5c7541b
Date: Thu, 16 Mar 2023 15:45:04 GMT
Content-Encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-17-4.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 53,23.40.17.4
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=65, origin; dur=18, inner; dur=12
Content-Length: 453
X-Ms-Token: I6SbDf8vVcpwXQ5aDkIN4OGqKXPhAHID-wWm1KKi5PY8_H_AuatW88037ujI-TqJq-vLrQzzVXqgRk_PF9qlr1gSPlTuVYQw6MNhwXiUg1M=
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545031EB4853D1B2287CFA121
X-Cache-Remote: TCP_MISS from a23-39-229-23.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Expose-Headers: x-ms-token,x-ms-resp
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 18,23.39.229.23
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d915d7a2d9f8ef53ad7f39dc2868de3977f8fa05634ce6a1179187a0fb01048ac646cb1575e1589b60bed816edba93dbc33a4ee7f239906b71a735df574134628b3515d4876b37e5d5c64483435af838d9
Access-Control-Allow-Headers: x-mssdk-info,x-ms-req
Expires: Thu, 16 Mar 2023 15:45:04 GMT

GET
H/1.1 200
OK resource Show response
mssdk-va.byteoversea.com/web/ Frame E922 519 B
2 KB 113ms
66ms XHR
application/json 23.40.18.4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mssdk-va.byteoversea.com/web/resource?eq=4x2naSyrcr0WXQeHbis8hODLio6As9xqJLgxHCRvdhrSjEodn5dzXHnm6ti96b3Zue6dAIezr/Mq58ssCcYQGJU6cJ/Y7QrI
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.18.4 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-40-18-4.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 90a788a6783f06538320fc5e1083432ff5ae211c50fc1e1af59a8acc44b3649f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

X-Akamai-Request-ID: dd49091.5c7543e
Date: Thu, 16 Mar 2023 15:45:04 GMT
Content-Encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-17-4.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 35,23.40.17.4
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=18, origin; dur=17, inner; dur=13
Content-Length: 452
X-Ms-Token: a6ulK4632evzFnVcZg1Q63BxFaf_lZEGji1qM_IlCpQY8BBAZYEG11NquIRNee8F5vGRrXEmrq8n-8-LG5j-2SHxSKil0YtDCTp3gXCrhxc=
Pragma: no-cache
Server: nginx
X-Tt-Logid: 20230316154503F6D2551B3C152DCE7732
X-Cache-Remote: TCP_MISS from a23-39-229-47.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Expose-Headers: x-ms-token,x-ms-resp
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 18,23.39.229.47
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d915d7a2d9f8ef53ad7f39dc2868de39778276aab3be3a6d1ce0f4b2662941a98345a6cbefb936ba6e8ad28907aeb992fe54775e254550569f2a6a2df46a9a7d629e60da7ae84ccc7801bece9862a63ea3
Access-Control-Allow-Headers: x-mssdk-info,x-ms-req
Expires: Thu, 16 Mar 2023 15:45:04 GMT

POST
H/1.1 200
OK / Show response
vmweb-va.byteoversea.com/service/2/abtest_config/ Frame E922 424 B
1 KB 149ms
42ms XHR
application/json 23.34.59.7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://vmweb-va.byteoversea.com/service/2/abtest_config/
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.7 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-7.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b4593431b272bb27e6ccf17780144aad9cca229550441cedf2391549cef0a695

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: b53998b.1fef870
Date: Thu, 16 Mar 2023 15:45:05 GMT
Content-Encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-7.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 22,23.40.16.7
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=14, inner; dur=9
Content-Length: 265
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545047084299849B611CD222E
X-Cache-Remote: TCP_MISS from a23-39-229-37.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
X-Origin-Response-Time: 14,23.39.229.37
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d92e862eb4409e66dd8d0d90ee3b3d60a03d294cb1e8a22408d25eaded8619d22ce65173ccc4970cde1bb6c20363ac665bed5bca8698c449b9275950a1e84f84174b2301d5d42a87aa6020154e001f10e8
Vary: Accept-Encoding
Access-Control-Allow-Headers: Content-Type,Content-Length, Authorization, Accept,X-Requested-With
Expires: Thu, 16 Mar 2023 15:45:05 GMT

OPTIONS
H/1.1 200
OK /
vmweb-va.byteoversea.com/service/2/abtest_config/ Frame 0
0 343ms
31ms Preflight
application/json 23.34.59.7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://vmweb-va.byteoversea.com/service/2/abtest_config/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.7 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-7.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Headers: Content-Type,Content-Length, Authorization, Accept,X-Requested-With
Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 60
Content-Type: application/json; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Expires: Thu, 16 Mar 2023 15:45:05 GMT
Pragma: no-cache
Server: nginx
Server-Timing: cdn-cache; desc=MISS, edge; dur=4, origin; dur=8 inner; dur=1
X-Akamai-Request-ID: b538903.1fef842
X-Cache: TCP_MISS from a23-40-16-7.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Cache-Remote: TCP_MISS from a23-39-229-37.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 8,23.39.229.37
X-Parent-Response-Time: 11,23.40.16.7
X-Tt-Logid: 202303161545047084299849B611CD2223
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d92e862eb4409e66dd8d0d90ee3b3d60a03d294cb1e8a22408d25eaded8619d22ce65173ccc4970cde1bb6c20363ac665b14edd15072cb70f01f492b84990bd88bd4046f147dd11fee9b1c73f79113b79e
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H/1.1 200
OK / Show response
vmweb-va.byteoversea.com/service/2/abtest_config/ Frame 846A 424 B
1 KB 53ms
41ms XHR
application/json 23.34.59.7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://vmweb-va.byteoversea.com/service/2/abtest_config/
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.7 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-7.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b4593431b272bb27e6ccf17780144aad9cca229550441cedf2391549cef0a695

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 8b7010e9.1fef871
Date: Thu, 16 Mar 2023 15:45:05 GMT
Content-Encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-7.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 21,23.40.16.7
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=15, origin; dur=7, inner; dur=5
Content-Length: 265
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545043665448EC0B8FCCB7F7A
X-Cache-Remote: TCP_MISS from a23-220-104-7.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
X-Origin-Response-Time: 7,23.220.104.7
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d992e68f7a6119d140aba261d33de93d2f141e54a48d8a9afbdc0351255cbf54fd628f4764dec7f26e2b73ca2e51b5a49d0a4dbe4a68b1acfd8d8f7a61eb67aecd39ea1e9a8d11780ac8f157a2603297e5
Vary: Accept-Encoding
Access-Control-Allow-Headers: Content-Type,Content-Length, Authorization, Accept,X-Requested-With
Expires: Thu, 16 Mar 2023 15:45:05 GMT

POST
H/1.1 200
OK / Show response
vmweb-va.byteoversea.com/service/2/abtest_config/ Frame 8501 424 B
1 KB 109ms
61ms XHR
application/json 23.34.59.7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://vmweb-va.byteoversea.com/service/2/abtest_config/
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.7 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-7.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b4593431b272bb27e6ccf17780144aad9cca229550441cedf2391549cef0a695

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 8b7016ae.1fef893
Date: Thu, 16 Mar 2023 15:45:05 GMT
Content-Encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-7.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 39,23.40.16.7
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=33, origin; dur=8, inner; dur=4
Content-Length: 265
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545043665448EC0B8FCCB7F80
X-Cache-Remote: TCP_MISS from a23-220-104-7.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
X-Origin-Response-Time: 8,23.220.104.7
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d992e68f7a6119d140aba261d33de93d2f141e54a48d8a9afbdc0351255cbf54fd628f4764dec7f26e2b73ca2e51b5a49d0a4dbe4a68b1acfd8d8f7a61eb67aecd39ea1e9a8d11780ac8f157a2603297e5
Vary: Accept-Encoding
Access-Control-Allow-Headers: Content-Type,Content-Length, Authorization, Accept,X-Requested-With
Expires: Thu, 16 Mar 2023 15:45:05 GMT

OPTIONS
H/1.1 200
OK /
vmweb-va.byteoversea.com/service/2/abtest_config/ Frame 0
0 418ms
76ms Preflight
application/json 23.34.59.7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://vmweb-va.byteoversea.com/service/2/abtest_config/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.7 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-7.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Headers: Content-Type,Content-Length, Authorization, Accept,X-Requested-With
Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 60
Content-Type: application/json; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Expires: Thu, 16 Mar 2023 15:45:05 GMT
Pragma: no-cache
Server: nginx
Server-Timing: cdn-cache; desc=MISS, edge; dur=5, origin; dur=8 inner; dur=3
X-Akamai-Request-ID: b539918.1fef845
X-Cache: TCP_MISS from a23-40-16-7.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Cache-Remote: TCP_MISS from a23-39-229-37.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 8,23.39.229.37
X-Parent-Response-Time: 12,23.40.16.7
X-Tt-Logid: 202303161545047084299849B611CD2228
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d92e862eb4409e66dd8d0d90ee3b3d60a03d294cb1e8a22408d25eaded8619d22ce65173ccc4970cde1bb6c20363ac665bed5bca8698c449b9275950a1e84f84174b2301d5d42a87aa6020154e001f10e8
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

OPTIONS
H/1.1 200
OK /
vmweb-va.byteoversea.com/service/2/abtest_config/ Frame 0
0 415ms
32ms Preflight
application/json 23.34.59.7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://vmweb-va.byteoversea.com/service/2/abtest_config/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.7 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-7.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Headers: Content-Type,Content-Length, Authorization, Accept,X-Requested-With
Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 60
Content-Type: application/json; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Expires: Thu, 16 Mar 2023 15:45:05 GMT
Pragma: no-cache
Server: nginx
Server-Timing: cdn-cache; desc=MISS, edge; dur=4, origin; dur=7 inner; dur=1
X-Akamai-Request-ID: 25e5b673.1fef86b
X-Cache: TCP_MISS from a23-40-16-7.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Cache-Remote: TCP_MISS from a23-39-229-45.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 7,23.39.229.45
X-Parent-Response-Time: 11,23.40.16.7
X-Tt-Logid: 20230316154504DB8B1EEB3CA38FCD0CD5
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d92e862eb4409e66dd8d0d90ee3b3d60a0ded11dd3286fe54e090a04600752f164e62506e33f4441714462022a0a0caa0b330e23abed17a4559fd48d3b4a3d2d38591f37c17cfbbf76fee258f2e79defae
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame EC3A 37 KB
14 KB 25ms
20ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67945
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D0F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame F475 37 KB
14 KB 84ms
20ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67945
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D0F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 6E71 37 KB
14 KB 90ms
26ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 40EF 37 KB
14 KB 91ms
27ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame F402 37 KB
14 KB 87ms
24ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1DCD) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67944
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1DCD)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame CA33 37 KB
14 KB 77ms
25ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D08) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D08)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 9624 37 KB
14 KB 78ms
21ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D20) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67880
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D20)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame D74D 37 KB
14 KB 112ms
25ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67945
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D0F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame A9DA 37 KB
14 KB 104ms
19ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1DCD) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67944
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1DCD)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame A5B2 37 KB
14 KB 105ms
22ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D08) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D08)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame D107 37 KB
14 KB 105ms
24ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame F863 37 KB
14 KB 105ms
25ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 6DD2 37 KB
14 KB 101ms
23ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D20) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67880
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D20)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 1327 37 KB
14 KB 124ms
19ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1DCD) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67944
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1DCD)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 5742 37 KB
14 KB 127ms
19ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D08) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D08)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 3004 37 KB
14 KB 129ms
22ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D20) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67880
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D20)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 47B2 37 KB
14 KB 129ms
23ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 6811 37 KB
14 KB 125ms
20ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67945
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D0F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 8224 37 KB
14 KB 128ms
24ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 4CFA 37 KB
14 KB 137ms
19ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1DCD) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67944
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1DCD)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 1D64 37 KB
14 KB 149ms
19ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67945
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D0F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame BA16 37 KB
14 KB 149ms
21ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D08) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D08)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame CDF6 37 KB
14 KB 154ms
25ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D20) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67880
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D20)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 831F 37 KB
14 KB 159ms
30ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 186B 37 KB
14 KB 155ms
27ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 7D8E 37 KB
14 KB 158ms
28ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1DCD) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67944
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1DCD)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 4D6C 37 KB
14 KB 180ms
19ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67945
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D0F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 6EC0 37 KB
14 KB 185ms
23ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D08) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D08)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 9D10 37 KB
14 KB 182ms
20ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D20) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67880
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D20)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame E229 37 KB
14 KB 182ms
21ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 67946
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
149 B 58ms
27ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fmyreturnticket.ca%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22myreturnticket%22%2C%22widget_creator_screen_name%22%3A%22myreturnticket%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1678981505090%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22aaf4084522e3a%3A1674595607486%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=f94c82a81ad2e2472296dc3b0598011583709300

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-response-time: 7
date: Thu, 16 Mar 2023 15:45:04 GMT
strict-transport-security: max-age=631138519
last-modified: Thu, 16 Mar 2023 15:45:05 GMT
server: tsa_b
vary: Origin
content-type: image/gif
x-transaction-id: be8c57ca36b527b1
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: f7d56398ea3125934834bea7b124e8c3c7a4ca5de0cac366358d456735b51939
content-length: 43

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
115 B 60ms
29ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fmyreturnticket.ca%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22myreturnticket%22%2C%22widget_creator_screen_name%22%3A%22myreturnticket%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1678981505091%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22aaf4084522e3a%3A1674595607486%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=f94c82a81ad2e2472296dc3b0598011583709300

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-response-time: 7
date: Thu, 16 Mar 2023 15:45:05 GMT
strict-transport-security: max-age=631138519
last-modified: Thu, 16 Mar 2023 15:45:05 GMT
server: tsa_b
vary: Origin
content-type: image/gif
x-transaction-id: fef90d1987b64ed6
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: f7d56398ea3125934834bea7b124e8c3c7a4ca5de0cac366358d456735b51939
content-length: 43

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
94 B 88ms
44ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fmyreturnticket.ca%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22myreturnticket%22%2C%22widget_creator_screen_name%22%3A%22myreturnticket%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1678981505092%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22aaf4084522e3a%3A1674595607486%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=f94c82a81ad2e2472296dc3b0598011583709300

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-response-time: 8
date: Thu, 16 Mar 2023 15:45:04 GMT
strict-transport-security: max-age=631138519
last-modified: Thu, 16 Mar 2023 15:45:05 GMT
server: tsa_b
vary: Origin
content-type: image/gif
x-transaction-id: 5b7d0ae65b52b720
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: f7d56398ea3125934834bea7b124e8c3c7a4ca5de0cac366358d456735b51939
content-length: 43

GET
H2 206 img_1369_mov_dvd.mp4 Show response
videos.files.wordpress.com/XO6mYVEb/ Frame 0A04 740 B
866 B 97ms
70ms XHR
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/XO6mYVEb/img_1369_mov_dvd.mp4

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1bc7f9e210e46b3bf70b0e1b710b6248d4f505d0b837a7859cf57849e8a0620a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://videopress.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-739

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:09:50 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-739/2988479
Content-Length: 740
expires: Tue, 18 Apr 2023 22:07:27 GMT

GET
H2 206 img_1369_mov_dvd.mp4 Show response
videos.files.wordpress.com/XO6mYVEb/ Frame 0A04 1 MB
1 MB 102ms
76ms XHR
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/XO6mYVEb/img_1369_mov_dvd.mp4

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4573b4b7bcf4898d0d4a4b7be84aacc0d20ec27f7a0b2f23021dd1308fad78a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://videopress.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=808-1339587

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:09:50 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 808-1339587/2988479
Content-Length: 1338780
expires: Tue, 18 Apr 2023 22:07:27 GMT

GET
H/1.1 200
OK imp_view_pixel
s.pubmine.com/ 43 B
286 B 53ms
31ms Image
image/gif 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.pubmine.com/imp_view_pixel?tuuid=e3643ba5-6d29-4272-9941-c8ff19e04eb6&pc=_ysRbQRQG27hpyBZcy14YsXhX8sHF1ZcgDwbEKzEY99wqfzTVyUf-uuLAVbTuPe4hzYFi8Y0VniLFKXJEDO_tdmXVBXGnS5zVAtzMSWthfa4e5_ZvaIC5EwmCLvf-ZT2jdHFt8ECmO28MZY5maERUGFRJgI4sKisHwK-nLUIniXzIkq3iA
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:05 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame E7CB 0
260 B 119ms
27ms Script
text/plain 8.28.7.84
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D26%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 21:48:08 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 img_1371_mov_dvd.audio.m3u8 Show response
videos.files.wordpress.com/xBxg03xe/ Frame E039 592 B
672 B 205ms
204ms XHR
application/x-mpegurl 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/xBxg03xe/img_1371_mov_dvd.audio.m3u8

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6b011c28917d3fa99b9860f2b824189f6c5748773a8ef1df070b4fac8797edbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:13:21 GMT
server: nginx
vary: Origin
content-type: application/x-mpegURL
access-control-allow-origin: *
accept-ranges: bytes
content-length: 592
expires: Sun, 23 Apr 2023 01:42:30 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame E204 0
10 B 27ms
26ms Image
text/plain 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?HJVHJA
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:05 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame E204 4 KB
2 KB 136ms
48ms Script
text/javascript 2607:f8b0:4006:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 15:45:05 GMT

GET
H/1.1

200
OK

cookie-sync Show response
sync.outbrain.com/ Frame 6226
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:e7ef6413-397c-4900-b930-b5f1dddc2b71&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq...
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=...

0
145 B

106ms
100ms

Document
text/plain

38.133.127.63
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 38.133.127.63 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:05 GMT
X-TraceId: cc3e263cb1a7cb81bb12de69d2423529

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:04 GMT
location: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame B3B8
Redirect Chain

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=85e60e8e-c411-11ed-ad00-8b125e48859e

42 B
243 B

37ms
36ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=85e60e8e-c411-11ed-ad00-8b125e48859e
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:04 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 0
content-type: image/gif
date: Thu, 16 Mar 2023 15:45:05 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=85e60e8e-c411-11ed-ad00-8b125e48859e
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: lga-delivery-8

GET
H/1.1

200
OK

cookie-sync Show response
sync.outbrain.com/ Frame 81CA
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=cywC1nYhC9VoLgDSci8e3XYqUNRoLATQcHx_ftNx
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq...
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=...

0
145 B

311ms
79ms

Document
text/plain

38.133.127.63
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 38.133.127.63 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:05 GMT
X-TraceId: 42ea931c93440f31330057104131aa88

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:05 GMT
location: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H/1.1

200
OK

cookie-sync Show response
sync.outbrain.com/ Frame 03A5
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1694000653285184985&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq...
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=...

0
145 B

265ms
105ms

Document
text/plain

38.133.127.63
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 38.133.127.63 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:05 GMT
X-TraceId: b454a651fcef2ef5818897d9e0e0e79f

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:05 GMT
location: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H/1.1

200
OK

cookie-sync Show response
sync.outbrain.com/ Frame 66C2
Redirect Chain

https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw&piggybackCookie=di_ceccdb14380943aaae433
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq...
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=...

0
145 B

159ms
84ms

Document
text/plain

38.133.127.63
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 38.133.127.63 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:05 GMT
X-TraceId: 0673e928f0f7904057b17690de9bcb20

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:04 GMT
location: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H/1.1

200
OK

cookie-sync Show response
sync.outbrain.com/ Frame E6C0
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160065&pmc=1&pr=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpubmatic%26obUid%3DEvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq...
https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=...

0
145 B

315ms
85ms

Document
text/plain

38.133.127.63
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 38.133.127.63 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:05 GMT
X-TraceId: b993ae19bc62c806e8a8a4ad037454d1

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:05 GMT
location: https://sync.outbrain.com/cookie-sync?p=pubmatic&obUid=EvEPYHYMEbxfIQBNNoAQXXi_ulNY-JbI3PeKYxwXMwDRwL6YclxU-hEE5aq4YdvQ&gdpr=$GDPR_APPLIES&initiator=platform&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H/1.1 200
OK match Show response
s.pubmine.com/ Frame 0A27 43 B
870 B 37ms
25ms Document
image/gif 44.213.52.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pubmine.com/match?bidder_id=11&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.52.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-52-212.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:05 GMT
Server: nginx
Transfer-Encoding: chunked

GET
H3 200 sd
us-u.openx.net/w/1.0/ Frame 936E 43 B
61 B 34ms
23ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=540245193&val=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:05 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK Martin
crb.kargo.com/api/v1/dsync/ Frame 936E 43 B
504 B 146ms
27ms Image
image/gif 35.170.255.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crb.kargo.com/api/v1/dsync/Martin?exid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.170.255.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-170-255-253.compute-1.amazonaws.com
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:05 GMT
X-Accel-Expires: 0
Vary: Origin
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 204 sync
sync.bfmio.com/ Frame 936E 0
425 B 132ms
27ms Image
text/plain 44.196.123.162
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=187&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.196.123.162 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-196-123-162.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 16 Mar 2023 15:45:04 GMT

GET
H/1.1 200 syncMe
synchroscript.deliveryengine.adswizz.com/ Frame 936E 0
397 B 452ms
110ms Image
text/plain 54.171.218.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://synchroscript.deliveryengine.adswizz.com/syncMe?partnerDomain=mrtnsvr.com&idType=cookie&partnerUserId=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.218.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-218-252.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:05 GMT
X-Clacks-Overhead: GNU Terry Pratchett
X-Adswizz-request-id: 85eccc10-c411-11ed-9988-02fee573bb43
Connection: keep-alive
Content-Length: 0
X-Application-Context: application:production
Instance-id: i-05a70ee6e83913e63

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 936E
Redirect Chain

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=1088cf5ab4b319f0&is_secure=true&networkId=17100&version=1&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAJNwbPpexnpgMX1RWnAAAAAAA&expiration=1679067906&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&...

42 B
344 B

35ms
34ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAJNwbPpexnpgMX1RWnAAAAAAA&expiration=1679067906&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&is_secure=true&gdpr_consent=&gdpr=0
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:06 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAJNwbPpexnpgMX1RWnAAAAAAA&expiration=1679067906&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&is_secure=true&gdpr_consent=&gdpr=0
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2 204 CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 936E 0
34 B 37ms
21ms Image
text/plain 52.207.206.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.207.206.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-206-215.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:05 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 936E
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=

42 B
265 B

27ms
24ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:05 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:05 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 936E
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=00c78c89-c149-493d-9f8b-619f396156a7&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=

1 B
186 B

58ms
30ms

Image
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:06 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=
Date: Thu, 16 Mar 2023 15:45:07 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame A758 2 KB
3 KB 34ms
17ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=64624657&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 28924fcb84d16af502e948cbdf22d54757cf3f3d3f8082a613e97d1edd19376c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 15:45:04 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 sd
us-u.openx.net/w/1.0/ Frame B8FC 43 B
61 B 27ms
17ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=540245193&val=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:05 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK Martin
crb.kargo.com/api/v1/dsync/ Frame B8FC 43 B
504 B 121ms
29ms Image
image/gif 35.170.255.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crb.kargo.com/api/v1/dsync/Martin?exid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.170.255.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-170-255-253.compute-1.amazonaws.com
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:05 GMT
X-Accel-Expires: 0
Vary: Origin
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 204 sync
sync.bfmio.com/ Frame B8FC 0
425 B 137ms
27ms Image
text/plain 44.196.123.162
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=187&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.196.123.162 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-196-123-162.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 16 Mar 2023 15:45:04 GMT

GET
H/1.1 200 syncMe
synchroscript.deliveryengine.adswizz.com/ Frame B8FC 0
397 B 443ms
106ms Image
text/plain 54.171.218.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://synchroscript.deliveryengine.adswizz.com/syncMe?partnerDomain=mrtnsvr.com&idType=cookie&partnerUserId=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.218.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-218-252.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:04 GMT
X-Clacks-Overhead: GNU Terry Pratchett
X-Adswizz-request-id: 85efb240-c411-11ed-a71c-0a838200034f
Connection: keep-alive
Content-Length: 0
X-Application-Context: application:production
Instance-id: i-07ede1e81681bf660

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 4A2D
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:e7ef6413-397c-4900-b930-b5f1dddc2b71&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
0

30ms
24ms

Document
text/plain

8.28.7.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

date: Thu, 16 Mar 2023 15:45:05 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:05 GMT
location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame B6AA
Redirect Chain

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=85e60e8e-c411-11ed-ad00-8b125e48859e

42 B
243 B

36ms
35ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=85e60e8e-c411-11ed-ad00-8b125e48859e
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:05 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 0
content-type: image/gif
date: Thu, 16 Mar 2023 15:45:05 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=85e60e8e-c411-11ed-ad00-8b125e48859e
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: lga-delivery-8

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame B8FC
Redirect Chain

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=7b6ba078131304de&is_secure=true&networkId=17100&version=1&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAABurFedqwI2gNcvOhJAAAAAAA&expiration=1679067906&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&...

42 B
264 B

31ms
30ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAABurFedqwI2gNcvOhJAAAAAAA&expiration=1679067906&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&is_secure=true&gdpr_consent=&gdpr=0
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:06 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAABurFedqwI2gNcvOhJAAAAAAA&expiration=1679067906&nuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&is_secure=true&gdpr_consent=&gdpr=0
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2 204 CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame B8FC 0
34 B 36ms
23ms Image
text/plain 52.207.206.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.207.206.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-206-215.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:05 GMT

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame DB73
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=cywC1nYhC9VoLgDSci8e3XYqUNRoLATQcHx_ftNx
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
0

33ms
21ms

Document
text/plain

8.28.7.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

date: Thu, 16 Mar 2023 15:45:05 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:04 GMT
location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 34D1
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1694000653285184985&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
0

34ms
22ms

Document
text/plain

8.28.7.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

date: Thu, 16 Mar 2023 15:45:04 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:03 GMT
location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame B8FC
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=

42 B
343 B

31ms
24ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:06 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:04 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame B8FC
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://a.clickcertain.com/px/img/bidswitch/?bidswitch_ssp_id=pubmatic&bs_uid=88b2fc1d-8ebb-4ab8-85b5-11599c163215
https://a.usbrowserspeed.com/cs?puid=a97bdc06-fa81-580b-ab52-26d5f950dd6a&pid=lc&r=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26bidswitch_ssp_id%3dpubmatic
https://a.clickcertain.com/px/img/bidswitch/?done=true&bidswitch_ssp_id=pubmatic
https://x.bidswitch.net/sync?dsp_id=179&user_id=a02e46c5-f971-40ab-86f0-9e8853975518&expires=5&user_group=0&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=

1 B
245 B

49ms
23ms

Image
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:08 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=88b2fc1d-8ebb-4ab8-85b5-11599c163215&gdpr=&gdpr_consent=&gdpr_pd=
Date: Thu, 16 Mar 2023 15:45:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 2724
Redirect Chain

https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw&piggybackCookie=di_ceccdb14380943aaae433
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
0

32ms
23ms

Document
text/plain

8.28.7.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

date: Thu, 16 Mar 2023 15:45:04 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:05 GMT
location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame C929
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1694000653285184985

42 B
95 B

28ms
28ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1694000653285184985
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:04 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

AN-X-Request-Uuid: 8a43c1bb-28b5-4a2b-a3d3-4a5937ba408d
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:05 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=1694000653285184985
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H2 200 webmssdk_ex.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/ttweb_webmssdk_ex/1.0.0.28/ Frame 8501 475 KB
150 KB 110ms
32ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/ttweb_webmssdk_ex/1.0.0.28/webmssdk_ex.js
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b407aa623a088cc294558a9bfd8aaf7031231fc32d6abbece34bc1aafba19e32

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f7550
date: Thu, 16 Mar 2023 15:45:05 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: zMttJm6lvh5TMlvoutiwdQ==
x-cache: TCP_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1
storage-tier: Standard
last-modified: Mon, 20 Feb 2023 11:36:27 GMT
opc-request-id: iad-1:Pdgf_ccInimrato2FlgsiQ2OGE_qwDPW1PObbNnG2cXA7LITuCGL8q42OmM45RP-
x-api-id: native
etag: 1204fe26-0fdd-4938-a4e0-833f56b64816
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: b21fa691-6803-40f0-b5f5-f13a812a5540
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:05 GMT

GET
H2 200 webmssdk_ex.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/ttweb_webmssdk_ex/1.0.0.28/ Frame 846A 475 KB
150 KB 93ms
30ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/ttweb_webmssdk_ex/1.0.0.28/webmssdk_ex.js
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b407aa623a088cc294558a9bfd8aaf7031231fc32d6abbece34bc1aafba19e32

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f7551
date: Thu, 16 Mar 2023 15:45:05 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: zMttJm6lvh5TMlvoutiwdQ==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
last-modified: Mon, 20 Feb 2023 11:36:27 GMT
opc-request-id: iad-1:Pdgf_ccInimrato2FlgsiQ2OGE_qwDPW1PObbNnG2cXA7LITuCGL8q42OmM45RP-
x-api-id: native
etag: 1204fe26-0fdd-4938-a4e0-833f56b64816
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: b21fa691-6803-40f0-b5f5-f13a812a5540
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:05 GMT

POST
H/1.1 200
OK list Show response
mcs-va.tiktok.com/v1/ Frame E922 21 B
1 KB 135ms
133ms XHR
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 948190a15ae7d94bc1d62d16316370c5365c520310b32a4e3719a93d9a05f78f

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 99f65ab
Date: Thu, 16 Mar 2023 15:45:05 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Server-Timing: inner; dur=2, cdn-cache; desc=MISS, edge; dur=2, origin; dur=83
Connection: keep-alive
Content-Length: 21
Pragma: no-cache
Server: nginx
X-Tt-Logid: 20230316154504FA259CD0FF8F9EF40716
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 84,23.40.16.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402e029053859b687f84394a747780305a2ea2af53859770af38a5f107514f3fe8a266fdb233b45f979e4a4e5384d9cc4590e42d8ba10247465b0e22fa4fe0df78f
Expires: Thu, 16 Mar 2023 15:45:05 GMT

OPTIONS
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame 0
0 37ms
36ms Preflight 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Max-Age: 1800
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:05 GMT
Expires: Thu, 16 Mar 2023 15:45:05 GMT
Pragma: no-cache
Server: nginx
Server-Timing: inner; dur=5 cdn-cache; desc=MISS, edge; dur=0, origin; dur=14
X-Akamai-Request-ID: 99f5f8c
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 14,23.40.16.22
X-Tt-Logid: 202303161545043592E767C17F2D79FD7E
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402e7c014e4b83affc172baaf510fe59e8f6267b702d6a257316408cde63dba7e67d430759b2c60a7779b8008b56ef097d3007748f57d5a3548f3890c5b53fc63fc
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H/1.1 200
OK list Show response
mcs-va.tiktok.com/v1/ Frame 846A 21 B
1 KB 58ms
56ms XHR
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 948190a15ae7d94bc1d62d16316370c5365c520310b32a4e3719a93d9a05f78f

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 99f65b8
Date: Thu, 16 Mar 2023 15:45:05 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Server-Timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=12, origin; dur=19
Connection: keep-alive
Content-Length: 21
Pragma: no-cache
Server: nginx
X-Tt-Logid: 20230316154504C4B42AC318F8F3CE02F2
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 19,23.40.16.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f40276fa0cae1703568eaf7d26498ac1b20324cb3bdd3d42a2d94e0f861d02c68f4c649e0af539509bd990d8d1fb6c3a9f9db0f47d58bd954d1e14b3005210473997
Expires: Thu, 16 Mar 2023 15:45:05 GMT

POST
H/1.1 200
OK list Show response
mcs-va.tiktok.com/v1/ Frame 8501 21 B
1014 B 54ms
47ms XHR
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 948190a15ae7d94bc1d62d16316370c5365c520310b32a4e3719a93d9a05f78f

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 99f65b6
Date: Thu, 16 Mar 2023 15:45:05 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Server-Timing: inner; dur=2, cdn-cache; desc=MISS, edge; dur=10, origin; dur=14
Connection: keep-alive
Content-Length: 21
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545040CEB64C18EE3FABF01CE
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 14,23.40.16.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f40276fa0cae1703568eaf7d26498ac1b20351f4510af49b975da63d667e23e0b13587e073022ef1b8d36b5430dea6ec17d6
Expires: Thu, 16 Mar 2023 15:45:05 GMT

OPTIONS
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame 0
0 47ms
36ms Preflight 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Max-Age: 1800
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:05 GMT
Expires: Thu, 16 Mar 2023 15:45:05 GMT
Pragma: no-cache
Server: nginx
Server-Timing: inner; dur=3 cdn-cache; desc=MISS, edge; dur=1, origin; dur=12
X-Akamai-Request-ID: 99f5f76
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 12,23.40.16.22
X-Tt-Logid: 202303161545043592E767C17F2D79FD82
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402e7c014e4b83affc172baaf510fe59e8f6267b702d6a257316408cde63dba7e670ff90a8370aabcd86e1158016ceeb4ed63370f173a33a6a9affa74fd6b0e062a
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

OPTIONS
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame 0
0 43ms
33ms Preflight 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Max-Age: 1800
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:05 GMT
Expires: Thu, 16 Mar 2023 15:45:05 GMT
Pragma: no-cache
Server: nginx
Server-Timing: inner; dur=2 cdn-cache; desc=MISS, edge; dur=1, origin; dur=11
X-Akamai-Request-ID: 99f5f4a
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 12,23.40.16.22
X-Tt-Logid: 202303161545040CEB64C18EE3FABF01C8
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f40276fa0cae1703568eaf7d26498ac1b20351f4510af49b975da63d667e23e0b135b4c8c125ec5c310c6cb2e1f612ea8b8d4a39198b9b96df67962aa2fdaa3acd78
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

OPTIONS
H2 200 browser-settings
mon-va.byteoversea.com/monitor_web/settings/ Frame 0
0 102ms
33ms Preflight
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=tiktok_web_embed&store=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-origin: https://www.tiktok.com
access-control-max-age: 600
access-control-request-method: POST,GET,OPTIONS
cache-control: public, max-age=600
content-encoding: gzip
content-length: 387
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 15:45:05 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=6 inner; dur=3
upstream-caught: 1678981505724828
vary: Origin, Accept-Encoding
x-akamai-request-id: 755481d.30f5575
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-38.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 6,23.40.62.38
x-parent-response-time: 14,23.46.157.15
x-tt-logid: 202303161545048E77DA1BC3EF77CEE125
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e278577fa4abc941a9eb9febbd273725924658aeb7506c0beea9a26d2c02e79a0079a4e71c3c563c993c5db5f6519bf6d12645528c98abd476a8b9f37bbdc2439
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 browser-settings Show response
mon-va.byteoversea.com/monitor_web/settings/ Frame 8501 1 KB
1 KB 98ms
47ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=tiktok_web_embed&store=1
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: c300107aa80b31398a8c1db7500a6e951951efcdd08d2ae7a7ae376958142529

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 2199864.30f5588
date: Thu, 16 Mar 2023 15:45:05 GMT
access-control-request-method: POST,GET,OPTIONS
content-encoding: gzip
upstream-caught: 1678981505809424
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 12,23.46.157.15
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=4, inner; dur=1
content-length: 386
server: nginx
x-tt-logid: 20230316154504F44DB266572AD1CB421D
x-cache-remote: TCP_MISS from a23-40-62-46.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.tiktok.com
cache-control: public, max-age=600
access-control-allow-credentials: true
x-origin-response-time: 4,23.40.62.46
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4eb91565bb9dccb0a40efd83c53127a8c94671ff769ae13f19b9a002e0993bcb451b7e83ce67bc5c5a0a2b39e7c13c269f496787cb28ae59b30ce660426987132af0e38d7ecd8afc90ea83d337dc41b182
access-control-allow-headers: Content-Type

OPTIONS
H2 200 browser-settings
mon-va.byteoversea.com/monitor_web/settings/ Frame 0
0 48ms
48ms Preflight
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=tiktok_web_embed&store=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-origin: https://www.tiktok.com
access-control-max-age: 600
access-control-request-method: POST,GET,OPTIONS
cache-control: public, max-age=600
content-encoding: gzip
content-length: 387
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 15:45:05 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=13, origin; dur=12 inner; dur=1
upstream-caught: 1678981505743302
vary: Origin, Accept-Encoding
x-akamai-request-id: 12f17076.30f5579
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-43-56-109.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 12,23.43.56.109
x-parent-response-time: 24,23.46.157.15
x-tt-logid: 20230316154504F14D7D4E8C081CCC6BEA
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ed657e6999caf568dbb5aef5f9ae036db2e7c2cdda0d9e3aa18ec4c3597972c820fe7c490444a53d3002ee469788686a22fe50e355ccbf7d56faca4ecbba04bdaa3e54d60c7d201ec250635b88698158a
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 browser-settings Show response
mon-va.byteoversea.com/monitor_web/settings/ Frame 846A 1 KB
1 KB 59ms
42ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=tiktok_web_embed&store=1
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 58e706aa7ebb88c00de8b1eafe4988c755fd6a230e1f94977b4f1b76bbaeb8b3

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 20e9d42.30f5589
date: Thu, 16 Mar 2023 15:45:05 GMT
access-control-request-method: POST,GET,OPTIONS
content-encoding: gzip
upstream-caught: 1678981505807189
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 11,23.46.157.15
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=2, inner; dur=0
content-length: 385
server: nginx
x-tt-logid: 20230316154504C7C40A2D8B2EA8CD89E5
x-cache-remote: TCP_MISS from a23-40-62-39.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.tiktok.com
cache-control: public, max-age=600
access-control-allow-credentials: true
x-origin-response-time: 2,23.40.62.39
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e5bc4d88a6f6891b2c2ba9c3740ece168544c4e1bff920991334b2eadb5d6dca6ee1772440ea128753a9d02048650883ca68e695d56787a08fd1af11591e89687a98160ec0ebd4c737ddadc602793bae1
access-control-allow-headers: Content-Type

GET
H2 206 img_1369_mov_dvd.audio.mp4 Show response
videos.files.wordpress.com/XO6mYVEb/ Frame 0A04 631 B
725 B 73ms
69ms XHR
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/XO6mYVEb/img_1369_mov_dvd.audio.mp4

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

22ccbe5ec3b3ffb63f69e3fd5d6c1697c484ab87b4506fb3026fcaba69c9175f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://videopress.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-630

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:09:51 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-630/198409
Content-Length: 631
expires: Mon, 10 Apr 2023 22:47:12 GMT

GET
H2 206 img_1369_mov_dvd.audio.mp4 Show response
videos.files.wordpress.com/XO6mYVEb/ Frame 0A04 95 KB
95 KB 82ms
78ms XHR
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/XO6mYVEb/img_1369_mov_dvd.audio.mp4

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8bfab0d129df3b82bb91b20a679c22469bed26d944548f1bab1d4e87dabf7317

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://videopress.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=699-97915

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:09:51 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 699-97915/198409
Content-Length: 97217
expires: Mon, 10 Apr 2023 22:47:12 GMT

OPTIONS
H2 200 browser-settings
mon-va.byteoversea.com/monitor_web/settings/ Frame 0
0 33ms
32ms Preflight
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=tiktok_web_embed&store=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-origin: https://www.tiktok.com
access-control-max-age: 600
access-control-request-method: POST,GET,OPTIONS
cache-control: public, max-age=600
content-encoding: gzip
content-length: 384
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 15:45:05 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=4 inner; dur=1
upstream-caught: 1678981505827551
vary: Origin, Accept-Encoding
x-akamai-request-id: 1a53251.30f558d
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-62.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 4,23.40.62.62
x-parent-response-time: 10,23.46.157.15
x-tt-logid: 202303161545041D5624E517379CCB9BCB
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e6cdfc85bd7c897ce54801d817baf83c1c17f7d5994f6525085849c38aa855ab1991a377eeee2df7f38aafad58c4077f8daa5bc13e5bd88ff2eeb6eed3010e0dd
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 browser-settings Show response
mon-va.byteoversea.com/monitor_web/settings/ Frame E922 1 KB
1 KB 60ms
59ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=tiktok_web_embed&store=1
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 0e83ea598c00b75b76b01a2764860abfd5f369f8c293a8e5862c531a257d197e

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 8edcaf4.30f5592
date: Thu, 16 Mar 2023 15:45:05 GMT
access-control-request-method: POST,GET,OPTIONS
content-encoding: gzip
upstream-caught: 1678981505865518
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 14,23.46.157.15
server-timing: cdn-cache; desc=MISS, edge; dur=4, origin; dur=10, inner; dur=1
content-length: 388
server: nginx
x-tt-logid: 20230316154504D2A8E6369D9A1BCD7C1F
x-cache-remote: TCP_MISS from a23-43-56-132.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.tiktok.com
cache-control: public, max-age=600
access-control-allow-credentials: true
x-origin-response-time: 10,23.43.56.132
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e338f117c56750337e8e001290eb43ca1887183d52227465d8cfab379653d2c9f2a617b035fbf525ecf32d03a106745b03af07c4d6d19cdc7957d016320a8c37150e874079beffb779c7cdc172ce18333
access-control-allow-headers: Content-Type

GET
H2 206 img_1371_mov_dvd.mp4 Show response
videos.files.wordpress.com/xBxg03xe/ Frame E039 740 B
831 B 73ms
71ms XHR
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/xBxg03xe/img_1371_mov_dvd.mp4

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fd5645318b6ed2dba91420c8d1a1758404640e0caf9cc9a56186b1501299a19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://videopress.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-739

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:13:07 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-739/5793105
Content-Length: 740
expires: Fri, 21 Apr 2023 21:05:09 GMT

GET
H2 206 img_1371_mov_dvd.mp4 Show response
videos.files.wordpress.com/xBxg03xe/ Frame E039 2 MB
2 MB 180ms
178ms XHR
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/xBxg03xe/img_1371_mov_dvd.mp4

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

25be315ec4666021707243d86c60cd082b8f898314a6bdced489432b82cead44

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://videopress.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=820-1729548

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:13:07 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 820-1729548/5793105
Content-Length: 1728729
expires: Fri, 21 Apr 2023 21:05:09 GMT

GET
DATA 200
OK truncated
/ Frame EC3A 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F475 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F402 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame CA33 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 6E71 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 40EF 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9624 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame A9DA 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame A5B2 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 6DD2 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame D107 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame D74D 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F863 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 1327 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 5742 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 6811 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3004 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 47B2 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 8224 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4CFA 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 1D64 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame BA16 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK report Show response
mssdk-va.tiktok.com/web/ Frame 8501 44 B
2 KB 212ms
66ms XHR
text/plain 23.40.18.5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mssdk-va.tiktok.com/web/report?msToken=&X-Bogus=DFSzswSOQDcVRuYKtclta-Veov4O
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.18.5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-40-18-5.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b097fc471c067f5960fbf018f38f1e00396bb71612d79be26976b8f18cf8da26

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

X-Akamai-Request-ID: 9446c714.6112129
Date: Thu, 16 Mar 2023 15:45:06 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-17-5.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 46,23.40.17.5
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=23, origin; dur=24, inner; dur=20
Content-Length: 44
X-Ms-Token: Y_JWaw4G-NTK26TbnzAFCv6wAD24qlB8tCDt6Z6BdLXRXqbY1p-RdqjGGA_TfanbFn5yqKcwnWtgQla4ePOhP8EQhAO2bPR3RTdDa6MvELLw-l0uLhWBGFFwSOxspn0=
Pragma: no-cache
Server: nginx
X-Tt-Logid: 20230316154505E883767E16FF9D0FCCCD
X-Cache-Remote: TCP_MISS from a23-220-104-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Expose-Headers: x-ms-token,x-ms-resp
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 24,23.220.104.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d95aa612f56c85aa9112aa2f9a8d6a9e08cd6fbf754541b9feb09889e64fb8aa5d8b145d48f63746dd3e5ca40b17229a1ce08e84d1c09677cad7eb025372a53a34778f60f1daaa889f1e63dbad3d28145e
Access-Control-Allow-Headers: x-mssdk-info,x-ms-req
Expires: Thu, 16 Mar 2023 15:45:06 GMT

GET
DATA 200
OK truncated
/ Frame CDF6 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK report Show response
mssdk-va.tiktok.com/web/ Frame 846A 44 B
2 KB 159ms
116ms XHR
text/plain 23.40.18.5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mssdk-va.tiktok.com/web/report?msToken=&X-Bogus=DFSzswSOQDaNxWYKtclta-Veovh4
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.18.5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-40-18-5.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b097fc471c067f5960fbf018f38f1e00396bb71612d79be26976b8f18cf8da26

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

X-Akamai-Request-ID: 71ffbcb9.611212e
Date: Thu, 16 Mar 2023 15:45:06 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-17-5.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 96,23.40.17.5
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=12, origin; dur=85, inner; dur=83
Content-Length: 44
X-Ms-Token: salLfxb34-qYaCm0zCZj9R1vbtUfP1lHzYsChLp2T719h23YVsCcjlZ6Pz-5a6nmhfsd1py2n3sd05uOhyNmwT7O6gt5S1mQ9qJXUlUh8Hf2DZeVou8Cl33dR30TUw4=
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545051F224AED27979E7F87F4
X-Cache-Remote: TCP_MISS from a23-220-104-8.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Expose-Headers: x-ms-token,x-ms-resp
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 85,23.220.104.8
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d95aa612f56c85aa9112aa2f9a8d6a9e0861e3a8df885c85f5160c657da264abfb961ad1cae9678c89b95ead757cf9a2ac3badb24d8abd1f53e55b0d8308763d5b8ceefa0ec024cf2e2ef73ad928205e73
Access-Control-Allow-Headers: x-mssdk-info,x-ms-req
Expires: Thu, 16 Mar 2023 15:45:06 GMT

GET
DATA 200
OK truncated
/ Frame 186B 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 831F 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7D8E 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4D6C 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9D10 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK report Show response
mssdk-va.tiktok.com/web/ Frame E922 44 B
2 KB 61ms
61ms XHR
text/plain 23.40.18.5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mssdk-va.tiktok.com/web/report?msToken=&X-Bogus=DFSzswSOQDcDJWYKtclta-Veovgx
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.18.5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-40-18-5.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b097fc471c067f5960fbf018f38f1e00396bb71612d79be26976b8f18cf8da26

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

X-Akamai-Request-ID: 9446d4eb.6112141
Date: Thu, 16 Mar 2023 15:45:06 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-17-5.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 32,23.40.17.5
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=10, origin; dur=23, inner; dur=21
Content-Length: 44
X-Ms-Token: 0VMQuyJTNCRX3h-PSenIVoh-RoQPf6ibgQqrcUXCN2IO2gQRCMzVurxj40YiJy942CGNBH881nGJdAXUvjV4NBLj8HoiMjTZoMAW5DZflokCCqTYVlwNXLeMkJpOsHs=
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545053A31A0D04B632E4F28F2
X-Cache-Remote: TCP_MISS from a23-220-104-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Expose-Headers: x-ms-token,x-ms-resp
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 24,23.220.104.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d95aa612f56c85aa9112aa2f9a8d6a9e08cd6fbf754541b9feb09889e64fb8aa5dcf978ad857edf48c3fafb3c4cc475cc003b4a3ec466ec9e0f429281d2c20197eca7ca1423f55dfe533d739f3b7aa4c797fc303af7a56d90682a0a400d6ce097d
Access-Control-Allow-Headers: x-mssdk-info,x-ms-req
Expires: Thu, 16 Mar 2023 15:45:06 GMT

GET
DATA 200
OK truncated
/ Frame E229 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 6EC0 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 206 img_1371_mov_dvd.audio.mp4 Show response
videos.files.wordpress.com/xBxg03xe/ Frame E039 631 B
744 B 185ms
184ms XHR
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/xBxg03xe/img_1371_mov_dvd.audio.mp4

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4653895945c1f85762fc514ac9dbec0cb455b714ae8863c93f462dbcb10df14e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://videopress.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-630

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:13:26 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-630/308840
Content-Length: 631
expires: Sun, 23 Apr 2023 20:35:18 GMT

GET
H2 206 img_1371_mov_dvd.audio.mp4 Show response
videos.files.wordpress.com/xBxg03xe/ Frame E039 95 KB
95 KB 212ms
212ms XHR
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/xBxg03xe/img_1371_mov_dvd.audio.mp4

Requested by

Host: v0.wordpress.com
URL: https://v0.wordpress.com/js/videojs/videopress-routes.min.js?m=1675959561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

427eef88c2d9c68f28ee1a99fb8e237dbcdc8c7e2e598ad583a3bc6942e3a9bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://videopress.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=711-97803

Response headers

x-nc: MISS yyz 3
date: Thu, 16 Mar 2023 15:45:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 21 Aug 2022 23:13:26 GMT
server: nginx
vary: Origin
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 711-97803/308840
Content-Length: 97093
expires: Sun, 23 Apr 2023 20:35:18 GMT

GET
H2 200 webmssdk_ex.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/ttweb_webmssdk_ex/1.0.0.28/ Frame E922 475 KB
150 KB 37ms
37ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/ttweb_webmssdk_ex/1.0.0.28/webmssdk_ex.js
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b407aa623a088cc294558a9bfd8aaf7031231fc32d6abbece34bc1aafba19e32

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f7b19
date: Thu, 16 Mar 2023 15:45:06 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: zMttJm6lvh5TMlvoutiwdQ==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
last-modified: Mon, 20 Feb 2023 11:36:27 GMT
opc-request-id: iad-1:Pdgf_ccInimrato2FlgsiQ2OGE_qwDPW1PObbNnG2cXA7LITuCGL8q42OmM45RP-
x-api-id: native
etag: 1204fe26-0fdd-4938-a4e0-833f56b64816
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: b21fa691-6803-40f0-b5f5-f13a812a5540
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:06 GMT

GET
H2 200 / Show response
www.tiktok.com/api/recommend/embed_videos/ Frame 846A 38 KB
14 KB 1554ms
1554ms Fetch
application/json 23.204.152.11
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiktok.com/api/recommend/embed_videos/?aid=1284&count=24&secUid=MS4wLjABAAAAyFUOIk-C0u-BvmoT9oTcIfBfnJsmThi5XuEK7dEoeH6nnOvqZHk41nmzVtWSb4j_&lang=en-US&msToken=&X-Bogus=DFSzswSOjesANSYKtclta-Veov49&_signature=_02B4Z6wo00001JX0T0AAAIDBG3mJ9UW2sSCV9EvAAEFybb

Requested by

Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.204.152.11 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-204-152-11.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

0785592bada1722517b7ae15f56a0585a6f00932aa8be72876dcdea583de1471

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/embed/v2/7126947579505429765?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 6a24854
strict-transport-security: max-age=31536000
content-encoding: br
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
bd-tt-error-code: 0
tt_stable: 1
x-cache: TCP_MISS from a23-46-157-11.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
server-timing: inner; dur=1444, cdn-cache; desc=MISS, edge; dur=0, origin; dur=1454
pragma: no-cache
server: nginx
x-tt-logid: 20230316154506FB1EEAF313759F2B5AC1
content-type: application/json
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 1454,23.46.157.11
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9ea8857b1194add93b627dabadad8701aa1527f31986af9fa707d9dbd8de9f8e8d6d2492afccde42398e87314c19d6c8deea977f03152b63f7a169d568dad2024933f680c35cd4b689a3f18c4bb451eef
expires: Thu, 16 Mar 2023 15:45:08 GMT

POST
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame 846A 0
0 110ms
31ms Ping
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame 846A 0
0 139ms
61ms Ping
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 / Show response
www.tiktok.com/api/recommend/embed_videos/ Frame E922 39 KB
14 KB 1445ms
1444ms Fetch
application/json 23.204.152.11
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiktok.com/api/recommend/embed_videos/?aid=1284&count=24&secUid=MS4wLjABAAAAyFUOIk-C0u-BvmoT9oTcIfBfnJsmThi5XuEK7dEoeH6nnOvqZHk41nmzVtWSb4j_&lang=en-US&msToken=&X-Bogus=DFSzswSOjesANSYKtcltaBVeov4H&_signature=_02B4Z6wo00001zyrOhwAAIDCsib8qXoWOpc8qz6AAKtE13

Requested by

Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.204.152.11 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-204-152-11.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

30ca792cdb0a20c5c50ed95ce02efc59246c30ff0c14d551f887b081b074b6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/embed/v2/7126162573690490117?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 6a24864
strict-transport-security: max-age=31536000
content-encoding: br
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
bd-tt-error-code: 0
tt_stable: 1
x-cache: TCP_MISS from a23-46-157-11.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
server-timing: inner; dur=1400, cdn-cache; desc=MISS, edge; dur=0, origin; dur=1410
pragma: no-cache
server: nginx
x-tt-logid: 202303161545061928B62D12E53C2BFBCA
content-type: application/json
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 1410,23.46.157.11
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9ea8857b1194add93b627dabadad8701ae7432d6c4f7f43aeaf8d63bc99e90ae8cdff0e27edead021f22df4df278578b3cdc02313b393ffe7bb6a3f8dd472aa7c6b9c12d4a7bfaf1d28cebde3c063a6f6
expires: Thu, 16 Mar 2023 15:45:08 GMT

GET
H2 200 / Show response
www.tiktok.com/api/recommend/embed_videos/ Frame 8501 38 KB
14 KB 1403ms
1403ms Fetch
application/json 23.204.152.11
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiktok.com/api/recommend/embed_videos/?aid=1284&count=24&secUid=MS4wLjABAAAAyFUOIk-C0u-BvmoT9oTcIfBfnJsmThi5XuEK7dEoeH6nnOvqZHk41nmzVtWSb4j_&lang=en-US&msToken=&X-Bogus=DFSzswSOjesANSYKtcltaBVeov4H&_signature=_02B4Z6wo00001mlcgoAAAIDD59FENUWW0AppXIYAAP5T8c

Requested by

Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.204.152.11 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-204-152-11.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

fcd5f958e42bb819daefe2c5988b207664b1dbeb1a59568a59c315f9ae16ca1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/embed/v2/7126810552805887237?lang=en-US&referrer=https%3A%2F%2Fmyreturnticket.ca%2F&embedFrom=oembed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 6a2487c
strict-transport-security: max-age=31536000
content-encoding: br
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
bd-tt-error-code: 0
tt_stable: 1
x-cache: TCP_MISS from a23-46-157-11.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
server-timing: inner; dur=1360, cdn-cache; desc=MISS, edge; dur=1, origin; dur=1371
pragma: no-cache
server: nginx
x-tt-logid: 20230316154506CBAFD33129FE732A02D0
content-type: application/json
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 1372,23.46.157.11
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9ea8857b1194add93b627dabadad8701ad243a174297e9d704fc027a9bc7d7022a010e5ae9b175e9c81aca2303e877651cb56d8885f1fd975abb5de453603b707b638ab64ccd4fe89e680ebce73c90c9f
expires: Thu, 16 Mar 2023 15:45:08 GMT

POST
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame E922 0
0 71ms
30ms Ping
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame E922 0
0 78ms
31ms Ping
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame 8501 0
0 78ms
33ms Ping
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame 8501 0
0 98ms
54ms Ping
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame B847 2 KB
3 KB 21ms
19ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=27575773&p=156344&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 4667bb8eeb34282aec017941d056502a4a53f958c711d79fead0b943f568ed7a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Thu, 16 Mar 2023 15:45:06 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame E204 28 B
50 B 43ms
42ms XHR
application/json 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/837bca82/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
X-Goog-Request-Time: 1678981507288
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/nimv_DfBYTc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent
X-YouTube-Client-Version: 1.20230312.00.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtVQ3Rrb1VFUTRZQSj78sygBg%3D%3D
X-YouTube-Ad-Signals: dt=1678981500149&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C222%2C314&vis=1&wgl=true&ca_type=image&bid=ANyPxKq2etqJvZrUT6R4nz6FQQrOIEOrN-bkwKco_pmfRnsg84ndSFkm4wi5IyEOux1VMfIP39hSuOrOlh9b9Yg-dH6p8KWwhA

Response headers

date: Thu, 16 Mar 2023 15:45:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0

GET
H2 200 devtools.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/ Frame E922 35 KB
11 KB 19ms
19ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/devtools.js?globalName=__PNS_RUNTIME__&__PNS_SW_CACHE__=1&__PNS_SW_CACHE_KEY__=to-json-schema
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/core.js?globalName=__PNS_RUNTIME__
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a28299bebe468622310c700bf1e596eaadd1fb001917fc409f13c434de9f077c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f7d30
date: Thu, 16 Mar 2023 15:45:07 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: qqgQKyMyqxCY0VVT/7ywkg==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 10213
last-modified: Wed, 08 Mar 2023 04:15:10 GMT
opc-request-id: iad-1:V0fPScEQxVR11BI7H13RP4MUvm52w5HsihaKZyo4ATTM1kK2EfvOJ_GCgIRcZUlm
x-api-id: native
etag: eed42376-86ad-4f80-a7cc-9d155394a917
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: 286ab544-75a1-4ce1-8904-c90794c0d2ed
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:07 GMT

GET
H2 200 devtools.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/ Frame 846A 35 KB
11 KB 22ms
21ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/devtools.js?globalName=__PNS_RUNTIME__&__PNS_SW_CACHE__=1&__PNS_SW_CACHE_KEY__=to-json-schema
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/core.js?globalName=__PNS_RUNTIME__
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a28299bebe468622310c700bf1e596eaadd1fb001917fc409f13c434de9f077c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f7d37
date: Thu, 16 Mar 2023 15:45:07 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: qqgQKyMyqxCY0VVT/7ywkg==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 10213
last-modified: Wed, 08 Mar 2023 04:15:10 GMT
opc-request-id: iad-1:V0fPScEQxVR11BI7H13RP4MUvm52w5HsihaKZyo4ATTM1kK2EfvOJ_GCgIRcZUlm
x-api-id: native
etag: eed42376-86ad-4f80-a7cc-9d155394a917
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: 286ab544-75a1-4ce1-8904-c90794c0d2ed
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:07 GMT

POST
H/1.1 200
OK list Show response
mcs-va.tiktok.com/v1/ Frame 846A 21 B
1 KB 39ms
38ms XHR
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 787abd6ff6fcd7934e6aa6c400ed253127ca1c23f1f5f1d77843e0f76afe06bf

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 99f6d93
Date: Thu, 16 Mar 2023 15:45:07 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Server-Timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=12
Connection: keep-alive
Content-Length: 21
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545063592E767C17F2D79FE8D
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 12,23.40.16.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402e7c014e4b83affc172baaf510fe59e8f6267b702d6a257316408cde63dba7e6793f0a4bd9a197adcd43cf2a801fb31b5056fb3097271ddff92e704206df96406
Expires: Thu, 16 Mar 2023 15:45:07 GMT

OPTIONS
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame 0
0 39ms
38ms Preflight 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Max-Age: 1800
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:07 GMT
Expires: Thu, 16 Mar 2023 15:45:07 GMT
Pragma: no-cache
Server: nginx
Server-Timing: inner; dur=3 cdn-cache; desc=MISS, edge; dur=1, origin; dur=13
X-Akamai-Request-ID: 99f6689
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 14,23.40.16.22
X-Tt-Logid: 202303161545063592E767C17F2D79FE84
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402e7c014e4b83affc172baaf510fe59e8f6267b702d6a257316408cde63dba7e670507c4851f6e870aa657d546709b12476f63944cb7c81124c8a223d21ab870a0
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 devtools.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/ Frame 8501 35 KB
11 KB 24ms
20ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/devtools.js?globalName=__PNS_RUNTIME__&__PNS_SW_CACHE__=1&__PNS_SW_CACHE_KEY__=to-json-schema
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok_privacy_protection_framework/loader/1.0.0.185/core.js?globalName=__PNS_RUNTIME__
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a28299bebe468622310c700bf1e596eaadd1fb001917fc409f13c434de9f077c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f7d55
date: Thu, 16 Mar 2023 15:45:07 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: qqgQKyMyqxCY0VVT/7ywkg==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 10213
last-modified: Wed, 08 Mar 2023 04:15:10 GMT
opc-request-id: iad-1:V0fPScEQxVR11BI7H13RP4MUvm52w5HsihaKZyo4ATTM1kK2EfvOJ_GCgIRcZUlm
x-api-id: native
etag: eed42376-86ad-4f80-a7cc-9d155394a917
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: 286ab544-75a1-4ce1-8904-c90794c0d2ed
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:07 GMT

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 5EB7
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:p7n9V5AJ1PCPMM5&gdpr=0&gdpr_consent=

42 B
376 B

26ms
26ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:p7n9V5AJ1PCPMM5&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:06 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:06 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:p7n9V5AJ1PCPMM5&gdpr=0&gdpr_consent=
Pragma: no-cache
Server: PingMatch/v2.0.30-770-gc22eae1#rel-ec2-master i-0231cb64a9a2a4c51@us-east-1b@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2BE4
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

32ms
31ms

Document
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Thu, 16 Mar 2023 15:45:07 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H/1.1

200
OK

pbmtc.gif Show response
beacon.lynx.cognitivlabs.com/ Frame 1E63
Redirect Chain

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=028f34c1-613f-4461-8691-942c34e57cc7&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=$...
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81

42 B
497 B

29ms
25ms

Document
image/gif

54.172.82.93
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.82.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-82-93.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Content-Length: 42
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:07 GMT
Server: Kestrel

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:06 GMT
location: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame FB38
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=TcSDncZYV45wrB3TZQ5UTZU4mbQ&gdpr=0&gdpr_consent=

42 B
320 B

42ms
28ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=TcSDncZYV45wrB3TZQ5UTZU4mbQ&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 188
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:07 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=TcSDncZYV45wrB3TZQ5UTZU4mbQ&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame C6F5
Redirect Chain

https://ums.acuityplatform.com/tum?umid=6
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=755368169996

42 B
209 B

46ms
43ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=755368169996
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Content-Length: 0
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=755368169996

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 1C13
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
416 B

131ms
98ms

Document
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 7a8e1f16aca9ca4f-YUL
content-length: 43
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 302

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 7a8e1f15cbc1ca4f-YUL
content-type: text/html
date: Thu, 16 Mar 2023 15:45:07 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 206
x-reuse-index: 1118

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 5455
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2272419832
https://sync.1rx.io/usersync/tradedesk/3d9ac594-fe09-4c7e-87b5-bf29cab7004f
https://sync.targeting.unrulymedia.com/csync/RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005

42 B
255 B

30ms
24ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Type: text/html
Date: Thu, 16 Mar 2023 15:45:07 GMT
ETag: RXd2b454e6c1714964968292313ebf9f6a005
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame EDCC
Redirect Chain

https://ad.mrtnsvr.com/sync/pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=fi7GcUNap

42 B
206 B

30ms
25ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=fi7GcUNap
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:06 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=fi7GcUNap
vary: Origin
via: 1.1 google

GET
H/1.1 200 usersync Show response
usersync.gumgum.com/ Frame CB8E 35 B
250 B 45ms
28ms Document
image/gif 3.213.224.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=pbm&i=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.213.224.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-199.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:07 GMT
Expires: 0
Pragma: no-cache

GET
H3

200

396846.gif
idsync.rlcdn.com/ Frame A758
Redirect Chain

https://idsync.rlcdn.com/712188.gif?partner_uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=c403af17-3e43-4d68-8824-d30aecdb89e9

42 B
60 B

71ms
54ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=c403af17-3e43-4d68-8824-d30aecdb89e9
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:07 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Thu, 16 Mar 2023 15:45:07 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=c403af17-3e43-4d68-8824-d30aecdb89e9
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 tpid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
bcp.crwdcntrl.net/map/c=14701/tp=MTAI/ Frame A758 49 B
264 B 71ms
40ms Image
image/gif 18.210.31.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/c=14701/tp=MTAI/tpid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.210.31.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-31-252.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:07 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.6.89
content-length: 49
expires: 0

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame A758 95 B
123 B 76ms
58ms Image
image/png 34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=3203&partner_device_id=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame A758 43 B
109 B 211ms
84ms Image
image/gif 54.172.237.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=20909&user_id=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.237.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-237-109.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:07 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

sn.ashx
pmp.mxptint.net/ Frame A758
Redirect Chain

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B341_FFA08470_53A62AD8&r=https://pmp.mxptint.net/sn.ashx?ak=1
https://pmp.mxptint.net/sn.ashx?ak=1

43 B
266 B

68ms
65ms

Image
image/gif

204.2.255.233
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pmp.mxptint.net/sn.ashx?ak=1

Requested by

Protocol

HTTP/1.1

Server

204.2.255.233 Beaverton, United States, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=-361968307; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: -1
Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:07 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=-361968307; includeSubDomains
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://pmp.mxptint.net/sn.ashx?ak=1
date: Thu, 16 Mar 2023 15:45:07 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A758
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671

42 B
219 B

50ms
47ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D25%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8357322694280695671
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/111/ Frame E204 50 KB
15 KB 31ms
26ms Script
text/javascript 2607:f8b0:4006:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/111/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a312de5d5df23f9f480daa5837af8b88f77bb83c0ad3f04d474a449d43e7859

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 19:40:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72305
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14872
x-xss-protection: 0
last-modified: Mon, 16 Jan 2023 16:05:49 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Thu, 16 Mar 2023 19:40:02 GMT

POST
H/1.1 200
OK list Show response
mcs-va.tiktok.com/v1/ Frame E922 21 B
1 KB 46ms
41ms XHR
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 787abd6ff6fcd7934e6aa6c400ed253127ca1c23f1f5f1d77843e0f76afe06bf

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 99f6e0b
Date: Thu, 16 Mar 2023 15:45:07 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Server-Timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=2, origin; dur=13
Connection: keep-alive
Content-Length: 21
Pragma: no-cache
Server: nginx
X-Tt-Logid: 20230316154506545F1C75143CA3E75938
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 14,23.40.16.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402a593b8de7a438298d022253ca87c7256c6c413ebcc8b43e21de291b6ccbbe0019be7e5db30ed21e835eb18b6744d741c0320bbdba4ff5683222695181f88ecdb
Expires: Thu, 16 Mar 2023 15:45:07 GMT

OPTIONS
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame 0
0 39ms
37ms Preflight 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Max-Age: 1800
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:07 GMT
Expires: Thu, 16 Mar 2023 15:45:07 GMT
Pragma: no-cache
Server: nginx
Server-Timing: inner; dur=2 cdn-cache; desc=MISS, edge; dur=1, origin; dur=12
X-Akamai-Request-ID: 99f6dc6
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 12,23.40.16.22
X-Tt-Logid: 202303161545063592E767C17F2D79FE99
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402e7c014e4b83affc172baaf510fe59e8f6267b702d6a257316408cde63dba7e67d430759b2c60a7779b8008b56ef097d3007748f57d5a3548f3890c5b53fc63fc
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H/1.1 200
OK list Show response
mcs-va.tiktok.com/v1/ Frame 8501 21 B
1 KB 54ms
52ms XHR
application/json 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 787abd6ff6fcd7934e6aa6c400ed253127ca1c23f1f5f1d77843e0f76afe06bf

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

X-Akamai-Request-ID: 99f6e3f
Date: Thu, 16 Mar 2023 15:45:07 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Server-Timing: inner; dur=1, cdn-cache; desc=MISS, edge; dur=1, origin; dur=9
Connection: keep-alive
Content-Length: 21
Pragma: no-cache
Server: nginx
X-Tt-Logid: 20230316154506545F1C75143CA3E7593F
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 9,23.40.16.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402a593b8de7a438298d022253ca87c7256c6c413ebcc8b43e21de291b6ccbbe0012f4f5826f4d5fd3931706a07bddd666987f4dc99d3bfa1ea8ddb575b388d6241
Expires: Thu, 16 Mar 2023 15:45:07 GMT

OPTIONS
H/1.1 200
OK list
mcs-va.tiktok.com/v1/ Frame 0
0 73ms
54ms Preflight 23.34.59.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcs-va.tiktok.com/v1/list
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.22 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-22.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, OPTIONS, HEAD, PUT, POST
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Max-Age: 1800
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:07 GMT
Expires: Thu, 16 Mar 2023 15:45:07 GMT
Pragma: no-cache
Server: nginx
Server-Timing: inner; dur=2 cdn-cache; desc=MISS, edge; dur=0, origin; dur=13
X-Akamai-Request-ID: 99f662f
X-Cache: TCP_MISS from a23-40-16-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Origin-Response-Time: 13,23.40.16.22
X-Tt-Logid: 202303161545063592E767C17F2D79FE9F
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9eaa2d58ad49f99cf32d3a9e87b70f402e7c014e4b83affc172baaf510fe59e8f6267b702d6a257316408cde63dba7e67e71bb88c777827b1f873ceb9c1eff65e1e27cd047188c0ac528a824b8eed48c5
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame A3E1 1 KB
2 KB 34ms
32ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=6789732&p=156423&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: d3b435390b2a5f36a9447eda0ccbaa07e7164f0ece669e245db449c3f3f04feb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Thu, 16 Mar 2023 15:45:06 GMT
content-length: 1320
content-type: text/html; charset=UTF-8

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 936E 0
128 B 35ms
27ms Script
text/plain 8.28.7.84
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D11%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:06 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

OPTIONS
H2 200 browser-settings
mon-va.byteoversea.com/monitor_web/settings/ Frame 0
0 33ms
32ms Preflight
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=webmssdk&store=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-origin: https://www.tiktok.com
access-control-max-age: 600
access-control-request-method: POST,GET,OPTIONS
cache-control: public, max-age=600
content-encoding: gzip
content-length: 384
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=3 inner; dur=1
upstream-caught: 1678981507700325
vary: Origin, Accept-Encoding
x-akamai-request-id: 7574dc8.30f576e
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-38.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 3,23.40.62.38
x-parent-response-time: 12,23.46.157.15
x-tt-logid: 202303161545068E77DA1BC3EF77CEE1AA
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e278577fa4abc941a9eb9febbd273725924658aeb7506c0beea9a26d2c02e79a0079a4e71c3c563c993c5db5f6519bf6d8ae8ecfc024203c3bfe261459fd97e4659b8d273bc5626b2000dd4b39b042fcd
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 browser-settings Show response
mon-va.byteoversea.com/monitor_web/settings/ Frame 8501 1 KB
1 KB 62ms
61ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=webmssdk&store=1
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 513c743030d6d436282807ba5998d6b35c550e3bb1d198e3084da2337d69311b

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: f748c6f.30f5778
date: Thu, 16 Mar 2023 15:45:07 GMT
access-control-request-method: POST,GET,OPTIONS
content-encoding: gzip
upstream-caught: 1678981507745106
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 41,23.46.157.15
server-timing: cdn-cache; desc=MISS, edge; dur=25, origin; dur=16, inner; dur=1
content-length: 388
server: nginx
x-tt-logid: 20230316154506F19AE1C527FE75CF04B8
x-cache-remote: TCP_MISS from a23-43-56-127.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.tiktok.com
cache-control: public, max-age=600
access-control-allow-credentials: true
x-origin-response-time: 16,23.43.56.127
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e79f35c995fd0da6c76eb77c4aaea7a2d1f4b3b923fb79fbb9f73f8969d1d0088497897fd41240830cda51a329f1c1f535fccca228e51d5ec90285604eed30816e8d668d0a937be274715bb4d34712e7f
access-control-allow-headers: Content-Type

GET
H2 200 browser-settings Show response
mon-va.byteoversea.com/monitor_web/settings/ Frame 846A 1 KB
1 KB 38ms
37ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=webmssdk&store=1
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b7cccc373c605e392385aa245428f422d90b715d85a7376ebc4afe1e6882a018

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 5fff2f9.30f5798
date: Thu, 16 Mar 2023 15:45:07 GMT
access-control-request-method: POST,GET,OPTIONS
content-encoding: gzip
upstream-caught: 1678981507811415
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 17,23.46.157.15
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=8, inner; dur=4
content-length: 382
server: nginx
x-tt-logid: 2023031615450672304C39AE55F4C70917
x-cache-remote: TCP_MISS from a23-40-62-22.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.tiktok.com
cache-control: public, max-age=600
access-control-allow-credentials: true
x-origin-response-time: 8,23.40.62.22
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e7f8377e7cc5281bf2fb6e65cb250b06109fd8a35b852fe4bdc6230c5c8c056718186a51eaeb0a8c343840bb8fefa883f6ef61a2912f9e678ca742981d1239b57c3f54e1457ba76bba4ff9465e59d5974
access-control-allow-headers: Content-Type

OPTIONS
H2 200 browser-settings
mon-va.byteoversea.com/monitor_web/settings/ Frame 0
0 51ms
50ms Preflight
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=webmssdk&store=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-origin: https://www.tiktok.com
access-control-max-age: 600
access-control-request-method: POST,GET,OPTIONS
cache-control: public, max-age=600
content-encoding: gzip
content-length: 387
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=12, origin; dur=12 inner; dur=1
upstream-caught: 1678981507770642
vary: Origin, Accept-Encoding
x-akamai-request-id: eb9c044.30f577f
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-43-56-111.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 12,23.43.56.111
x-parent-response-time: 24,23.46.157.15
x-tt-logid: 202303161545067C9E8A1AD8396BCA2968
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e29d553c6858de80c527279c8b3235baddf991785bf05cf8b175e98c71b96e14365358a8f965f7dba1e16c06fbb85aa363a4de2cae8d1acc2a2422bd2de63b4d6ec3a4ef80b91a49a881527b97e5f6f41
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 browser-settings Show response
mon-va.byteoversea.com/monitor_web/settings/ Frame E922 1 KB
1 KB 34ms
33ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=webmssdk&store=1
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 337addd9aa9a16c1bfb46b340d14a9bdb5f674a4c8c5fb7c6710b53c43c33b27

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 3b46e8d.30f57a2
date: Thu, 16 Mar 2023 15:45:07 GMT
access-control-request-method: POST,GET,OPTIONS
content-encoding: gzip
upstream-caught: 1678981507832022
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 14,23.46.157.15
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=5, inner; dur=1
content-length: 388
server: nginx
x-tt-logid: 20230316154506ED6A24E6F803BCCAC5A5
x-cache-remote: TCP_MISS from a23-40-62-55.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.tiktok.com
cache-control: public, max-age=600
access-control-allow-credentials: true
x-origin-response-time: 5,23.40.62.55
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e31e5c4f7706cde0ff16c20d885104de2ba0cb027576e59ef35b1349aca5984c9797daaf52ad32135dbb56210d307cd71f7d7b6a85e2da0b857ef1cc6926d1b4ab0d05a67d410936274de18126d67b2a7
access-control-allow-headers: Content-Type

OPTIONS
H2 200 browser-settings
mon-va.byteoversea.com/monitor_web/settings/ Frame 0
0 32ms
30ms Preflight
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_web/settings/browser-settings?bid=webmssdk&store=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-origin: https://www.tiktok.com
access-control-max-age: 600
access-control-request-method: POST,GET,OPTIONS
cache-control: public, max-age=600
content-encoding: gzip
content-length: 387
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=4 inner; dur=1
upstream-caught: 1678981507796842
vary: Origin, Accept-Encoding
x-akamai-request-id: 1477b1b.30f5794
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-78.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 4,23.40.62.78
x-parent-response-time: 12,23.46.157.15
x-tt-logid: 2023031615450621A7BB22ECA3E1D2331E
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e1a9944b1cf2b373887601db286516ddaed1e22b11f7232d0602b66518fdd617adc7c938b4a587873d6bfccd9666b46085d53a770c980680c9f9633981ece429e
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame B8FC 0
128 B 27ms
26ms Script
text/plain 8.28.7.84
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156204&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156204&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:07 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame F0A9
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:p7n9V5AJ1PCPMM5&gdpr=0&gdpr_consent=

42 B
247 B

45ms
25ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:p7n9V5AJ1PCPMM5&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 15:45:07 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:p7n9V5AJ1PCPMM5&gdpr=0&gdpr_consent=
Pragma: no-cache
Server: PingMatch/v2.0.30-770-gc22eae1#rel-ec2-master i-08113390c6cc63145@us-east-1d@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 8257
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

36ms
35ms

Document
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Thu, 16 Mar 2023 15:45:07 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H/1.1

200
OK

pbmtc.gif Show response
beacon.lynx.cognitivlabs.com/ Frame 514A
Redirect Chain

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=e9a25b29-a600-4282-9245-484b9eb85153&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=$...
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81

42 B
489 B

33ms
26ms

Document
image/gif

54.172.82.93
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.82.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-82-93.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Content-Length: 42
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:07 GMT
Server: Kestrel

Redirect headers

cache-control: no-store, no-cache, private
date: Thu, 16 Mar 2023 15:45:07 GMT
location: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame C369
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=TcSDncZYV45wrB3TZQ5UTZU4mbQ&gdpr=0&gdpr_consent=

42 B
97 B

32ms
27ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=TcSDncZYV45wrB3TZQ5UTZU4mbQ&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 188
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2023 15:45:07 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=TcSDncZYV45wrB3TZQ5UTZU4mbQ&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame BFB1
Redirect Chain

https://ums.acuityplatform.com/tum?umid=6
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=755368186129

42 B
210 B

33ms
28ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=755368186129
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Content-Length: 0
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=755368186129

GET
H2 200 i.match Show response
a.tribalfusion.com/ Frame 8AD2 43 B
387 B 98ms
97ms Document
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 7a8e1f180e25ca4f-YUL
content-length: 43
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 302

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 95B0
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.mathtag.com/sync/img?mt_exid=74&redir=https%3A%2F%2Fsync.1rx.io%2Fusersync3%2Fmediamathtest%2F1508%2F%5BMM_UUID%5D%3Fzcc%3D0%26sspret%3D1&rndcb=7834172041
https://sync.1rx.io/usersync3/mediamathtest/1508/e7ef6413-397c-4900-b930-b5f1dddc2b71?zcc=0&sspret=1
https://sync.targeting.unrulymedia.com/csync/RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005

42 B
97 B

25ms
25ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Type: text/html
Date: Thu, 16 Mar 2023 15:45:08 GMT
ETag: RXd2b454e6c1714964968292313ebf9f6a005
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame DFD8
Redirect Chain

https://ad.mrtnsvr.com/sync/pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=fi7GcUNap

42 B
206 B

29ms
26ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=fi7GcUNap
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=fi7GcUNap
vary: Origin
via: 1.1 google

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame C20D
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=3wiLY6BODK2N0x6YhDkTZA

42 B
280 B

27ms
27ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=3wiLY6BODK2N0x6YhDkTZA
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:08 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:08 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=3wiLY6BODK2N0x6YhDkTZA
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame 4108 43 B
369 B 4629ms
4554ms Document
image/gif 35.186.193.173
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 173.193.186.35.bc.googleusercontent.com
Software: Apache-Coyote/1.1 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Thu, 16 Mar 2023 15:45:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
via: 1.1 google

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 8F94
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=c2fdb966-d9f3-49f0-99f8-5b63e31eb9bb

1 B
72 B

37ms
36ms

Document
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=c2fdb966-d9f3-49f0-99f8-5b63e31eb9bb
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:08 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Thu, 16 Mar 2023 15:45:08 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=c2fdb966-d9f3-49f0-99f8-5b63e31eb9bb
strict-transport-security: max-age=15724800; includeSubDomains

GET
H/1.1 204
No Content pub
matching.truffle.bid/sync/ Frame F37F 0
0 336ms
99ms Document
text/plain 23.88.86.2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.88.86.2 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.2.86.88.23.clients.your-server.de

Software

nginx/1.23.1 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Date: Thu, 16 Mar 2023 15:45:08 GMT
Server: nginx/1.23.1
Strict-Transport-Security: max-age=15768000

GET
H2 204 services
sync.technoratimedia.com/ Frame 1A53 0
0 48ms
30ms Document
text/plain 2603:c020:400d:3000:7130:bb0b:d7e:bee2
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=45&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2603:c020:400d:3000:7130:bb0b:d7e:bee2 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: POST,GET,HEAD,OPTIONS
access-control-allow-origin: https://ads.pubmatic.com/
age: 0
date: Thu, 16 Mar 2023 15:45:07 GMT
server: nginx
via: 1.1 varnish
x-varnish: 822889921

GET
H/1.1

200
OK

sync
x.bidswitch.net/ Frame B847
Redirect Chain

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
https://mid.rkdms.com/bct?pid=bcccb40a-06d2-44fe-bdd2-a91ef4a5bfd0&&puid=e50a6acc-ab9c-4036-a28e-b4d4abf4d276&liid=&_ct=im
https://i.liadm.com/s/19948?bidder_id=178256&bidder_uuid=99735d0ae76c66c5b1089dab49097d14
https://x.bidswitch.net/sync?dsp_id=42&user_id=

43 B
235 B

39ms
37ms

Image
image/gif

35.211.178.172
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=42&user_id=
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 35.211.178.172 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 172.178.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/sync?dsp_id=42&user_id=
Date: Thu, 16 Mar 2023 15:45:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 2

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame B847
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=4BA59E21-32B2-424E-991B-86C3DF8ACE81
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=7ff921e5-25b0-4e04-b3af-8fa1c58c64b2%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&ttd_puid=7ff921e5-25b0-4e04-b3af-8fa1c58c64b2%2C%2C

95 B
123 B

93ms
87ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&ttd_puid=7ff921e5-25b0-4e04-b3af-8fa1c58c64b2%2C%2C

Requested by

Host: myreturnticket.ca
URL: https://myreturnticket.ca/

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:08 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&ttd_puid=7ff921e5-25b0-4e04-b3af-8fa1c58c64b2%2C%2C
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 359

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame B847
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:4BA59E21-32B2-424E-991B-86C3DF8ACE81
https://io.narrative.io/?io.narrative.guid.v2=872f5e30-c411-11ed-b41e-0ee5b27fb8ad&companyId=673&id=pubmatic_id:4BA59E21-32B2-424E-991B-86C3DF8ACE81

0
247 B

25ms
24ms

Image
text/plain

44.193.60.178
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=872f5e30-c411-11ed-b41e-0ee5b27fb8ad&companyId=673&id=pubmatic_id:4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 44.193.60.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-193-60-178.compute-1.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:08 GMT
Cache-Control: no-cache
Server: nginx/1.22.1
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=872f5e30-c411-11ed-b41e-0ee5b27fb8ad&companyId=673&id=pubmatic_id:4BA59E21-32B2-424E-991B-86C3DF8ACE81
Date: Thu, 16 Mar 2023 15:45:07 GMT
Server: nginx/1.22.1
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200

p
a.audrte.com/ Frame B847
Redirect Chain

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=Y2kwSjV2Nno0a1ZUcTZTVFRhaWxhcDdqZw==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL...
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/a?adform_uid=8357322694280695671&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D
https://a.audrte.com/p

68 B
424 B

29ms
27ms

Image
image/png

35.172.92.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Server: 35.172.92.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-92-2.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 15:45:09 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Thu, 16 Mar 2023 15:45:08 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK cookiesync Show response
core.iprom.net/ Frame 3DDB 43 B
281 B 514ms
125ms Document
image/gif 195.5.165.20
IPROM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: close
Content-Length: 43
Content-Type: image/gif
Date: Thu, 16 Mar 2023 15:45:08 GMT
Vary: Accept-Encoding
X-adserver-worker: ragnarok-986df1ee4416@version_1.536v2
X-core-time: 0ms
X-server-arch: v2

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame FB53
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:AA77F830412244B9A960431CFB8DC128&gdpr=0&gdpr_consent=

1 B
53 B

25ms
24ms

Document
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:AA77F830412244B9A960431CFB8DC128&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Thu, 16 Mar 2023 15:45:08 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Thu, 16 Mar 2023 15:45:08 GMT
expires: Wed, 15 Mar 2023 15:45:08 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:AA77F830412244B9A960431CFB8DC128&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6627
Redirect Chain

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7322679081744262523&uid=Q732267908174426...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7322679081744262523

42 B
95 B

27ms
26ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7322679081744262523
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:07 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Cache-Control: max-age=71915
Connection: keep-alive
Content-Length: 154
Content-Type: text/html
Date: Thu, 16 Mar 2023 15:45:08 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7322679081744262523
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: Apache/2.4.6 (CentOS)
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.33

GET
H3 200 match Show response
events-ssc.33across.com/ Frame 2888 68 B
82 B 27ms
27ms Document
image/png 34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=25&external_user_id=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png
date: Thu, 16 Mar 2023 15:45:08 GMT
via: 1.1 google

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame A3E1 43 B
656 B 29ms
27ms Image
image/gif 52.85.61.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=4BA59E21-32B2-424E-991B-86C3DF8ACE81
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-93.ewr53.r.cloudfront.net
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:08 GMT
via: 1.1 6e01480ef7aa01c23bf600698a613304.cloudfront.net (CloudFront)
server: AAWebServer
x-amz-cf-pop: EWR53-P1
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-cache: Miss from cloudfront
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
x-amz-cf-id: ttwfvckvMKeoxqYUUhcyEMxxnhLBB9Nc2R5pSDBHh9l4OVkRQrMjlg==
expires: 0

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame A3E1
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=4BA59E21-32B2-424E-991B-86C3DF8ACE81&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=4BA59E21-32B2-424E-991B-86C3DF8ACE81&sInitiator=external&gdpr=0&gdpr_consent=

42 B
604 B

35ms
35ms

Image
image/gif

50.57.31.206
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=4BA59E21-32B2-424E-991B-86C3DF8ACE81&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: HTTP/1.1
Server: 50.57.31.206 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:08 GMT
Frontend-ID: 13
P3P: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
Content-Type: image/gif
UIP-Response-Status: Ok
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Origin: *
Content-Length: 42
Routing-Server-ID: -1
Expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 15:45:08 GMT
Frontend-ID: 8
P3P: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
Location: /pubmatic/1/info2?sType=sync&sExtCookieId=4BA59E21-32B2-424E-991B-86C3DF8ACE81&sInitiator=external&gdpr=0&gdpr_consent=
UIP-Response-Status: Ok
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Content-Length: 0
Routing-Server-ID: -1
Expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

202

Artemis
aud.pubmatic.com/AdServer/ Frame A3E1
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&addseg=10,33,39

0
0

161ms
51ms

Image
application/json

162.248.18.10
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&addseg=10,33,39
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H2
Server: 162.248.18.10 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Redirect headers

date: Thu, 16 Mar 2023 15:45:08 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=4BA59E21-32B2-424E-991B-86C3DF8ACE81&addseg=10,33,39
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H2

200

mw
mwzeom.zeotap.com/ Frame A3E1
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=4BA59E21-32B2-424E-991B-86C3DF8ACE81&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0
https://pixel.onaudience.com/?partner=147&mapped=3d9ac594-fe09-4c7e-87b5-bf29cab7004f&icm&gdpr=0&gdpr_consent=&cver
https://loada.exelator.com/load/?p=1164&g=1&j=r&gdpr=0&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0
https://loada.exelator.com/load/?p=1164&g=1&j=r&gdpr=0&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0&xl8blockcheck=1
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=fbd929def1f1838de93dfe51e6d3f928&gdpr=0
https://spl.zeotap.com/?zdid=1332&zcluid=952214257d33a416
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=b9514cb0-6fd3-4cc0-4165-d12078b4ac31&reqId=1aed641d-20bb-4f76-7940-30102e00ca3a&zclui...
https://mwzeom.zeotap.com/mw?google_gid=CAESEJ7umAve7qB_3bzDaQDOLlw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=b9514cb0-6fd3-4cc0-4165-d12078b4ac31&reqId=1aed641d-20bb-4f76-7940-301...

95 B
186 B

147ms
123ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEJ7umAve7qB_3bzDaQDOLlw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=b9514cb0-6fd3-4cc0-4165-d12078b4ac31&reqId=1aed641d-20bb-4f76-7940-30102e00ca3a&zcluid=952214257d33a416&zdid=1332
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H2
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:10 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 7a8e1f283e5b5a94-IAD
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 15:45:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEJ7umAve7qB_3bzDaQDOLlw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=b9514cb0-6fd3-4cc0-4165-d12078b4ac31&reqId=1aed641d-20bb-4f76-7940-30102e00ca3a&zcluid=952214257d33a416&zdid=1332
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A3E1
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:41a04464-94e4-4efc-9f92-df7de44ad977&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
95 B

48ms
47ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:41a04464-94e4-4efc-9f92-df7de44ad977&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&id=0014000001aXjnGAAS&ru=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D61%26uid%3D33XUSERID33X
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Mar 2023 15:45:08 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:41a04464-94e4-4efc-9f92-df7de44ad977&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Thu, 16 Mar 2023 15:45:08 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

POST
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 846A 0
0 37ms
32ms Fetch
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 100086fd.30f5841
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 13,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=5, inner; dur=3
server: nginx
x-tt-logid: 20230316154507C9A35C5C705B44CB6627
x-cache-remote: TCP_MISS from a23-40-62-31.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 6,23.40.62.31
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e7232a38bfbb1375b6dff90bc852a4f84a2c4ced29f434fb89ec89054e229155b4b2298cd3ae4bbbe835111f1c7c9dac6b9b2168140aa5039343efe59a0fef49a51835e858595b7e660111ab8d3cd0b6b
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 74ms
60ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:08 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=6 inner; dur=3
x-akamai-request-id: 2f82e08.30f5829
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-71.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 6,23.40.62.71
x-parent-response-time: 14,23.46.157.15
x-tt-logid: 20230316154507E99C6900EF3B25CE73AA
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ed7abfdd376523bab21502949c582f64cfc2cc9628b7b266b09fa1ca39dc57d6935b7d13bd3b2ef7d88e63054251ccf6f9f0800522f80f1d51a907242f7c3d519fd40647e35077565800d0d5043e1c86c
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H2 200 img-embed-logo-colorful-6e578f33c94fb378e31eb676c51d6ac2.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame 846A 2 KB
2 KB 64ms
54ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-logo-colorful-6e578f33c94fb378e31eb676c51d6ac2.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6820dc5a852a390b26eaa791f6f9f9b976fa0ba6c17412089b25946d7d9de99c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f8297
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: blePM8lPs3jjHrZ2xR1qwg==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 1134
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:Jzhd_Ui9-inx7UzlQJ1KaY8G6v1V0sRrHNI-HpCRbjmu9HFZS69MLzt9-Ya-aPgD
x-api-id: native
etag: a7955a11-3a85-47fa-a82f-65c819d852be
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 4437ad5d-5a9f-4444-8c80-6508bf3e7f96
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 img-embed-controller-play-50633fd697e3a54c76c42c2a03aab3ea.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame 846A 1 KB
1 KB 42ms
33ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-controller-play-50633fd697e3a54c76c42c2a03aab3ea.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1487bfed1f532d8cff7ec61ac6bb53dc91e8745905444ba4fdb237eb19071cf0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f8298
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: UGM/1pfjpUx2xCwqA6qz6g==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 569
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:8UtxUN7PKt3-vbU5KNvKzMmdU_dcaQfSDAGIiJ9XKpH72T7Ij0jolBoEtVesHOUD
x-api-id: native
etag: e6374b61-df62-4c33-bf97-85676cde2730
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 8e44f0af-aebd-4471-9d7c-94aaa4cc5851
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 ecffb54e95199f56958f72f35dae11d0~c5_100x100.jpeg
p16-sign-va.tiktokcdn.com/tos-maliva-avt-0068/ Frame 846A 3 KB
4 KB 69ms
61ms Image
image/jpeg 23.46.156.171
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p16-sign-va.tiktokcdn.com/tos-maliva-avt-0068/ecffb54e95199f56958f72f35dae11d0~c5_100x100.jpeg?x-expires=1679151600&x-signature=qwMFIXmeu5FO9WPfuYZCU24Hcic%3D
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.156.171 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-46-156-171.deploy.static.akamaitechnologies.com
Software: nginx / ImageX
Resource Hash: 7cf51bb086864575674a8676d4395edfee324b7c906ab0378ca405924c982da9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 44d8fb2.1457de25.2f588371
date: Thu, 16 Mar 2023 15:45:08 GMT
x-crop-loc: (0,1)-(535,536)
x-tt-trace-tag: id=16;cdn-cache=miss;type=static
x-check-cacheable: YES
nw-session-id: 2023031408423376800DE42C5D9B79D773qrpfv21ff
x-powered-by: ImageX
x-cache: TCP_MISS from a23-46-151-171.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-parent-response-time: 7,23.201.44.185, 8,23.215.130.117, 15,23.46.151.171
cross-origin-resource-policy: cross-origin
akamai-mon-iucid-del: 971653
server-timing: cdn-cache; desc=MISS, edge; dur=15, origin; dur=0, inner; dur=1
x-length: 3059
content-length: 3059
last-modified: Tue, 14 Mar 2023 08:42:34 GMT
server: nginx
x-tt-logid: 2023031408423376800DE42C5D9B79D773
x-response-date: Tue, 14 Mar 2023 08:42:34 GMT
x-cache-remote: TCP_MISS from a23-215-130-117.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
content-type: image/jpeg
access-control-allow-origin: *
nw-session-trace: 2023-03-14T08:42:34.336765103Z 110
cache-control: max-age=31337870
x-tt-trace-host: 0163cf2bcd3535d9814a552eebd6dd18c55aa3d68b9e6d3181d303cf2445be1e2f5320deb94d571844583409c9809d150e51a78858130ed7c0671120448eb35dc5ef7cc8132c62b2b07827d57c07a749831893e735bd3b6a9d22e19e79b8c23d08161d36c4402eb7fdd77dd9b23091cb49
imagex-fmt: jpeg2jpeg
timing-allow-origin: *

GET
H2 200 img-embed-banner-comment-d1335fb135de82a0a6b923df2e515c06.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame 846A 1 KB
1 KB 64ms
56ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-banner-comment-d1335fb135de82a0a6b923df2e515c06.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5f5beabf59a0f4c1c28f05dd34047cd1f401f146b85eebbaa7ab8d971f075e64

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f8299
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 0TNfsTXegqCmuSPfLlFcBg==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 498
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:g1uE-fWXWsTCyRP6Bml-6_LU2H9EGYdNPk51Cw3U_iQHlHPXeKJ4Gdxi6nnOJeZo
x-api-id: native
etag: 741220d1-21f1-41de-a0ae-9bcfa9dbeb88
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 71957b74-08f1-40cd-8688-5cb2b05a57fb
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 img-embed-music-26847fc3f0c6f8b667c268b0c0a2bd0f.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame 846A 647 B
1 KB 34ms
28ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-music-26847fc3f0c6f8b667c268b0c0a2bd0f.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d858782d53337cb280fd29487a8c25544984a1abc8619d4fc3535e4458101d1f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f829a
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: JoR/w/DG+LZnwmiwwKK9Dw==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 647
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:Lxe0X7X8zVKoZRB66cySd4cdag_VtlxkZMWNm6Kuq2g-guFxDqoV0lzkjJlAFZuq
x-api-id: native
etag: 6164be3e-ac47-4fcc-b10d-0654f452a254
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 00380622-8470-4dcc-a19a-e6a5d656dd3c
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 sofiapro-regular.otf
lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/ Frame 846A 155 KB
156 KB 191ms
25ms Font
application/font-sfnt 104.126.118.216
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/sofiapro-regular.otf
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.216 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-216.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e145b1a56b822a1f604021905dc0c661a5447c13a569b6424be2abc8c140b668

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2ff848f3
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 83df79xiq+PWX4rXEbw2eg==
x-cache: TCP_MEM_HIT from a104-126-118-212.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-tos-storage-class: Standard
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=5
content-length: 158708
x-tos-request-id: 4f6324581ae69bb1-af54d25
x-tos-response-time: Thu, 14 Apr 2022 13:00:22 GMT
last-modified: Tue, 29 Mar 2022 06:30:26 GMT
server: nginx
etag: "f3775fefdc62abe3d65f8ad711bc367a"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/font-sfnt
access-control-allow-origin: *
cache-control: max-age=776561
access-control-allow-credentials: false
x-tt-trace-host: 01c099b6db4dd0a8c4ad052e86fdd1e07c03a9e20fff3165c14e0fa4ecd66ffd67a7104495bf8a0b6f13d94ab03d8e8bd9e25df3b402ffd3c056017bc2ae6e482a8fdc0232f9573c09ecadf03d7b438a2bd54a92fdfaaa3c2452875aa95f87e85aefc6f917488340eae43abfe7d35e1aa9a642712ffbab5f6df02f7597e9fc1477
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 Proxima-Nova-Semibold.woff2
lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/ Frame 846A 20 KB
21 KB 184ms
19ms Font
font/woff2 104.126.118.216
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/Proxima-Nova-Semibold.woff2
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.216 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-216.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 76680efd61dc1f00144c9af7adb317cc0642fe53282525e7e35806a12e74a084

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2ff848f4
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: Sio5a2TUlhXk5hdYEjB9Lg==
x-cache: TCP_MEM_HIT from a104-126-118-212.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-parent-response-time: 42,23.59.247.55
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=4
content-length: 20428
x-tos-request-id: b02cc99cdb7cbd65639cdb7c-af54426
x-tos-response-time: Fri, 16 Dec 2022 20:56:28 GMT
last-modified: Mon, 28 Nov 2022 03:57:08 GMT
server: nginx
etag: CIHxguz9z/sCEAE=
vary: Accept-Encoding
access-control-max-age: 86400
content-type: font/woff2
access-control-allow-origin: *
access-control-allow-methods: GET,POST
cache-control: max-age=1361430
access-control-allow-credentials: false
x-tt-trace-host: 019727dce3c1acfad986438046fe106d1181095077ae0f0d7a67e2162716564a5ed9d0d24716ccdf86972a5e113012ae6eff934459d42c55f28a26449c1af20aa35da68d011272fd3cee0a8fd74f3331f263a7ceaee00863718a770227d63537ef95252ce2079504adbe9102820427d630
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 Proxima-Nova-Regular.woff2
lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/ Frame 846A 21 KB
22 KB 184ms
20ms Font
font/woff2 104.126.118.216
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/Proxima-Nova-Regular.woff2
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.216 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-216.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 29a734dbe0c87dca942095cf4038b7a2519fb48ff2e06d1f49b8d8854493ac35

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2ff848f5
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: SvWbAmfbEyPKXZVTcUBHkw==
x-cache: TCP_MEM_HIT from a104-126-118-212.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-tos-storage-class: Standard
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=4
content-length: 21908
x-tos-request-id: 96bc26597f0e68e3-af544a3
x-tos-response-time: Fri, 15 Apr 2022 14:19:58 GMT
last-modified: Tue, 29 Mar 2022 06:30:26 GMT
server: nginx
etag: "4af59b0267db1323ca5d955371404793"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=876502
access-control-allow-credentials: false
x-tt-trace-host: 01cd6368e091887a7873f839d814c8f023a2db23a194bf73d437ac4cc3ff13514d7caa39247e23f732a9edf8761b1362becccd3b224bd0e18a77116b497f637568d8a52d4b36d6405f47866eac65efc6d79458fabb449acdb3ef5896157b2fefd1e78e3a100176120aba5b0c7ce3971dc8f58111ad360b8f0425d1d76d08c16da3
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 img-embed-logo-colorful-6e578f33c94fb378e31eb676c51d6ac2.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame E922 2 KB
2 KB 57ms
1ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-logo-colorful-6e578f33c94fb378e31eb676c51d6ac2.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6820dc5a852a390b26eaa791f6f9f9b976fa0ba6c17412089b25946d7d9de99c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f82a6
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: blePM8lPs3jjHrZ2xR1qwg==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 1134
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:Jzhd_Ui9-inx7UzlQJ1KaY8G6v1V0sRrHNI-HpCRbjmu9HFZS69MLzt9-Ya-aPgD
x-api-id: native
etag: a7955a11-3a85-47fa-a82f-65c819d852be
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 4437ad5d-5a9f-4444-8c80-6508bf3e7f96
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 img-embed-controller-play-50633fd697e3a54c76c42c2a03aab3ea.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame E922 1 KB
1 KB 86ms
20ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-controller-play-50633fd697e3a54c76c42c2a03aab3ea.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1487bfed1f532d8cff7ec61ac6bb53dc91e8745905444ba4fdb237eb19071cf0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f82d7
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: UGM/1pfjpUx2xCwqA6qz6g==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 569
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:8UtxUN7PKt3-vbU5KNvKzMmdU_dcaQfSDAGIiJ9XKpH72T7Ij0jolBoEtVesHOUD
x-api-id: native
etag: e6374b61-df62-4c33-bf97-85676cde2730
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 8e44f0af-aebd-4471-9d7c-94aaa4cc5851
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 ecffb54e95199f56958f72f35dae11d0~c5_100x100.jpeg
p16-sign-va.tiktokcdn.com/tos-maliva-avt-0068/ Frame E922 3 KB
4 KB 93ms
26ms Image
image/jpeg 23.46.156.171
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p16-sign-va.tiktokcdn.com/tos-maliva-avt-0068/ecffb54e95199f56958f72f35dae11d0~c5_100x100.jpeg?x-expires=1679151600&x-signature=qwMFIXmeu5FO9WPfuYZCU24Hcic%3D
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.156.171 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-46-156-171.deploy.static.akamaitechnologies.com
Software: nginx / ImageX
Resource Hash: 7cf51bb086864575674a8676d4395edfee324b7c906ab0378ca405924c982da9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2f5883ab
date: Thu, 16 Mar 2023 15:45:08 GMT
x-crop-loc: (0,1)-(535,536)
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
nw-session-id: 2023031408423376800DE42C5D9B79D773qrpfv21ff
x-powered-by: ImageX
x-cache: TCP_HIT from a23-46-151-171.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-parent-response-time: 7,23.201.44.185, 8,23.215.130.117
cross-origin-resource-policy: cross-origin
akamai-mon-iucid-del: 971653
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=1
x-length: 3059
content-length: 3059
last-modified: Tue, 14 Mar 2023 08:42:34 GMT
server: nginx
x-tt-logid: 2023031408423376800DE42C5D9B79D773
x-response-date: Tue, 14 Mar 2023 08:42:34 GMT
content-type: image/jpeg
access-control-allow-origin: *
nw-session-trace: 2023-03-14T08:42:34.336765103Z 110
cache-control: max-age=31337870
x-tt-trace-host: 0163cf2bcd3535d9814a552eebd6dd18c55aa3d68b9e6d3181d303cf2445be1e2f5320deb94d571844583409c9809d150e51a78858130ed7c0671120448eb35dc5ef7cc8132c62b2b07827d57c07a749831893e735bd3b6a9d22e19e79b8c23d08161d36c4402eb7fdd77dd9b23091cb49
imagex-fmt: jpeg2jpeg
timing-allow-origin: *

GET
H2 200 img-embed-banner-comment-d1335fb135de82a0a6b923df2e515c06.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame E922 1 KB
1 KB 83ms
19ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-banner-comment-d1335fb135de82a0a6b923df2e515c06.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5f5beabf59a0f4c1c28f05dd34047cd1f401f146b85eebbaa7ab8d971f075e64

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f82d8
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 0TNfsTXegqCmuSPfLlFcBg==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 498
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:g1uE-fWXWsTCyRP6Bml-6_LU2H9EGYdNPk51Cw3U_iQHlHPXeKJ4Gdxi6nnOJeZo
x-api-id: native
etag: 741220d1-21f1-41de-a0ae-9bcfa9dbeb88
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 71957b74-08f1-40cd-8688-5cb2b05a57fb
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 img-embed-music-26847fc3f0c6f8b667c268b0c0a2bd0f.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame E922 647 B
1 KB 85ms
20ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-music-26847fc3f0c6f8b667c268b0c0a2bd0f.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d858782d53337cb280fd29487a8c25544984a1abc8619d4fc3535e4458101d1f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f82e0
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: JoR/w/DG+LZnwmiwwKK9Dw==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 647
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:Lxe0X7X8zVKoZRB66cySd4cdag_VtlxkZMWNm6Kuq2g-guFxDqoV0lzkjJlAFZuq
x-api-id: native
etag: 6164be3e-ac47-4fcc-b10d-0654f452a254
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 00380622-8470-4dcc-a19a-e6a5d656dd3c
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 sofiapro-regular.otf
lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/ Frame E922 155 KB
156 KB 203ms
63ms Font
application/font-sfnt 104.126.118.216
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/sofiapro-regular.otf
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.216 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-216.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e145b1a56b822a1f604021905dc0c661a5447c13a569b6424be2abc8c140b668

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2ff848fa
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 83df79xiq+PWX4rXEbw2eg==
x-cache: TCP_HIT from a104-126-118-212.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-tos-storage-class: Standard
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=5
content-length: 158708
x-tos-request-id: 4f6324581ae69bb1-af54d25
x-tos-response-time: Thu, 14 Apr 2022 13:00:22 GMT
last-modified: Tue, 29 Mar 2022 06:30:26 GMT
server: nginx
etag: "f3775fefdc62abe3d65f8ad711bc367a"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/font-sfnt
access-control-allow-origin: *
cache-control: max-age=776561
access-control-allow-credentials: false
x-tt-trace-host: 01c099b6db4dd0a8c4ad052e86fdd1e07c03a9e20fff3165c14e0fa4ecd66ffd67a7104495bf8a0b6f13d94ab03d8e8bd9e25df3b402ffd3c056017bc2ae6e482a8fdc0232f9573c09ecadf03d7b438a2bd54a92fdfaaa3c2452875aa95f87e85aefc6f917488340eae43abfe7d35e1aa9a642712ffbab5f6df02f7597e9fc1477
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 Proxima-Nova-Semibold.woff2
lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/ Frame E922 20 KB
21 KB 210ms
72ms Font
font/woff2 104.126.118.216
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/Proxima-Nova-Semibold.woff2
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.216 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-216.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 76680efd61dc1f00144c9af7adb317cc0642fe53282525e7e35806a12e74a084

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2ff848fb
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: Sio5a2TUlhXk5hdYEjB9Lg==
x-cache: TCP_HIT from a104-126-118-212.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-parent-response-time: 42,23.59.247.55
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=4
content-length: 20428
x-tos-request-id: b02cc99cdb7cbd65639cdb7c-af54426
x-tos-response-time: Fri, 16 Dec 2022 20:56:28 GMT
last-modified: Mon, 28 Nov 2022 03:57:08 GMT
server: nginx
etag: CIHxguz9z/sCEAE=
vary: Accept-Encoding
access-control-max-age: 86400
content-type: font/woff2
access-control-allow-origin: *
access-control-allow-methods: GET,POST
cache-control: max-age=1361430
access-control-allow-credentials: false
x-tt-trace-host: 019727dce3c1acfad986438046fe106d1181095077ae0f0d7a67e2162716564a5ed9d0d24716ccdf86972a5e113012ae6eff934459d42c55f28a26449c1af20aa35da68d011272fd3cee0a8fd74f3331f263a7ceaee00863718a770227d63537ef95252ce2079504adbe9102820427d630
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 Proxima-Nova-Regular.woff2
lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/ Frame E922 21 KB
22 KB 194ms
56ms Font
font/woff2 104.126.118.216
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/Proxima-Nova-Regular.woff2
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.216 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-216.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 29a734dbe0c87dca942095cf4038b7a2519fb48ff2e06d1f49b8d8854493ac35

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2ff848fc
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: SvWbAmfbEyPKXZVTcUBHkw==
x-cache: TCP_MEM_HIT from a104-126-118-212.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-tos-storage-class: Standard
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=4
content-length: 21908
x-tos-request-id: 96bc26597f0e68e3-af544a3
x-tos-response-time: Fri, 15 Apr 2022 14:19:58 GMT
last-modified: Tue, 29 Mar 2022 06:30:26 GMT
server: nginx
etag: "4af59b0267db1323ca5d955371404793"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=876502
access-control-allow-credentials: false
x-tt-trace-host: 01cd6368e091887a7873f839d814c8f023a2db23a194bf73d437ac4cc3ff13514d7caa39247e23f732a9edf8761b1362becccd3b224bd0e18a77116b497f637568d8a52d4b36d6405f47866eac65efc6d79458fabb449acdb3ef5896157b2fefd1e78e3a100176120aba5b0c7ce3971dc8f58111ad360b8f0425d1d76d08c16da3
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 img-embed-logo-colorful-6e578f33c94fb378e31eb676c51d6ac2.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame 8501 2 KB
2 KB 80ms
20ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-logo-colorful-6e578f33c94fb378e31eb676c51d6ac2.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6820dc5a852a390b26eaa791f6f9f9b976fa0ba6c17412089b25946d7d9de99c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f82e2
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: blePM8lPs3jjHrZ2xR1qwg==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1
storage-tier: Standard
content-length: 1134
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:Jzhd_Ui9-inx7UzlQJ1KaY8G6v1V0sRrHNI-HpCRbjmu9HFZS69MLzt9-Ya-aPgD
x-api-id: native
etag: a7955a11-3a85-47fa-a82f-65c819d852be
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 4437ad5d-5a9f-4444-8c80-6508bf3e7f96
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 img-embed-controller-play-50633fd697e3a54c76c42c2a03aab3ea.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame 8501 1 KB
1 KB 83ms
23ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-controller-play-50633fd697e3a54c76c42c2a03aab3ea.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1487bfed1f532d8cff7ec61ac6bb53dc91e8745905444ba4fdb237eb19071cf0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f82e3
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: UGM/1pfjpUx2xCwqA6qz6g==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1
storage-tier: Standard
content-length: 569
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:8UtxUN7PKt3-vbU5KNvKzMmdU_dcaQfSDAGIiJ9XKpH72T7Ij0jolBoEtVesHOUD
x-api-id: native
etag: e6374b61-df62-4c33-bf97-85676cde2730
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 8e44f0af-aebd-4471-9d7c-94aaa4cc5851
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 ecffb54e95199f56958f72f35dae11d0~c5_100x100.jpeg
p16-sign-va.tiktokcdn.com/tos-maliva-avt-0068/ Frame 8501 3 KB
4 KB 85ms
26ms Image
image/jpeg 23.46.156.171
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p16-sign-va.tiktokcdn.com/tos-maliva-avt-0068/ecffb54e95199f56958f72f35dae11d0~c5_100x100.jpeg?x-expires=1679151600&x-signature=qwMFIXmeu5FO9WPfuYZCU24Hcic%3D
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.156.171 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-46-156-171.deploy.static.akamaitechnologies.com
Software: nginx / ImageX
Resource Hash: 7cf51bb086864575674a8676d4395edfee324b7c906ab0378ca405924c982da9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2f5883af
date: Thu, 16 Mar 2023 15:45:08 GMT
x-crop-loc: (0,1)-(535,536)
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
nw-session-id: 2023031408423376800DE42C5D9B79D773qrpfv21ff
x-powered-by: ImageX
x-cache: TCP_HIT from a23-46-151-171.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-parent-response-time: 7,23.201.44.185, 8,23.215.130.117
cross-origin-resource-policy: cross-origin
akamai-mon-iucid-del: 971653
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=1
x-length: 3059
content-length: 3059
last-modified: Tue, 14 Mar 2023 08:42:34 GMT
server: nginx
x-tt-logid: 2023031408423376800DE42C5D9B79D773
x-response-date: Tue, 14 Mar 2023 08:42:34 GMT
content-type: image/jpeg
access-control-allow-origin: *
nw-session-trace: 2023-03-14T08:42:34.336765103Z 110
cache-control: max-age=31337870
x-tt-trace-host: 0163cf2bcd3535d9814a552eebd6dd18c55aa3d68b9e6d3181d303cf2445be1e2f5320deb94d571844583409c9809d150e51a78858130ed7c0671120448eb35dc5ef7cc8132c62b2b07827d57c07a749831893e735bd3b6a9d22e19e79b8c23d08161d36c4402eb7fdd77dd9b23091cb49
imagex-fmt: jpeg2jpeg
timing-allow-origin: *

GET
H2 200 img-embed-banner-comment-d1335fb135de82a0a6b923df2e515c06.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame 8501 1 KB
1 KB 50ms
22ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-banner-comment-d1335fb135de82a0a6b923df2e515c06.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5f5beabf59a0f4c1c28f05dd34047cd1f401f146b85eebbaa7ab8d971f075e64

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f82e6
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 0TNfsTXegqCmuSPfLlFcBg==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 498
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:g1uE-fWXWsTCyRP6Bml-6_LU2H9EGYdNPk51Cw3U_iQHlHPXeKJ4Gdxi6nnOJeZo
x-api-id: native
etag: 741220d1-21f1-41de-a0ae-9bcfa9dbeb88
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 71957b74-08f1-40cd-8688-5cb2b05a57fb
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 img-embed-music-26847fc3f0c6f8b667c268b0c0a2bd0f.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame 8501 647 B
1 KB 49ms
21ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-music-26847fc3f0c6f8b667c268b0c0a2bd0f.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d858782d53337cb280fd29487a8c25544984a1abc8619d4fc3535e4458101d1f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f82e7
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: JoR/w/DG+LZnwmiwwKK9Dw==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 647
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:Lxe0X7X8zVKoZRB66cySd4cdag_VtlxkZMWNm6Kuq2g-guFxDqoV0lzkjJlAFZuq
x-api-id: native
etag: 6164be3e-ac47-4fcc-b10d-0654f452a254
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 00380622-8470-4dcc-a19a-e6a5d656dd3c
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 sofiapro-regular.otf
lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/ Frame 8501 155 KB
156 KB 176ms
74ms Font
application/font-sfnt 104.126.118.216
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/sofiapro-regular.otf
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.216 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-216.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e145b1a56b822a1f604021905dc0c661a5447c13a569b6424be2abc8c140b668

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2ff8490f
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: 83df79xiq+PWX4rXEbw2eg==
x-cache: TCP_HIT from a104-126-118-212.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-tos-storage-class: Standard
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=5
content-length: 158708
x-tos-request-id: 4f6324581ae69bb1-af54d25
x-tos-response-time: Thu, 14 Apr 2022 13:00:22 GMT
last-modified: Tue, 29 Mar 2022 06:30:26 GMT
server: nginx
etag: "f3775fefdc62abe3d65f8ad711bc367a"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/font-sfnt
access-control-allow-origin: *
cache-control: max-age=776561
access-control-allow-credentials: false
x-tt-trace-host: 01c099b6db4dd0a8c4ad052e86fdd1e07c03a9e20fff3165c14e0fa4ecd66ffd67a7104495bf8a0b6f13d94ab03d8e8bd9e25df3b402ffd3c056017bc2ae6e482a8fdc0232f9573c09ecadf03d7b438a2bd54a92fdfaaa3c2452875aa95f87e85aefc6f917488340eae43abfe7d35e1aa9a642712ffbab5f6df02f7597e9fc1477
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 Proxima-Nova-Semibold.woff2
lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/ Frame 8501 20 KB
21 KB 150ms
53ms Font
font/woff2 104.126.118.216
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/Proxima-Nova-Semibold.woff2
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.216 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-216.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 76680efd61dc1f00144c9af7adb317cc0642fe53282525e7e35806a12e74a084

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2ff848fe
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: Sio5a2TUlhXk5hdYEjB9Lg==
x-cache: TCP_MEM_HIT from a104-126-118-212.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-parent-response-time: 42,23.59.247.55
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=4
content-length: 20428
x-tos-request-id: b02cc99cdb7cbd65639cdb7c-af54426
x-tos-response-time: Fri, 16 Dec 2022 20:56:28 GMT
last-modified: Mon, 28 Nov 2022 03:57:08 GMT
server: nginx
etag: CIHxguz9z/sCEAE=
vary: Accept-Encoding
access-control-max-age: 86400
content-type: font/woff2
access-control-allow-origin: *
access-control-allow-methods: GET,POST
cache-control: max-age=1361430
access-control-allow-credentials: false
x-tt-trace-host: 019727dce3c1acfad986438046fe106d1181095077ae0f0d7a67e2162716564a5ed9d0d24716ccdf86972a5e113012ae6eff934459d42c55f28a26449c1af20aa35da68d011272fd3cee0a8fd74f3331f263a7ceaee00863718a770227d63537ef95252ce2079504adbe9102820427d630
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 Proxima-Nova-Regular.woff2
lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/ Frame 8501 21 KB
22 KB 165ms
69ms Font
font/woff2 104.126.118.216
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://lf16-tiktok-common.ttwstatic.com/obj/tiktok-web-common-sg/falcon/tiktok_fonts/Proxima-Nova-Regular.woff2
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.216 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-216.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 29a734dbe0c87dca942095cf4038b7a2519fb48ff2e06d1f49b8d8854493ac35

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 2ff848fd
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: SvWbAmfbEyPKXZVTcUBHkw==
x-cache: TCP_HIT from a104-126-118-212.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
x-tos-storage-class: Standard
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=4
content-length: 21908
x-tos-request-id: 96bc26597f0e68e3-af544a3
x-tos-response-time: Fri, 15 Apr 2022 14:19:58 GMT
last-modified: Tue, 29 Mar 2022 06:30:26 GMT
server: nginx
etag: "4af59b0267db1323ca5d955371404793"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=876502
access-control-allow-credentials: false
x-tt-trace-host: 01cd6368e091887a7873f839d814c8f023a2db23a194bf73d437ac4cc3ff13514d7caa39247e23f732a9edf8761b1362becccd3b224bd0e18a77116b497f637568d8a52d4b36d6405f47866eac65efc6d79458fabb449acdb3ef5896157b2fefd1e78e3a100176120aba5b0c7ce3971dc8f58111ad360b8f0425d1d76d08c16da3
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 common-monitors.1.5.2.js Show response
sf16-short-va.bytedapm.com/slardar/fe/sdk-web/plugins/ Frame 846A 20 KB
8 KB 82ms
21ms Script
application/javascript 104.126.118.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-short-va.bytedapm.com/slardar/fe/sdk-web/plugins/common-monitors.1.5.2.js
Requested by: Host: sf16-short-va.bytedapm.com
URL: https://sf16-short-va.bytedapm.com/slardar/fe/sdk-web/browser.maliva.js?bid=tiktok_web_embed&globalName=SlardarWeb
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.210 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b20dfc5fa44e7c4df84aea06512c0d1a08f0446b5f0052fda8a25241049f3ccf

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 58aafe3
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: xbW+K6nlm31KxLpCaIqeyg==
x-tt-trace-id: 00-e85b166710627983479f1406067a04d1-e85b166710627983-01
x-cache: TCP_HIT from a104-126-118-206.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=1
content-length: 7516
x-tos-request-id: 94f4ef1285e477fc641285e4-abf4095
x-tos-response-time: Thu, 16 Mar 2023 02:58:44 GMT
last-modified: Thu, 16 Mar 2023 02:57:20 GMT
server: nginx
x-tt-logid: 2023031602584818EEDB01D21EBE72E68A
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET,POST
cache-control: max-age=300
access-control-allow-credentials: false
x-tt-trace-host: 01d2efe0231df31808735c0fa12064c963d08a68be5d5b5ff80d8687dfcf404f963aacf32acb93a1141072faa2decf0aedcf8a957d822bd2a8aabdea975a035369ff658f16e627143e737a5669c025fd123d422c3f82e54dfd2b848b0dbe65d522096d771271bab4977383db701f6abd3f
timing-allow-origin: *
access-control-allow-headers: *
expires: Thu, 16 Mar 2023 15:50:08 GMT

GET
H2 200 common-monitors.1.5.0.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/slardar/fe/sdk-web/plugins/ Frame 846A 19 KB
8 KB 20ms
19ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/slardar/fe/sdk-web/plugins/common-monitors.1.5.0.js
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/ttweb_webmssdk_ex/1.0.0.28/webmssdk_ex.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7520bda9576b519df3561d67722d95bea0bfb8f644b8b83b38b663138d62cd68

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f8339
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: lJMNanjiQY7KAJ1oFCsUBQ==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 7318
last-modified: Wed, 15 Feb 2023 03:17:11 GMT
opc-request-id: iad-1:a9Odx4trFHhAUHQHvPMsQRl-eFx9sgq0TArq-lOEkI_BwaZxcN8bWaD5NarH-_TF
x-api-id: native
etag: f69b14ef-715b-4897-9d2b-f2811c896f09
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: bf1061da-7f62-45be-8168-83d7b672961a
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 common-monitors.1.5.2.js Show response
sf16-short-va.bytedapm.com/slardar/fe/sdk-web/plugins/ Frame E922 20 KB
8 KB 82ms
26ms Script
application/javascript 104.126.118.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-short-va.bytedapm.com/slardar/fe/sdk-web/plugins/common-monitors.1.5.2.js
Requested by: Host: sf16-short-va.bytedapm.com
URL: https://sf16-short-va.bytedapm.com/slardar/fe/sdk-web/browser.maliva.js?bid=tiktok_web_embed&globalName=SlardarWeb
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.210 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b20dfc5fa44e7c4df84aea06512c0d1a08f0446b5f0052fda8a25241049f3ccf

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 58aafe5
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: xbW+K6nlm31KxLpCaIqeyg==
x-tt-trace-id: 00-e85b166710627983479f1406067a04d1-e85b166710627983-01
x-cache: TCP_HIT from a104-126-118-206.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
server-timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=1
content-length: 7516
x-tos-request-id: 94f4ef1285e477fc641285e4-abf4095
x-tos-response-time: Thu, 16 Mar 2023 02:58:44 GMT
last-modified: Thu, 16 Mar 2023 02:57:20 GMT
server: nginx
x-tt-logid: 2023031602584818EEDB01D21EBE72E68A
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET,POST
cache-control: max-age=300
access-control-allow-credentials: false
x-tt-trace-host: 01d2efe0231df31808735c0fa12064c963d08a68be5d5b5ff80d8687dfcf404f963aacf32acb93a1141072faa2decf0aedcf8a957d822bd2a8aabdea975a035369ff658f16e627143e737a5669c025fd123d422c3f82e54dfd2b848b0dbe65d522096d771271bab4977383db701f6abd3f
timing-allow-origin: *
access-control-allow-headers: *
expires: Thu, 16 Mar 2023 15:50:08 GMT

GET
H2 200 common-monitors.1.5.0.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/slardar/fe/sdk-web/plugins/ Frame E922 19 KB
8 KB 20ms
20ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/slardar/fe/sdk-web/plugins/common-monitors.1.5.0.js
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/ttweb_webmssdk_ex/1.0.0.28/webmssdk_ex.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7520bda9576b519df3561d67722d95bea0bfb8f644b8b83b38b663138d62cd68

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f8344
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: lJMNanjiQY7KAJ1oFCsUBQ==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 7318
last-modified: Wed, 15 Feb 2023 03:17:11 GMT
opc-request-id: iad-1:a9Odx4trFHhAUHQHvPMsQRl-eFx9sgq0TArq-lOEkI_BwaZxcN8bWaD5NarH-_TF
x-api-id: native
etag: f69b14ef-715b-4897-9d2b-f2811c896f09
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: bf1061da-7f62-45be-8168-83d7b672961a
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 common-monitors.1.5.2.js Show response
sf16-short-va.bytedapm.com/slardar/fe/sdk-web/plugins/ Frame 8501 20 KB
8 KB 73ms
19ms Script
application/javascript 104.126.118.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-short-va.bytedapm.com/slardar/fe/sdk-web/plugins/common-monitors.1.5.2.js
Requested by: Host: sf16-short-va.bytedapm.com
URL: https://sf16-short-va.bytedapm.com/slardar/fe/sdk-web/browser.maliva.js?bid=tiktok_web_embed&globalName=SlardarWeb
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.210 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b20dfc5fa44e7c4df84aea06512c0d1a08f0446b5f0052fda8a25241049f3ccf

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 58aafe4
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: xbW+K6nlm31KxLpCaIqeyg==
x-tt-trace-id: 00-e85b166710627983479f1406067a04d1-e85b166710627983-01
x-cache: TCP_MEM_HIT from a104-126-118-206.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_HIT
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=1
content-length: 7516
x-tos-request-id: 94f4ef1285e477fc641285e4-abf4095
x-tos-response-time: Thu, 16 Mar 2023 02:58:44 GMT
last-modified: Thu, 16 Mar 2023 02:57:20 GMT
server: nginx
x-tt-logid: 2023031602584818EEDB01D21EBE72E68A
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET,POST
cache-control: max-age=300
access-control-allow-credentials: false
x-tt-trace-host: 01d2efe0231df31808735c0fa12064c963d08a68be5d5b5ff80d8687dfcf404f963aacf32acb93a1141072faa2decf0aedcf8a957d822bd2a8aabdea975a035369ff658f16e627143e737a5669c025fd123d422c3f82e54dfd2b848b0dbe65d522096d771271bab4977383db701f6abd3f
timing-allow-origin: *
access-control-allow-headers: *
expires: Thu, 16 Mar 2023 15:50:08 GMT

GET
H2 200 common-monitors.1.5.0.js Show response
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/slardar/fe/sdk-web/plugins/ Frame 8501 19 KB
8 KB 20ms
20ms Script
application/javascript 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/slardar/fe/sdk-web/plugins/common-monitors.1.5.0.js
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/ttweb_webmssdk_ex/1.0.0.28/webmssdk_ex.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7520bda9576b519df3561d67722d95bea0bfb8f644b8b83b38b663138d62cd68

Request headers

Referer: https://www.tiktok.com/
Origin: https://www.tiktok.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f8347
date: Thu, 16 Mar 2023 15:45:08 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: lJMNanjiQY7KAJ1oFCsUBQ==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1
storage-tier: Standard
content-length: 7318
last-modified: Wed, 15 Feb 2023 03:17:11 GMT
opc-request-id: iad-1:a9Odx4trFHhAUHQHvPMsQRl-eFx9sgq0TArq-lOEkI_BwaZxcN8bWaD5NarH-_TF
x-api-id: native
etag: f69b14ef-715b-4897-9d2b-f2811c896f09
vary: Accept-Encoding
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: application/javascript
version-id: bf1061da-7f62-45be-8168-83d7b672961a
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET 834d625906a24e32aa05889fa9595f67
p16-sign.tiktokcdn-us.com/obj/tos-useast5-p-0068-tx/ Frame E922 0
0

GET 834d625906a24e32aa05889fa9595f67
p16-sign.tiktokcdn-us.com/obj/tos-useast5-p-0068-tx/ Frame 846A 0
0

GET
H2 200 834d625906a24e32aa05889fa9595f67
p19-sign.tiktokcdn-us.com/obj/tos-useast5-p-0068-tx/ Frame 8501 39 KB
40 KB 212ms
115ms Image
image/jpeg 146.75.38.73
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p19-sign.tiktokcdn-us.com/obj/tos-useast5-p-0068-tx/834d625906a24e32aa05889fa9595f67?x-expires=1679000400&x-signature=%2FBMN%2FoqpV9LZO6tdL1hiZnKAxr0%3D
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.38.73 Reston, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx / ImageX
Resource Hash: 198ea1f009ad42b4a3cef7e746429a187ed00f0dab494a585d50f745c0b0ba6e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:09 GMT
via: 1.1 varnish
x-tt-trace-tag: id=19;cdn-cache=hit;type=static
age: 82473
nw-session-id: 20230315165036A76F5702EF19216DA366mn8hq41ff
x-powered-by: ImageX
x-cache: HIT
x-bdcdn-cache-status: TCP_MISS
server-timing: inner; dur=12, cdn-cache;desc=hit, edge;dur=0
x-length: 39771
content-length: 39771
x-served-by: cache-iad-kcgs7200106-IAD
last-modified: Wed, 15 Mar 2023 16:50:36 GMT
server: nginx
x-tt-logid: 20230315165036A76F5702EF19216DA366
x-response-date: Wed, 15 Mar 2023 16:50:36 GMT
x-timer: S1678981509.105548,VS0,VE0
content-type: image/jpeg
access-control-allow-origin: *
nw-session-trace: 2023-03-15T16:50:36.205973308Z 10
cache-control: max-age=31536000
x-tt-trace-host: 0180a21b1f374f104171b8057c34b1051e53132c170b73c591d1defc00b8d17a3068369d6ea986d725ca87ee6c59297086aac0db745c47f8d29979f7da8bab204c87f04b331e954116ff4d307929844fb1157959f609ebd29bf1d69738f2bffe5a
imagex-fmt: jpeg2jpeg
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 4

GET
H2 200 img-embed-previous-ad15e871ecc7afadf24624d1f5681da5.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame E922 576 B
1 KB 40ms
39ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-previous-ad15e871ecc7afadf24624d1f5681da5.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6793fa2f8d1a76e1ff51f8a83ecf5aa7ebbdc5f422196c1cdcda31f496d4d41e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f844a
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: rRXocezHr63yRiTR9WgdpQ==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 576
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:mIvH4TAExtFE40b8XY8vWvoa9zRoeLJn0cAWf7l_Y-FupPlyZmDQj9SQGwbYzqD3
x-api-id: native
etag: 7e6b492f-0a96-45cf-a030-6eeabb053877
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 4787b98a-728b-40d5-a2e2-6bad1fd5302b
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 834d625906a24e32aa05889fa9595f67
p16-sign.tiktokcdn-us.com/obj/tos-useast5-p-0068-tx/ Frame E922 39 KB
40 KB 126ms
60ms Image
image/jpeg 23.46.156.17
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p16-sign.tiktokcdn-us.com/obj/tos-useast5-p-0068-tx/834d625906a24e32aa05889fa9595f67?x-expires=1679000400&x-signature=LlLh1FMbD1x27CVVKpeHW9Ap2XU%3D
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.156.17 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-46-156-17.deploy.static.akamaitechnologies.com
Software: nginx / ImageX
Resource Hash: 198ea1f009ad42b4a3cef7e746429a187ed00f0dab494a585d50f745c0b0ba6e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
nw-session-id: 202303111136524C681B3B654517DCE874r6hs841ff
x-powered-by: ImageX
x-cache: TCP_HIT from a23-46-151-17.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_MISS
server-timing: cdn-cache; desc=HIT, edge; dur=2, inner; dur=5
x-length: 39771
content-length: 39771
last-modified: Sat, 11 Mar 2023 11:36:52 GMT
server: nginx
x-tt-logid: 202303111136524C681B3B654517DCE874
x-response-date: Sat, 11 Mar 2023 11:36:52 GMT
content-type: image/jpeg
access-control-allow-origin: *
nw-session-trace: 2023-03-11T11:36:52.078016673Z 3
cache-control: max-age=31089195
x-origin-response-time: 23,23.55.62.29
x-tt-trace-host: 01903d19b565a81b1eb88cc21ca207c8cc9ef062c30ced31c7fa67d728ce3c39377f939f49047417354e85a05751fdf9416d452b270acc95866f412312292a5a96b9124d81ad1b26dfb8542836721bc19899c8a10cb807c30e812c4d1b2bc3e0e4cc667daf0599c2c4c9f4e7ae646e0e1db04debed4fc126218ba102d5e7d04b0c
imagex-fmt: jpeg2jpeg
timing-allow-origin: *

GET
H2 200 img-embed-previous-ad15e871ecc7afadf24624d1f5681da5.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame 846A 576 B
1 KB 37ms
37ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-previous-ad15e871ecc7afadf24624d1f5681da5.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6793fa2f8d1a76e1ff51f8a83ecf5aa7ebbdc5f422196c1cdcda31f496d4d41e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f844b
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: rRXocezHr63yRiTR9WgdpQ==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=1
storage-tier: Standard
content-length: 576
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:mIvH4TAExtFE40b8XY8vWvoa9zRoeLJn0cAWf7l_Y-FupPlyZmDQj9SQGwbYzqD3
x-api-id: native
etag: 7e6b492f-0a96-45cf-a030-6eeabb053877
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 4787b98a-728b-40d5-a2e2-6bad1fd5302b
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H2 200 834d625906a24e32aa05889fa9595f67
p16-sign.tiktokcdn-us.com/obj/tos-useast5-p-0068-tx/ Frame 846A 39 KB
40 KB 86ms
24ms Image
image/jpeg 23.46.156.17
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p16-sign.tiktokcdn-us.com/obj/tos-useast5-p-0068-tx/834d625906a24e32aa05889fa9595f67?x-expires=1679000400&x-signature=LlLh1FMbD1x27CVVKpeHW9Ap2XU%3D
Requested by: Host: sf16-website-login.neutral.ttwstatic.com
URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.156.17 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-46-156-17.deploy.static.akamaitechnologies.com
Software: nginx / ImageX
Resource Hash: 198ea1f009ad42b4a3cef7e746429a187ed00f0dab494a585d50f745c0b0ba6e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
nw-session-id: 202303111136524C681B3B654517DCE874r6hs841ff
x-powered-by: ImageX
x-cache: TCP_HIT from a23-46-151-17.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-bdcdn-cache-status: TCP_MISS
server-timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=5
x-length: 39771
content-length: 39771
last-modified: Sat, 11 Mar 2023 11:36:52 GMT
server: nginx
x-tt-logid: 202303111136524C681B3B654517DCE874
x-response-date: Sat, 11 Mar 2023 11:36:52 GMT
content-type: image/jpeg
access-control-allow-origin: *
nw-session-trace: 2023-03-11T11:36:52.078016673Z 3
cache-control: max-age=31089195
x-origin-response-time: 23,23.55.62.29
x-tt-trace-host: 01903d19b565a81b1eb88cc21ca207c8cc9ef062c30ced31c7fa67d728ce3c39377f939f49047417354e85a05751fdf9416d452b270acc95866f412312292a5a96b9124d81ad1b26dfb8542836721bc19899c8a10cb807c30e812c4d1b2bc3e0e4cc667daf0599c2c4c9f4e7ae646e0e1db04debed4fc126218ba102d5e7d04b0c
imagex-fmt: jpeg2jpeg
timing-allow-origin: *

GET
H2 200 img-embed-previous-ad15e871ecc7afadf24624d1f5681da5.svg
sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/ Frame 8501 576 B
1 KB 33ms
33ms Image
image/svg+xml 104.126.118.201
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/images/img-embed-previous-ad15e871ecc7afadf24624d1f5681da5.svg
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.201 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-201.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6793fa2f8d1a76e1ff51f8a83ecf5aa7ebbdc5f422196c1cdcda31f496d4d41e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.tiktok.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 50f8453
date: Thu, 16 Mar 2023 15:45:08 GMT
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
x-check-cacheable: YES
content-md5: rRXocezHr63yRiTR9WgdpQ==
x-cache: TCP_MEM_HIT from a104-126-118-197.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=0
storage-tier: Standard
content-length: 576
last-modified: Wed, 15 Feb 2023 18:35:48 GMT
opc-request-id: iad-1:mIvH4TAExtFE40b8XY8vWvoa9zRoeLJn0cAWf7l_Y-FupPlyZmDQj9SQGwbYzqD3
x-api-id: native
etag: 7e6b492f-0a96-45cf-a030-6eeabb053877
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
content-type: image/svg+xml
version-id: 4787b98a-728b-40d5-a2e2-6bad1fd5302b
access-control-allow-origin: *
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,storage-tier,version-id,x-api-id
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 15:45:08 GMT

GET
H/1.1 206
Partial Content /
v19-web-newkey.tiktokcdn.com/f761aeef97fb3593212d49661135b982/64138dee/video/tos/maliva/tos-maliva-ve-0068c799-us/25b1f0fddb24400099ec500c5eabee8d/ Frame E922 1 MB
1 MB 28ms
25ms Media
video/mp4 146.75.34.113
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://v19-web-newkey.tiktokcdn.com/f761aeef97fb3593212d49661135b982/64138dee/video/tos/maliva/tos-maliva-ve-0068c799-us/25b1f0fddb24400099ec500c5eabee8d/?a=1988&ch=0&cr=0&dr=0&lr=tiktok_m&cd=0%7C0%7C1%7C0&cv=1&br=2008&bt=1004&cs=0&ds=3&ft=ApKJEBBPq8Zmodkt~c_vj_aTKAhLrus&mime_type=video_mp4&qs=0&rc=Zjk8N2U0NWc7PDtoNzM5NUBpMzZtbWY6Zng4ajMzZzczNEBeMDYvYzMtNi4xYzRhMy1hYSNvaTRucjRncDNgLS1kMS9zcw%3D%3D&l=202303161545061928B62D12E53C2BFBCA&btag=80000
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.34.113 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 36884b575efdea77a176a00f6371bebb9d96045b967d5ce37711c9f2e48a5b86

Request headers

Referer: https://www.tiktok.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

Expires: Tue, 12 Sep 2023 11:00:30 GMT
Date: Thu, 16 Mar 2023 15:45:08 GMT
Via: 1.1 varnish
x-tt-trace-tag: id=19;cdn-cache=hit;type=static
Age: 17078
X-Cache: HIT
Content-Range: bytes 0-1393846/1393847
Connection: keep-alive
server-timing: inner; dur=148, cdn-cache;desc=hit, edge;dur=1
Content-Length: 1393847
X-Served-By: cache-iad-kjyo7100124-IAD
X-Storagegw-Request-Id: 2023031611003001019021819847DD234C
Last-Modified: Sat, 11 Mar 2023 10:57:05 GMT
X-Timer: S1678981509.981041,VS0,VE1
Etag: "CLzalejb0/0CEAE="
content-type: video/mp4
Access-Control-Allow-Origin: *
X-Storagegw-Response-Time: Thu, 16 Mar 2023 11:00:30 GMT
Cache-Control: max-age=15552000
Access-Control-Allow-Credentials: true
x-tt-trace-host: 017277c42bb313c1a23ee8031166d71029099bb0cdb640abee10fe929da8eb9564279977d86009eb82e8e4875150dd8cbc7078a68632f361d09f0dfd76b1067f2e5ac0d8d914d6776653696fce2974dca42e2e6820a9e462866a6457d8edcec6d016493f4f96cf4633011b8e1fa643446d899931f1ffb46ef515da36c828273a72
Accept-Ranges: bytes
x-response-cache: edge_hit
BD-Request-Id: ba58b9bf67fd504383dc6143f6b2d67f
X-Cache-Hits: 0

GET
H/1.1 206
Partial Content /
v16-web-newkey.tiktokcdn.com/0a835cb809e8380a3b27c36c10ddbee3/64138dee/video/tos/maliva/tos-maliva-ve-0068c799-us/25b1f0fddb24400099ec500c5eabee8d/ Frame 846A 1 MB
1 MB 160ms
33ms Media
video/mp4 104.126.118.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://v16-web-newkey.tiktokcdn.com/0a835cb809e8380a3b27c36c10ddbee3/64138dee/video/tos/maliva/tos-maliva-ve-0068c799-us/25b1f0fddb24400099ec500c5eabee8d/?a=1988&ch=0&cr=0&dr=0&lr=tiktok_m&cd=0%7C0%7C1%7C0&cv=1&br=2008&bt=1004&cs=0&ds=3&ft=ApKJEBBPq8Zmodkt~c_vjPWKKAhLrus&mime_type=video_mp4&qs=0&rc=Zjk8N2U0NWc7PDtoNzM5NUBpMzZtbWY6Zng4ajMzZzczNEBeMDYvYzMtNi4xYzRhMy1hYSNvaTRucjRncDNgLS1kMS9zcw%3D%3D&l=20230316154506FB1EEAF313759F2B5AC1&btag=80000
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.241 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-241.deploy.static.akamaitechnologies.com
Software: Byte-nginx /
Resource Hash: 36884b575efdea77a176a00f6371bebb9d96045b967d5ce37711c9f2e48a5b86

Request headers

Referer: https://www.tiktok.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

X-Akamai-Request-ID: 6060845
Date: Thu, 16 Mar 2023 15:45:09 GMT
X-Expires-MS: 1678534239613
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
X-Cache: TCP_HIT from a104-126-118-237.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
Content-Range: bytes 0-1393846/1393847
Connection: keep-alive
Server-Timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=51
Content-Length: 1393847
X-Storagegw-Request-Id: 20230311113038010214029021545B6D7E
X-Akamai-Cache-Status: miss
Last-Modified: Sat, 11 Mar 2023 10:57:05 GMT
Server: Byte-nginx
ETag: "CLzalejb0/0CEAE="
Content-Type: video/mp4
Access-Control-Allow-Origin: *
X-Storagegw-Response-Time: Sat, 11 Mar 2023 11:30:38 GMT
Cache-Control: max-age=15104771
X-Origin-Response-Time: 72,23.212.188.146
x-tt-trace-host: 015973a1d132d10cef3b01133bc404820df12e1784a29517d68583632b84f3e917bc3a8a0f748c3880255e5f9b716e5ddf0e2eea32cbbfd51d5193363feeb5d67acf778c1b15230798f7f709f27b1f12ebee6e1781a189e086d91e335d8b65ecfecec4f6c507156460f53d086b3e0fb436fef5a594ecaea3ea8ff2fbce2cb7d246adc39ce4db71733dd4c299b6db3293edcc4c18f9963217ad6683d467f8bc8ced
Accept-Ranges: bytes
BD-Request-Id: f54cd08d06335612e0f89242dca256cd
Expires: Thu, 07 Sep 2023 11:31:20 GMT

GET
H/1.1 206
Partial Content /
v16-web-newkey.tiktokcdn.com/0a835cb809e8380a3b27c36c10ddbee3/64138dee/video/tos/maliva/tos-maliva-ve-0068c799-us/25b1f0fddb24400099ec500c5eabee8d/ Frame 8501 1 MB
1 MB 149ms
34ms Media
video/mp4 104.126.118.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://v16-web-newkey.tiktokcdn.com/0a835cb809e8380a3b27c36c10ddbee3/64138dee/video/tos/maliva/tos-maliva-ve-0068c799-us/25b1f0fddb24400099ec500c5eabee8d/?a=1988&ch=0&cr=0&dr=0&lr=tiktok_m&cd=0%7C0%7C1%7C0&cv=1&br=2008&bt=1004&cs=0&ds=3&ft=ApKJEBBPq8Zmodkt~c_vjtnGqAhLrus&mime_type=video_mp4&qs=0&rc=Zjk8N2U0NWc7PDtoNzM5NUBpMzZtbWY6Zng4ajMzZzczNEBeMDYvYzMtNi4xYzRhMy1hYSNvaTRucjRncDNgLS1kMS9zcw%3D%3D&l=20230316154506CBAFD33129FE732A02D0&btag=80000
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.118.241 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-118-241.deploy.static.akamaitechnologies.com
Software: Byte-nginx /
Resource Hash: 36884b575efdea77a176a00f6371bebb9d96045b967d5ce37711c9f2e48a5b86

Request headers

Referer: https://www.tiktok.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Range: bytes=0-

Response headers

X-Akamai-Request-ID: 6060846
Date: Thu, 16 Mar 2023 15:45:09 GMT
X-Expires-MS: 1678534239613
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
X-Cache: TCP_MEM_HIT from a104-126-118-237.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
Content-Range: bytes 0-1393846/1393847
Connection: keep-alive
Server-Timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=51
Content-Length: 1393847
X-Storagegw-Request-Id: 20230311113038010214029021545B6D7E
X-Akamai-Cache-Status: miss
Last-Modified: Sat, 11 Mar 2023 10:57:05 GMT
Server: Byte-nginx
ETag: "CLzalejb0/0CEAE="
Content-Type: video/mp4
Access-Control-Allow-Origin: *
X-Storagegw-Response-Time: Sat, 11 Mar 2023 11:30:38 GMT
Cache-Control: max-age=15104771
X-Origin-Response-Time: 72,23.212.188.146
x-tt-trace-host: 015973a1d132d10cef3b01133bc404820df12e1784a29517d68583632b84f3e917bc3a8a0f748c3880255e5f9b716e5ddf0e2eea32cbbfd51d5193363feeb5d67acf778c1b15230798f7f709f27b1f12ebee6e1781a189e086d91e335d8b65ecfecec4f6c507156460f53d086b3e0fb436fef5a594ecaea3ea8ff2fbce2cb7d246adc39ce4db71733dd4c299b6db3293edcc4c18f9963217ad6683d467f8bc8ced
Accept-Ranges: bytes
BD-Request-Id: f54cd08d06335612e0f89242dca256cd
Expires: Thu, 07 Sep 2023 11:31:20 GMT

POST
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 8501 0
0 220ms
219ms Fetch
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: eb9c05c.30f58c1
date: Thu, 16 Mar 2023 15:45:09 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 22,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=15, inner; dur=4
server: nginx
x-tt-logid: 20230316154508FC5D45F4C25D27C8F1D7
x-cache-remote: TCP_MISS from a23-43-56-111.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 15,23.43.56.111
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e29d553c6858de80c527279c8b3235badfbfe89d78f53d4d9bd8bb11339de5e5033f1f91da1229ab5ece1858a8b82b96633189123942d08228f5ec371c18ce4f2dca5168fd5acd1a5fc9c2132f155629a
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 58ms
57ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:09 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=13 inner; dur=2
x-akamai-request-id: 15f764bc.30f58b3
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-43-56-133.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 13,23.43.56.133
x-parent-response-time: 21,23.46.157.15
x-tt-logid: 202303161545082A350EEDF08892CBFCBF
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e3e2ca383a39d549f9c7c28fafade51c238dfb2f7c9f0c7abfb29a3733def17398ed740865af97e285e776a115568a6d6b9967d9f4b49a5eff61bd7e1e86dc7ff318efef72dcaeb36e03688baa27caf59
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame E922 0
0 47ms
45ms Fetch
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 11396208.30f58c0
date: Thu, 16 Mar 2023 15:45:09 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 19,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=6, origin; dur=14, inner; dur=4
server: nginx
x-tt-logid: 202303161545083E50EC12DB1AC1CCE680
x-cache-remote: TCP_MISS from a23-43-56-173.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 14,23.43.56.173
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e99ffcaaece1e8c7fa85e8c5033aa5c35fec92b8e0ca2562c1b2fc218098c092a58dea30864fb4f77fa334f6f2ce9b9e999eba7f5172d1aa5789a31320e5a592518935971cbb6b3e4748f956ec2654047
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 46ms
45ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:09 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=8 inner; dur=3
x-akamai-request-id: 39c74d3.30f58b4
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-29.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 8,23.40.62.29
x-parent-response-time: 15,23.46.157.15
x-tt-logid: 2023031615450863670B21CE212CCDAA93
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e899435f1b560bf0b6abbc234ebcc9ce408029d334febdc4536238ccef193c1ac87c75b7b57ce187eff990aae99338014351b4a9abc0b830a7a07b19ee47e62cb90036a4e86a7851c1c457e2c0fa8da93
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 53ms
52ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:09 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=7 inner; dur=4
x-akamai-request-id: 7e1cbf1.30f58f0
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-68.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 7,23.40.62.68
x-parent-response-time: 16,23.46.157.15
x-tt-logid: 20230316154508FA05DC63868AD1CC9144
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ed41d1e20e00fee99fa1fdca664039b7ce0031d2edd1ae6d229488de07a82567e3c7a7710f9df25569ad03557f906be74a7b5bca0ad0be53a596b94ce4ffe551f
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 8501 0
852 B 64ms
25ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 1568c14d.30f5904
date: Thu, 16 Mar 2023 15:45:09 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 36,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=5, origin; dur=31, inner; dur=6
server: nginx
x-tt-logid: 20230316154508C7C40A2D8B2EA8CD8AA5
x-cache-remote: TCP_MISS from a23-43-56-117.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 31,23.43.56.117
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4edce4ab94eca3fe6aecfed8bc6a500e938700695103a31b0b57fe72015a79540b78025464ec7ed84271a3ac53587cf2d4d210d9e51ebe55419c6982d0375eeae8b2a884bbd0e99ab9341077a215ab991b
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame A758 0
128 B 46ms
0ms Script
text/plain 8.28.7.84
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 21:48:12 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 204 v.gif
pixel.wp.com/ Frame 0A04 0
37 B 18ms
17ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/v.gif?v=wpcomv&sid=0&site=default&blog=56015379&post=1941&video_fmt=fmt_dvd&page_url=https%3A%2F%2Fvideopress.com%2Fembed%2FXO6mYVEb%3Fcover%3D1%26preloadContent%3Dmetadata%26useAverageColor%3D1%26hd%3D1&rand=748o8&video_impression=1
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Mar 2023 15:45:09 GMT
cache-control: no-cache
server: nginx

GET
H2 204 v.gif
pixel.wp.com/ Frame E039 0
14 B 23ms
23ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/v.gif?v=wpcomv&sid=0&site=default&blog=56015379&post=1944&video_fmt=fmt_dvd&page_url=https%3A%2F%2Fvideopress.com%2Fembed%2FxBxg03xe%3Fcover%3D1%26preloadContent%3Dmetadata%26useAverageColor%3D1%26hd%3D1&rand=o4grrj&video_impression=1
Requested by: Host: myreturnticket.ca
URL: https://myreturnticket.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Mar 2023 15:45:09 GMT
cache-control: no-cache
server: nginx

POST
H/1.1 200
OK report Show response
mssdk-va.tiktok.com/web/ Frame 8501 44 B
2 KB 50ms
48ms XHR
text/plain 23.40.18.5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mssdk-va.tiktok.com/web/report?msToken=&X-Bogus=DFSzswVOQDaikNbAtcltcPVeovgy
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.18.5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-40-18-5.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b097fc471c067f5960fbf018f38f1e00396bb71612d79be26976b8f18cf8da26

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

X-Akamai-Request-ID: 7200e4ce.6112156
Date: Thu, 16 Mar 2023 15:45:09 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-17-5.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 28,23.40.17.5
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=11, origin; dur=19, inner; dur=16
Content-Length: 44
X-Ms-Token: qRQrCcmlJHrWT7JRnabeStBpx4LYm-V_sIvKLlGLg5MTT-1lII4sSP_tNP9Be3d0zBiouv1zMN35YEZHvBr_FOBYUFs08nUfEyNxj91lIhxVOENQ8ZJ3
Pragma: no-cache
Server: nginx
X-Tt-Logid: 20230316154508D7AD10173587ED7D5DED
X-Cache-Remote: TCP_MISS from a23-220-104-8.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Expose-Headers: x-ms-token,x-ms-resp
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 19,23.220.104.8
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d95aa612f56c85aa9112aa2f9a8d6a9e0861e3a8df885c85f5160c657da264abfb87505a86b6ac99596697c37afca1fa83f461facd7213a043439e46728307c400f827b176a86fd3bf2af8b61a69440e61
Access-Control-Allow-Headers: x-mssdk-info,x-ms-req
Expires: Thu, 16 Mar 2023 15:45:09 GMT

POST
H/1.1 200
OK report Show response
mssdk-va.tiktok.com/web/ Frame 846A 44 B
2 KB 57ms
56ms XHR
text/plain 23.40.18.5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mssdk-va.tiktok.com/web/report?msToken=&X-Bogus=DFSzswVOQDcjwpbAtcltc-VeovgY
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.18.5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-40-18-5.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b097fc471c067f5960fbf018f38f1e00396bb71612d79be26976b8f18cf8da26

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

X-Akamai-Request-ID: 7201269d.61126cc
Date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-17-5.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 36,23.40.17.5
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=10, origin; dur=27, inner; dur=20
Content-Length: 44
X-Ms-Token: TpHyQQ9D9w6s9FxP-dIQVPg2xH6DL9U9O9oieeZ6x4FQRl7L735hYXTe5itqsaRToCL24OVsKe6DLMwUkTWzVbtlPelyC5iBApzOZYDJhQvvseOr8c9Y
Pragma: no-cache
Server: nginx
X-Tt-Logid: 20230316154509AF4F039D69E42B358B13
X-Cache-Remote: TCP_MISS from a23-220-104-8.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Expose-Headers: x-ms-token,x-ms-resp
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 28,23.220.104.8
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d95aa612f56c85aa9112aa2f9a8d6a9e0861e3a8df885c85f5160c657da264abfb6f9c18e9dbdbb2a3ede8ebe7f0fb00b8430cbac343cfbee9123d9ebdfc10c7e317f959ff61816facb5c4458deda1463e
Access-Control-Allow-Headers: x-mssdk-info,x-ms-req
Expires: Thu, 16 Mar 2023 15:45:10 GMT

POST
H/1.1 200
OK report Show response
mssdk-va.tiktok.com/web/ Frame E922 44 B
2 KB 45ms
44ms XHR
text/plain 23.40.18.5
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mssdk-va.tiktok.com/web/report?msToken=&X-Bogus=DFSzswVOQDcbTpbAtcltc-VeovZv
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.40.18.5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-40-18-5.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b097fc471c067f5960fbf018f38f1e00396bb71612d79be26976b8f18cf8da26

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

X-Akamai-Request-ID: 720132ff.611273f
Date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
X-Cache: TCP_MISS from a23-40-17-5.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
X-Parent-Response-Time: 25,23.40.17.5
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=17, inner; dur=13
Content-Length: 44
X-Ms-Token: gkN_1X5lFEdWBQdknoRFQtFZWmYgcgmu1j4Mbo-HW1PrSW6kS-Ei5KK-iT-gs6enDH2UWe_fNm8GWVmCsZRLaLr3t2gjLtezi6x7J4hgM8nHeitpNe8Z
Pragma: no-cache
Server: nginx
X-Tt-Logid: 202303161545094D241EBF100A623CE97B
X-Cache-Remote: TCP_MISS from a23-220-104-8.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.tiktok.com
Access-Control-Expose-Headers: x-ms-token,x-ms-resp
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
X-Origin-Response-Time: 17,23.220.104.8
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d95aa612f56c85aa9112aa2f9a8d6a9e0861e3a8df885c85f5160c657da264abfbfaba7e4ac5988c01894c9e4e1c495bc013611c0c9b996d76e3770b04a55db01f77df640bad216790a04bf56b103c54ee
Access-Control-Allow-Headers: x-mssdk-info,x-ms-req
Expires: Thu, 16 Mar 2023 15:45:10 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame B847 0
128 B 27ms
26ms Script
text/plain 8.28.7.84
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156344&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156344&predirect=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26pid%3D45%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:10 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 846A 0
850 B 42ms
41ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 7366af0.30f59ee
date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 23,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=10, origin; dur=13, inner; dur=3
server: nginx
x-tt-logid: 2023031615450995D0F6D97770E3CF2672
x-cache-remote: TCP_MISS from a23-40-62-21.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 13,23.40.62.21
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e74990e0b860f4eeb7d1bed2457d49ead3bf7883278497f0af7447af215c84f86e386f2eac132de94adb432d9207ca3ee29c71c2fe532a43e46e0f97f9f5107669d78d74f34e1f547837e079800f06ed7
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 48ms
48ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:10 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=13, origin; dur=13 inner; dur=3
x-akamai-request-id: ca6615a.30f59dc
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-43-56-175.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 13,23.43.56.175
x-parent-response-time: 25,23.46.157.15
x-tt-logid: 2023031615450949762AE16E7E5ECB0084
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e953c2a41d0c12f0cfe1fc484e76b74393823a443dad4da02b04e953a79f1adda0b52f6d88a4c4786efdcc8ad13e92b0b83bd9c717d7aafefe328d5c48308cbb35001704b8ce38250c90b9c7c7bf0be5e
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame E922 0
847 B 33ms
32ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: dc8bf6d.30f59ec
date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 12,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=5, inner; dur=3
server: nginx
x-tt-logid: 2023031615450901FA9F76BAC946CE2373
x-cache-remote: TCP_MISS from a23-40-62-5.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 5,23.40.62.5
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e6ad16cf1456243662c4eff076f1378fc245f7e7c0bfcaa613908601f41355e36b9640957ca7158dd8d317ff0bb673ce0a1fe59c71bc562c729bd9cf0ef1f417ab981c375b6b95bb1bf6da34a6c1835f0
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 44ms
44ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:10 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=13, origin; dur=8 inner; dur=5
x-akamai-request-id: 3b684cc.30f59de
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-55.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 8,23.40.62.55
x-parent-response-time: 20,23.46.157.15
x-tt-logid: 20230316154509A8AC78609BBC11CC2211
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e31e5c4f7706cde0ff16c20d885104de24db0774fdd05df2b5a2c706490bee5aecc5bb9e9bb89848a782c173c81fda0c7a2047a6f3ccc7d9a04e32cd804a2c5bc3ef6c73017584357c9c55432ef84f716
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 846A 0
826 B 38ms
37ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 3a2c9ea.30f59f6
date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 14,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=7, inner; dur=4
server: nginx
x-tt-logid: 20230316154509A6DE90833FCCD1CC09F0
x-cache-remote: TCP_MISS from a23-40-62-29.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 7,23.40.62.29
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e899435f1b560bf0b6abbc234ebcc9ce40b6c53f01ff90f686f5e7f21c7bef98effc2c95e79b06e2c7c48221eb7f770bc2c11d1c7e89882d524751c7ef32b700d
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 45ms
45ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:10 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=14, origin; dur=12 inner; dur=3
x-akamai-request-id: f74bbd4.30f59e1
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-43-56-127.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 13,23.43.56.127
x-parent-response-time: 24,23.46.157.15
x-tt-logid: 2023031615450955747C537676DACD19CC
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e79f35c995fd0da6c76eb77c4aaea7a2d9020f4e82ad9b8483929a60d153c573ca59fd6a122eb14ea61a89ec96060cc7c4ec91615d1cfd37db7b52a7e1af4268dfa17a0c02d5ac33ea1e159ca905e5cb6
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame E922 0
850 B 43ms
42ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: fe3a59c.30f59f0
date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 20,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=4, origin; dur=16, inner; dur=4
server: nginx
x-tt-logid: 20230316154509EF5DB712B76AC0CA7A08
x-cache-remote: TCP_MISS from a23-43-56-151.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 16,23.43.56.151
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e32fb66460484eae5f526b78ca888e001b5549b65bba81b08775d4ff02519f95343a65953f6895356cd587aaf0a78cafa57ebdc9f37c12ce30ac15eb7e7191c620eeae6872aaacd2cc6aec9234313fd28
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 37ms
36ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:10 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=10, origin; dur=6 inner; dur=3
x-akamai-request-id: 1fe6701.30f59e2
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-60.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 6,23.40.62.60
x-parent-response-time: 16,23.46.157.15
x-tt-logid: 202303161545094A316189A14505CEA69D
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ede01771363d581e7d348775fb07f73fbc96bb27257d2772a618db8b4729aea2d6de145ba06631d96bfc3595b03156e48597d157219101b8b2c32652c839883e1
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 36ms
35ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:10 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=10, origin; dur=6 inner; dur=3
x-akamai-request-id: 1dd9f5a.30f59e3
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-61.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 6,23.40.62.61
x-parent-response-time: 16,23.46.157.15
x-tt-logid: 202303161545095E989E62FE39DDCB8C87
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ebcb596bf50d0a3cf82b03d71b98ca8cfbfc323436f8d75254a375454b90757f04320d559b98993b1c8a2e755efb1b3c935b7f28c3b11fbd0847597cff7881010
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 8501 0
848 B 43ms
40ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 206b30e.30f59ef
date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 19,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=12, inner; dur=7
server: nginx
x-tt-logid: 20230316154509E53105BD256342C8BF77
x-cache-remote: TCP_MISS from a23-40-62-30.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 12,23.40.62.30
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e683bf2015df7eda2beacc99cafaf70bc47a5218505d27562d43ab84d8da9350dedcbb7f3d7c0092a15a0d1be4feb9ed8c95b944552937ec9e8e846724ec8b2844a5eaff714d69534bb2fd4a41514d0c9
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame A3E1 0
48 B 27ms
25ms Script
text/plain 8.28.7.84
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156423&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:10 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 42ms
42ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:10 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=12 inner; dur=3
x-akamai-request-id: eb9caae.30f59f7
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-43-56-111.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 12,23.43.56.111
x-parent-response-time: 19,23.46.157.15
x-tt-logid: 20230316154509999BEC58FDAA21CC4BB9
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e29d553c6858de80c527279c8b3235badb6f55b75638fe599bb4139252ce24cf4d1cdeefd702c50d49016dfdbb94123636c02cde239a558cd6ade0b90ca716eb17761ee86943af15fc8ac3680b64b027c
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 846A 0
849 B 41ms
40ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 183958a.30f5a00
date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 19,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=11, inner; dur=8
server: nginx
x-tt-logid: 20230316154509F9419AA8247D7ACCF023
x-cache-remote: TCP_MISS from a23-40-62-13.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 12,23.40.62.13
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ef35d68dab8929133ca324209ce9fc5fdd77c839cb63119705e2cda0c471fc7dbf40a099ce5bcb767f459add943716c82e04bec3bc99f4fcfdad4aa42ea65f5049c2647fa883866b57ba807406919475e
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 42ms
41ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:10 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=13 inner; dur=3
x-akamai-request-id: f2cc9e5.30f59f8
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-43-56-157.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 14,23.43.56.157
x-parent-response-time: 21,23.46.157.15
x-tt-logid: 202303161545099A3E0CF0624528CE98B3
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e8fa301275578a39504d826356126fb587891b7b94d0d0245d338451901f28327d7b998db4579c4504367554ac4987c2c4acaa5a0a401274f3e8873217835de04cf606cc2211527d0e15bf9d81e1d2e9e
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame E922 0
828 B 56ms
56ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 7e5e652.30f5a02
date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 36,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=28, inner; dur=8
server: nginx
x-tt-logid: 20230316154509551BAA7FBC338ECCEA14
x-cache-remote: TCP_MISS from a23-40-62-4.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 28,23.40.62.4
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e2168d1338e9d385cacfcaf5e47ecbb8ca54df83902f4cb1e6e647e7dc8b8fd62bff188769f24030e3dad291bdb32bc33dd34beb355ba6408c1c8aca71fcbaed3
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 8501 0
849 B 39ms
38ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 21a4f21.30f5a13
date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 18,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=10, inner; dur=7
server: nginx
x-tt-logid: 20230316154509B10AA605098292C9ED51
x-cache-remote: TCP_MISS from a23-40-62-46.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 11,23.40.62.46
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4eb91565bb9dccb0a40efd83c53127a8c974653dc4da2a8b333ccd02ae66d5b942cc71b73e8be1b4a981a4d99f297e3764e101cbb4ae90bdcedf92fafb1d75b6c243fd003d2de065a64c00ec8486dc8944
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 43ms
42ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:10 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=8 inner; dur=2
x-akamai-request-id: 7396e27.30f5a0e
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-21.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 8,23.40.62.21
x-parent-response-time: 16,23.46.157.15
x-tt-logid: 20230316154509ACF8C292611709CE5344
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e74990e0b860f4eeb7d1bed2457d49ead8a7d18316f73fa312a6455f8325f876050622e6f0934a15aa3b776d04083b77a9035d81ae44297a67faf3c761f5d87dd
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 8501 0
0 37ms
37ms Fetch
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 2002a21.30f5a5a
date: Thu, 16 Mar 2023 15:45:10 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 18,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=10, origin; dur=8, inner; dur=3
server: nginx
x-tt-logid: 2023031615450949DD08F2EEC3ECCF4BC4
x-cache-remote: TCP_MISS from a23-40-62-60.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 8,23.40.62.60
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ede01771363d581e7d348775fb07f73fbc96bb27257d2772a618db8b4729aea2d6de145ba06631d96bfc3595b03156e48cca42d909826f65a47f1738e52a99f5209ba51fbca12d188fae16599e80dbe92
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 34ms
33ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:10 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=5 inner; dur=3
x-akamai-request-id: 6f33a2e.30f5a52
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-36.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 5,23.40.62.36
x-parent-response-time: 14,23.46.157.15
x-tt-logid: 2023031615450926E06BBF3DE5ADCD0010
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e6a4f3bdaa52ad8225ec3ac756fb7057f255c73deff24cabd1aac52858e79330339b09fac9eddfd647536b9a47645fd823a635e5fa6b39da8859ea652e4424c75a4465777c66e29acf3dc94c70f1c3bb3
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 846A 0
0 33ms
33ms Fetch
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 1493eb4.30f5a7e
date: Thu, 16 Mar 2023 15:45:11 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 13,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=7, origin; dur=6, inner; dur=3
server: nginx
x-tt-logid: 2023031615451021A7BB22ECA3E1D233FB
x-cache-remote: TCP_MISS from a23-40-62-78.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 6,23.40.62.78
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e1a9944b1cf2b373887601db286516ddaed1e22b11f7232d0602b66518fdd617adc7c938b4a587873d6bfccd9666b4608a765f9ac0e2be2995f11c1fd5f715aa0
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 42ms
41ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:11 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=14 inner; dur=3
x-akamai-request-id: 1604177b.30f5a73
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-43-56-133.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 14,23.43.56.133
x-parent-response-time: 22,23.46.157.15
x-tt-logid: 2023031615451005D29D50CB7A4ECE32AB
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e3e2ca383a39d549f9c7c28fafade51c26d3d2749add33117d2721795947e74a43d2949f04cc5f7d13241f9e00239b7c8e73a1bc993db3748745c5c1edcdc91713788f107526a86db21166a2e8659d6e2
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame E922 0
0 56ms
55ms Fetch
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: eb9d3e7.30f5a9f
date: Thu, 16 Mar 2023 15:45:11 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 36,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=28, inner; dur=3
server: nginx
x-tt-logid: 2023031615451001E3579FAAB2DFCBA93C
x-cache-remote: TCP_MISS from a23-43-56-111.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 29,23.43.56.111
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e29d553c6858de80c527279c8b3235bad5594c901949a1b6b97a63327bf499e78827dbb1963de33f17548f6d61e8fc332cda4be985bafaef8594cdae884242df2
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 34ms
33ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:11 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=5 inner; dur=3
x-akamai-request-id: 1494067.30f5a99
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-78.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 5,23.40.62.78
x-parent-response-time: 13,23.46.157.15
x-tt-logid: 2023031615451021A7BB22ECA3E1D23401
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e1a9944b1cf2b373887601db286516ddaed1e22b11f7232d0602b66518fdd617adc7c938b4a587873d6bfccd9666b46083302b6cdfc5e6d24a85962a5a86e0489226bebde6b4665c35e7c5f95508ba882
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 846A 0
825 B 54ms
54ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: b7cc070.30f5aed
date: Thu, 16 Mar 2023 15:45:11 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 34,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=26, origin; dur=9, inner; dur=4
server: nginx
x-tt-logid: 202303161545109993C52AD07242CB99FA
x-cache-remote: TCP_MISS from a23-40-62-6.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 9,23.40.62.6
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e0c17ac2456ffbac34c4c03c87ae8b8b767f138668beac79a2450af5f85659f36f00894836d6a02977217b74dd18a55eb649a0ce6b8d6e88c00e6ad0ef91f4aae
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 35ms
35ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:11 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=6 inner; dur=2
x-akamai-request-id: 1df2059.30f5adc
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-61.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 7,23.40.62.61
x-parent-response-time: 15,23.46.157.15
x-tt-logid: 202303161545105E989E62FE39DDCB8CDC
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ebcb596bf50d0a3cf82b03d71b98ca8cfbfc323436f8d75254a375454b90757f04320d559b98993b1c8a2e755efb1b3c9dced9d4be45eb3562658d424243c6b74023a45fd0f277c20f54c689a6c731bbf
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame E922 0
849 B 50ms
50ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 7e3655f.30f5af7
date: Thu, 16 Mar 2023 15:45:11 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 23,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=14, inner; dur=11
server: nginx
x-tt-logid: 20230316154510A86B67BA251196CE61A5
x-cache-remote: TCP_MISS from a23-40-62-68.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 14,23.40.62.68
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ed41d1e20e00fee99fa1fdca664039b7ce9edba8e7eb176e2460d1c1b704e01b95c6237861783eea944d38a549e6ae08645c3aa41432aa17ba84740c63af3adfca18e00b0de2fdd569dd4d46175011f84
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 43ms
43ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=tiktok_web_embed
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:11 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=16 inner; dur=4
x-akamai-request-id: f74cffe.30f5ade
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-43-56-127.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 16,23.43.56.127
x-parent-response-time: 24,23.46.157.15
x-tt-logid: 202303161545104826FA65DA2AE9CEC1AA
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e79f35c995fd0da6c76eb77c4aaea7a2d0c66f48d4d2a1c07f07f18bf15ef922250397f3efaeafb5f6f592450a709621cfeb7aca7931ec076ef01b760f83705f6f085a476681a114591602d4ab7483df4
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 846A 0
850 B 50ms
49ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 21a9ecf2.30f5af0
date: Thu, 16 Mar 2023 15:45:11 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 30,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=22, inner; dur=4
server: nginx
x-tt-logid: 202303161545106DA9E24FEFC318CD3A67
x-cache-remote: TCP_MISS from a23-43-56-119.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 22,23.43.56.119
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e1239aa6fdf6f6112355b75a02df46cfd3b101b91904e492abcfb963cce841122fad8e861792b538e611e15a2daed72ace5fb2a2e117647f32e09fc46e0685abe9794dda6bfef8c14534ad6bbf19cbc3a
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 34ms
33ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:11 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=5 inner; dur=2
x-akamai-request-id: 2002a7e.30f5ae0
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-60.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 5,23.40.62.60
x-parent-response-time: 14,23.46.157.15
x-tt-logid: 20230316154510D712290C1FE6BBCE3E13
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ede01771363d581e7d348775fb07f73fb409a90180cdb4574e1f05b54480c4656786ef463948a49c577b2be101d78d0c156cfc67d018e9419ca9d7a353655a7a1d8d3f268202d13d0ae7e6fee1b3537e0
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame E922 0
851 B 49ms
48ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 1a953448.30f5af1
date: Thu, 16 Mar 2023 15:45:11 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 29,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=4, origin; dur=25, inner; dur=4
server: nginx
x-tt-logid: 20230316154510E15FD65161EAF1CFDA61
x-cache-remote: TCP_MISS from a23-43-56-103.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 25,23.43.56.103
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e1a3986df5f8b57cfea7fd6f0f198c18941366cad0a4fe0e72ac97dabd23489cbb7d9f812f891c10583d1b2d7368241f51fd6efde0c8f45e663eececfef096863cb2b15466508d2b3fffe52af8dcc52fa
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 34ms
33ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:11 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=6 inner; dur=3
x-akamai-request-id: 1001869a.30f5ae1
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-31.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 6,23.40.62.31
x-parent-response-time: 13,23.46.157.15
x-tt-logid: 20230316154510A289B2B3FCA833CCECD3
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4e7232a38bfbb1375b6dff90bc852a4f84305fdfe5b57388675d5fcc1dddacf991003e34b3d6441734759163cd753e792ac25eb11c424234738e7fd7048feaa9a3fd415ce5b585139f8fb3ee335f860441
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

POST
H2 204 / Show response
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 8501 0
853 B 58ms
58ms XHR
application/json 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Requested by: Host: sf16-secsdk.ttwstatic.com
URL: https://sf16-secsdk.ttwstatic.com/obj/rc-web-sdk-gcs/webmssdk/1.0.0.460/webmssdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tiktok.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

x-akamai-request-id: 48615ea8.30f5af6
date: Thu, 16 Mar 2023 15:45:11 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-parent-response-time: 28,23.46.157.15
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=MISS, edge; dur=10, origin; dur=18, inner; dur=4
server: nginx
x-tt-logid: 202303161545103A3823759AD48ECBB49F
x-cache-remote: TCP_MISS from a23-43-56-149.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
access-control-max-age: 600
access-control-allow-methods: POST, OPTIONS, GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-origin-response-time: 18,23.43.56.149
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ee00e186bd651d9100523821502e09220539381a568261f6415b1f5db8a200a4b83181b7c299c60ce51436b615e2828ca28e2a629ac59fb1d9e86900638793773d865bd0160f3003ba04ee2a44f4ec92a
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV

OPTIONS
H2 204 /
mon-va.byteoversea.com/monitor_browser/collect/batch/ Frame 0
0 35ms
35ms Preflight 23.204.152.15
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mon-va.byteoversea.com/monitor_browser/collect/batch/?biz_id=webmssdk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.15 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-15.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.tiktok.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token,accept,origin,Cache-Control,X-Requested-With,X-USE-PPE,X-TT-ENV
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
access-control-max-age: 600
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:11 GMT
server: nginx
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=7 inner; dur=3
x-akamai-request-id: 80d6f89.30f5ae2
x-cache: TCP_MISS from a23-46-157-15.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-cache-remote: TCP_MISS from a23-40-62-20.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47096334) (-)
x-origin-response-time: 7,23.40.62.20
x-parent-response-time: 15,23.46.157.15
x-tt-logid: 20230316154510D6604BE3B4C320CCD219
x-tt-trace-host: 01f0a1dd30175b5a8aaddc8bb17a00b7d9aad462615b148f2e4a56e76243f60c4ee9da22d39595f5f40aef1de29482d5e28fdbcb91403afe632d7be32778c2a0d8a2814d63b8520a2e1e26d400c65faa88aa98f454d50600b3bcd9a9f4b1ff8792419f3b5409316ef57a2baecb9bf4eec9
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 61BC 43 KB
13 KB 107ms
107ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa604e742c31ac%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f35600ad8da7f848599c63b2ab63bdeadb87b87ec13e6a75d1e10e8dcbb1c8cf

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 6tB3qBNlx8KKqF10DGgujapoaYQNiw5TtM54Fac24FgPQB5hb6iWhrluqig4q/MhaMWLD+cqwqk0+mN5EGXsRA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 4F7C 43 KB
13 KB 90ms
89ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e82c02276b28c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

24bfeb8c2001fbf404d916c211663a18c07e15a34b62f48ea6a89bbf00a1655b

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: PEMEluGbVj4mZYBlZiXU/V6ys2qHp963GJ4odvLK9FYG3jAJeEZfn6uyHUPAJEGMpZRY6EHxw5gr5Zesppo1xw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 04F9 43 KB
13 KB 95ms
95ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ceaaf0d3f1fc4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d3c805b737a38026d7942ec389da445e2ea058550842846a458ac09b9d03c953

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: hMJVEa5autWaI+KTaQFcFDvUPuYhqNWT0FLHpYGeI89hff+zpftU7foz3mo/1IwNoCNVxLOrJy7mu22wI4el/g==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame CE84 43 KB
13 KB 101ms
100ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3759e91862222c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aabb81e8ca89df24d05d690d7843eeb9c88fddd714a29a5caf2c0fdeddcb9519

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: k17igCNoiMX7pijqseLTPC/fkVyRAw4ZHRjOf2PDZMxy3CNyt91GwsKc2aoycENVBoapngcBmyasP4R3XoLk7g==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 276B 43 KB
13 KB 102ms
102ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df30ae624edde5bc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fd16b6a5609992d1c58fbb173db4e30c78e4639527aee8cebc40f23960016ce7

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: xWp7i0n4I8cVs5g4wZKWvjO+iwR/Yfe5JEuhlqTdcfip6fK1Jn1FqtfmrhHq3FF/nVIR4ZM5ZI2KkUJ7r6uQ+g==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame F4DA 43 KB
13 KB 170ms
169ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1bc6b500e117d%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

88dec960d00fbbae87d69f27bf0c1a6b8045ec286ea15b694c191ce0f681f581

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: EDK8TJXM/ulA2gdqrldhAGf3N379eG74Vg+qHPvwWgKWoKsbusYCMX4B3tp8j4jfORMTmBynA+gX+PAK8O1VSg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 10C6 43 KB
13 KB 94ms
94ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3531a3e96c73f%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5025bac324e85e4a8e7e7d685ae202c70bd8ffe8960d8afc4aafed62745def0e

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 0oW6eBcnIgRms3l4LJms785eHULObuqxQa1YSI3tLLzaDvDmLB9HsmIJ2cbM57Qg8yftZxFCDjChb5mKsoUjQQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 0F8E 43 KB
13 KB 120ms
119ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df345f004f3d9bb8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

940d67c5e6edb9bd6e78bc96aaba722f0991875818055ced9438466dd24d23a4

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 4fLWCGjwx0SASvpn6yCMulqaKDBCYv2+4FskartPQjVxO5TBV1JHo6YE2+dd+n94C4UuvnETXvSpHXnFa0rYXg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 3C96 43 KB
13 KB 91ms
91ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df10a12182b8afa8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

53d1124a84286074a4b825a8456b22329da65ddacb4d762c5a6c0bc9745500d2

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 8/pzsbyz72XCnPZXPcP/HKduOEF4p9xo5fsu/JMdM8Var/8GBzQ8jry31MIDLA1pLxJLkXkTXfb2c+fIipiY6g==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 79CA 43 KB
13 KB 92ms
91ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df280f3fb4e3365c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

90242b720debaa769af3d359ba813842af99cc1fd4ae3f4d61114bcca2674605

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 1Rb3iAI6fsEKyJtWF8r32wJUF51yUkZIMLwKVFl1CSlBwP6Ee2Vfx8cLF4h4a/DWm285NYjdxgHRiKlPRfkjWg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 6EBA 43 KB
13 KB 98ms
96ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2421e728713a64%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1ef1560addcf7272b9e3efa956bc4ea4cca2b58694c3b0caea1883af0c27061b

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: hQRfogt14VNVbleRbLjCSl+NSvTgLZLwu1mk1QCABui6Do2sfTuszjyPy4ACtf/Qk3n8GFhyct79kZ1OgchflA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 2B8F 43 KB
13 KB 91ms
91ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2039d92ce9d9f4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

479a304588db1854b032d1b78564413e9dd270f4c546c378e133a0f592125ba4

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: ptlk9iDSpco6pAIiQ6ISU9TIJo5kcYjMSrrPHn0b9sBttwB62unHqfFxxi4I9LeSrwsV/lwoE5LcrhWLlZpaNg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 7B02 43 KB
13 KB 85ms
85ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2694ac9260ab28%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

44a761b080ebfef1ac252a597dc0b3a95c7dd52a198e19ce66926343d7e3976a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: sIqazgFan9VoAspTduOjl5RtELaPCyIw6jEatuypNyJc0Oe6clKs0XggOoH7GBK24Wv58vAcnpNpLJUvCIhRPA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 5B07 43 KB
13 KB 105ms
103ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1fb0354fc0ba38%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

070df4b3ad2812a3efa90856c75470a33e9151e178519010866846044e7631f1

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: i/s0CdxfxQexLCCEmp9toNyjAXf3rrZew16LH6VZPz5il4zzUF5NZOwxhz0KRko1YT6QE+HjBE2f2vnQKSLvNg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 9AAD 43 KB
13 KB 94ms
93ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2fcc43b0bb77dc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5323f300b1b171659cc26cb6e5eeabc7b2e25e51d0dcabe57b63e269f982b79a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: kC3PofP5P0mFYtJF0kSAKtH0R6TIMt7rW+1LbZkyr2K38p+PMTyORcRUNc2AVIfvBsGVWJJPV7lMziO6do5IJA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame C5F8 43 KB
13 KB 88ms
87ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e1b9def524708%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6bed81d640861b73c73d7c0822e71df139a10551a18a5b82b1c493a4da20c2dc

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 7M7BYW8rchwimbdDcx60kbspXlfDVAOdtgCWL0NNEyO9PxbP1F7VTeIP+77c+zN7ErXMq1zIFIH8dwRBoFMSyQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 5B8F 43 KB
13 KB 82ms
82ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23f43202bccdd%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

af43b638a4229ffc7b81fa1914aafd1b9c4ac296345b568544d0673c7a338fb0

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: DBCyjdeyv7aV3D/gV3WsPiTm4OwsDqBP4Wa02zP9kkelYwAFhfyjUImXrlc9/yRfMX4+jy5Z5j/vBd2rokLwdQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 98B4 43 KB
13 KB 95ms
94ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3cd54f3751a484%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

07ff480685fee392e4f8580dc32bd6cb908506b0a9599fe33aa826f1f0a25e2d

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 1MH3u7k7M8Kw+/dbBKBPsfGbcW1FHohxPznKbHDCEVOOujArqI+80FRMmJN42mSIuKuTvSVpSxdOmJ3A/UD1Qg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 09D9 43 KB
13 KB 91ms
88ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e693c36dca9%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a8b8d32e43a9da143d82e258571b2a15fdca6315f712502cb04c35aad0e389a4

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Rwa2lEF26GwiyCXCzzIP3WFQhexZqiTrR8uapDhV1dQllg2qwzrmQbIz8C6MxyxzRHskqRWiKnn1aDiUgsqKqw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 1F04 43 KB
13 KB 107ms
106ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2a7d97219698%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c2b051d53ba403c8953a386369a33fcf2e58ba7e08177194cabcdba7a52701a2

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 67HqI7twStNWNtBJyc48BZV24RRTS3j000pTzB6DtOFshy7xPAThR879K7AfdGP6wreVntfE52gx7khpwP7Unw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 88A7 43 KB
13 KB 81ms
80ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df15614553352c7%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

25327681a11396ccb404f8d6cca63eef4cc90ec1731f2dec52461c2fa1ff749a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: +9+nd0Rq11a5ESuO7v/RStFdY4ubx7gMtCiaWeJi7zIbGDjO56GPOJ9hA51HGjrsOQhcQqrA8EpzlheHPeoCoA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 460C 43 KB
13 KB 91ms
90ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19477c578525cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6500ea459acea71d6708f18ed81c0a9556f9277f4c6bd5c5865457a5f8f18ebb

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: lN/dATypb0Zyy4czYkJFAP7OMLBYl6GEFKCxNHjZvRw5/3mYjaUgfRKm7qgS4uywDp2SIV1fkHgqe/OcYCg73Q==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame BBF0 43 KB
13 KB 144ms
144ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df129f97a55c4744%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9bed24f08cdc0eeef8f1f4bb52d2393b32099c9410678c6324ed6bae45d20114

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: b+Y3d6QH5GbIittY7naNMYoMe+U3Pg32Aac/KsgLTwslL2beX3MHOtCoe4NrwXGqJOUqIG8ijHKn86kNoz2xSA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame D5D8 43 KB
13 KB 88ms
87ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dc0d01cd674f%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5c164c47c51642258f413a6f8083c8dfd6b8c25dd4d112c116d52d04cb9c1031

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: AaFyyhV1qhxouAbmz/nXcmsv3ZAeqSPmlJkSBzxw+yvJBOh+Mwy6T0eyoeHMw5fST6vo9XHwKiRUDi2H89AoCA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 8164 43 KB
13 KB 92ms
91ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff780c0fcc2294%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2e52bcdc0b91cdf1060c6b1b62793fc25f919bba2183c9a828ca14740f4a7a92

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: kATsip8k4yHpKbDxI8BBcZXOvv/Wwrth/U7htbRYWrHbucfZs5VyoaEkGd5UhoJTEAePwyLfMu1np8U2tWjvDA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame CEBB 43 KB
13 KB 77ms
77ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16353caebeb17c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

72664adbaca56185f8a36cf96ae29bd00389eca1a693bc48a331f9d4feb6942e

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Lu2GxytIIVfXCOpRGn1VFW5wElKuPghRsLXeGawkgzRTOctcOXYsFLO8tsvPJKyGV8JK7y2wsLyayZ8SIHFIbg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 560B 43 KB
13 KB 105ms
104ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff83aaa049d4f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f70e786fd62f0d65e8d9b60532bde7784a5d87fb5472124f272e503c8dad1d50

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:13 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 8t7KIBwIHzdaWtcEGoL011lQLeUPkLB6dbsvjBJrrg9JTUJNcfPa1SHI/hD8yVSxczZQckvxbMWM5XqbCh7jcQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 3E5F 43 KB
13 KB 111ms
111ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df35f15ae0bf7c18%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1f27cb09e28927a4d80ca0a864a6f9c99ecc2a4d97fed7c7dc8b6324b25e1150

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:13 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Zx5+O0++eSWO1C+gkQsLxE5Z+Xv0UWfwRLhcXLs84lHIg3FqAypBcXBkB+EaXNzK1yPcvifpwVoMa3/HdvtFkw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame AF5B 43 KB
13 KB 95ms
94ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1520118b20df1c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bec03ce7a69cba3f0c0db4439e7c839017913d8d3596eb96e3c7bed807b73fa7

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:13 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: +lYg7LmvRyi+woHhsGiE+zmQYOcuxeAFVSed7M4GaTF5fJ4a1hcVc7W75dQ6pMNb1aIWLIeqAjFmzCGnEXfPgg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 1867 43 KB
13 KB 82ms
81ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12a5a804263d7c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

37d030d02d5d28046a3745ca9a4b6459667753c76bd6f3114f8aed0508a24beb

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:13 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Z50gSwvQkaakR4kBB14oFVqmMIPOxIqeJcBNkrtE1Gw5Nw+ORgZ2ub1dxiM/KGlOPecVbgf3D+tnrA+CVTExMQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3

200

/
www.facebook.com/login/ Frame 9A9B
Redirect Chain

https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df35b69ff55423d8%26domain%3Dmyretur...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbit...

0
0

125ms
124ms

Document
text/html

2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df35b69ff55423d8%2526domain%253Dmyreturnticket.ca%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmyreturnticket.ca%25252Ff3eee10fad7a17c%2526relation%253Dparent.parent%26container_width%3D0%26height%3D577%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmyreturnticket%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dtimeline%26width%3D338

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Mar 2023 15:45:13 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: iukxRlcFF0bSPiSWgQ6q4fcQTqJOzA2zbhfx6FiiwDId2QN/AclBqcKsVUtX9FVasr6EeYvQBcl6oHCKO1ofqA==
x-frame-options: DENY
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:12 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df35b69ff55423d8%2526domain%253Dmyreturnticket.ca%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmyreturnticket.ca%25252Ff3eee10fad7a17c%2526relation%253Dparent.parent%26container_width%3D0%26height%3D577%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmyreturnticket%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dtimeline%26width%3D338
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
x-fb-debug: HbE0pLOBgRrUESdhnHY5Z4sulVc1WOgucMWAQ+jYQxu/jtj57tTPum9geAKsC5LPDu6glZe05sZaZFWDjOSE0Q==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 61BC 272 B
324 B 31ms
22ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa604e742c31ac%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 4F7C 272 B
324 B 24ms
22ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e82c02276b28c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 04F9 272 B
324 B 30ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ceaaf0d3f1fc4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame CE84 272 B
324 B 22ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3759e91862222c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 276B 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df30ae624edde5bc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame F4DA 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1bc6b500e117d%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 10C6 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3531a3e96c73f%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 0F8E 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df345f004f3d9bb8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 3C96 272 B
324 B 19ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df10a12182b8afa8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 79CA 272 B
324 B 19ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df280f3fb4e3365c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 6EBA 272 B
324 B 22ms
21ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2421e728713a64%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 2B8F 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2039d92ce9d9f4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 7B02 272 B
324 B 21ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2694ac9260ab28%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 5B07 272 B
324 B 19ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1fb0354fc0ba38%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 61BC 522 KB
135 KB 20ms
19ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa604e742c31ac%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 9AAD 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2fcc43b0bb77dc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame C5F8 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e1b9def524708%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 5B8F 272 B
324 B 21ms
20ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23f43202bccdd%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 98B4 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3cd54f3751a484%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 09D9 272 B
324 B 21ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e693c36dca9%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 1F04 272 B
324 B 19ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2a7d97219698%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 88A7 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df15614553352c7%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 460C 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19477c578525cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame D5D8 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dc0d01cd674f%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 4F7C 522 KB
135 KB 20ms
20ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e82c02276b28c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 8164 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff780c0fcc2294%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame CEBB 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16353caebeb17c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame BBF0 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df129f97a55c4744%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 560B 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff83aaa049d4f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 04F9 522 KB
135 KB 20ms
20ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ceaaf0d3f1fc4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 1867 272 B
324 B 30ms
29ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12a5a804263d7c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame AF5B 272 B
324 B 61ms
59ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1520118b20df1c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame CE84 522 KB
135 KB 52ms
51ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3759e91862222c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 3E5F 272 B
324 B 41ms
41ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df35f15ae0bf7c18%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 276B 522 KB
135 KB 37ms
36ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df30ae624edde5bc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame F4DA 522 KB
135 KB 26ms
21ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1bc6b500e117d%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 10C6 522 KB
135 KB 31ms
26ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3531a3e96c73f%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 0F8E 522 KB
135 KB 34ms
29ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df345f004f3d9bb8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 3C96 522 KB
135 KB 38ms
33ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df10a12182b8afa8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 79CA 522 KB
135 KB 37ms
34ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df280f3fb4e3365c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 6EBA 522 KB
135 KB 57ms
54ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2421e728713a64%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 2B8F 522 KB
135 KB 31ms
30ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2039d92ce9d9f4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 7B02 522 KB
135 KB 28ms
26ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2694ac9260ab28%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 5B07 522 KB
135 KB 25ms
22ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1fb0354fc0ba38%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 9AAD 522 KB
135 KB 63ms
60ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2fcc43b0bb77dc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame C5F8 522 KB
135 KB 27ms
22ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e1b9def524708%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 5B8F 522 KB
135 KB 31ms
26ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23f43202bccdd%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 98B4 522 KB
135 KB 36ms
28ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3cd54f3751a484%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 09D9 522 KB
135 KB 37ms
31ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df29e693c36dca9%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 1F04 522 KB
135 KB 38ms
32ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2a7d97219698%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 88A7 522 KB
135 KB 40ms
36ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df15614553352c7%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 460C 522 KB
135 KB 41ms
38ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19477c578525cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame D5D8 522 KB
135 KB 65ms
57ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dc0d01cd674f%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 8164 522 KB
135 KB 26ms
20ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff780c0fcc2294%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame CEBB 522 KB
135 KB 26ms
20ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16353caebeb17c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame BBF0 522 KB
135 KB 26ms
22ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df129f97a55c4744%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 560B 522 KB
135 KB 29ms
28ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff83aaa049d4f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 1867 522 KB
135 KB 29ms
28ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12a5a804263d7c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame AF5B 522 KB
135 KB 26ms
20ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1520118b20df1c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 3E5F 522 KB
135 KB 31ms
28ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df35f15ae0bf7c18%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=77&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame A67B 43 KB
13 KB 106ms
105ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df322aa5fff2c698%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8dbdc6a09769365447f2956f10b02b3f1fd8c7b3efc36b0653770ebb12bb8f53

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 8CKTbPLRvMdVS0/tXBcrp98bKo7b58lfbpWPyOE41A5bpO03MwKS0nMEKPMgrnm0cxBEa0ZYSSzyJmA7gstAfg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame C95A 43 KB
13 KB 116ms
115ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbec8cbf944604%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a06a95ea00628094b12ee3d0b282b697cb39e774a4a67a59b8f66b6e4c85a86e

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: vR779jM2zuYzkuzh13c5gtoDOduGbFp9hS2P2lmxuKtJ1VKZd2cD/IrIz16x0CK4BUK8ePuWHOz7hPf6w4TApA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame A388 43 KB
13 KB 97ms
96ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2d5e675377f6b%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b68f4c5a0351dd567c9aa229d1ea90af6a2148fe8c8f36083619c7316fb1fa79

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: QxbxQegH6hWpn+LFkorrHyLgpGbBkf4woUzDk4ktFTKoe+sI1hZwp4OxqPbV1pcoBpow1hnGsjbVXnMKs2C18A==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame ECE2 43 KB
13 KB 86ms
86ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfe1ab8c60b9ebc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

989f334ed5cdfa37f48f933cfda28cb96803adfad94ec1ce5697d7b58737e4f6

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 5xyZ/epo+hEaKIq1PHSNSsw5Gvrubd3Zq8upMGZgiZ/fTwLsWF6gc2nUKpAqhIbbWanZzaEcJvAGoNdQvC+iYA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 3C4D 43 KB
13 KB 85ms
85ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2409024ff246e8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

19b57e82d970a1558a564d468bbd474187062c6ce3fd4035539080ceca3e4fb1

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Odpup1AWGylqVb/ItcW5qpgeJnNcBWwIT6dz25F6Knnth0lbhnI1VnVHrHZEmhukreOV2/nhIrEfrYxWTxzjMQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 0EDC 43 KB
13 KB 90ms
89ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2982d8fad261fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a318b95438ad006eba1587fbb33a6cd6be2bcb68759e6db7303851263e9d86f8

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 9Fm+ejc0VCyLr8EyrpO2lztovInQVTsG9d086ZrE83u+87MmR1ORQrKAGCQdk5yDINuCy254e6+FBal0EuzRJw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 43BD 43 KB
13 KB 332ms
331ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfcbc2d4378bd04%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

38f8855de58b8be47870f11e2fcb2502bcac87a342f4e68079371388af0ebca0

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: OL8UTGqHJ3NySdAUPRUK29YAIGVthehfGIiIBi5imXddcqJPoDAenR8OmcIviKpeUGlEKkFd99edmHxHXg7+AQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 210F 43 KB
13 KB 86ms
85ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df44276b11a154%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

789702f65833aa6323e0fa3286829b1efe6fcbce143363f3acdb0c11622a776c

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: X8yd+VGIjwo5GlDaHBj2RT3hughB93Gw5cElR5WYx9tqESRAPEekRKG2fNkAyk83LpoHo59bGBZOrgXoPfCbsA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame A29C 43 KB
13 KB 299ms
298ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df13d5bebc42299c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fe01a884862a9fc8f18526db1bd61dfc106b692821df5d965ccd3046b23bc65c

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: ZIMhVGCUDKBER/581TgstoQQH1vqLn0GbvzZwvstNYAvNk3cVRZNRtJb2gaqr6naqw9Kq9TbiuHr9eO/Dscq8w==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 5E5B 43 KB
13 KB 81ms
81ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1973d92a755c7c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7c05a4475469ffeec0900ab894a10b93c6e1a4ac7f9f0ed7d8931bb10d54cbae

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: GtDXhdpKvtFv5zyU94FNcYWNhegaJOlvTycIOsn+aXV40q/y2ic+cDtbA3H9MLV6qUBH45o2khxhYbESk6Y9uA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 27DF 43 KB
13 KB 289ms
289ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df154e0a70d32e4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1685dccdec161950556c43dbcbbd7fb467fdcce0cc3bfae9563c31a82e5c47fd

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: rkYhYXbK+T/QhrUX1K4yZR0/SoeURXdsK3CcRVGcWh0zMGZbRh0mAuNJj0lPkf6nTQPWGkeo3lTfZLC+yzmUFQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame BB80 43 KB
13 KB 263ms
262ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34c01db24a1e18%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7b9c955184c035663a589d8cda7d26899570883e69a72b9b312f920cb451f144

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: aFSjTFWr9T7l7pRNeEtHlCfXiQXFqzh/M4aSIKNldvYCnjSIPK5UdzJJaYdMQgBwov/r32mXIZtjBmXyPICvzw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame D237 43 KB
13 KB 256ms
255ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1343261f71a924%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

51a524f1017aebcb45ff710848c36ea0f42c1f89fe0abebf21a3661a4070d4e0

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: +uhVHTVBGL2btM4XWA2XXQ05f3vT9OoD51w4TavCVV2ASU7lzedAu1SvCm7naYt75zsvfKpXVWefZGVlC0wKqQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 2D28 43 KB
13 KB 245ms
245ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa966d51f93fc4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ff727fd212923b4b4646cd9e0036512be9a33929b023b5f6f8b3d490dcefb439

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: BLDwB/PIyC4sMKAuriQtEZEVraPF0dMeluhLY+du07IB+W+58w3YrOjtW5Bb2rl3sEC2Wnzs+gEFN4QpahWomQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 4448 43 KB
13 KB 233ms
232ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e62799d5f9504%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

602420af75c791682ae9f4a1553fa935ac2308dbf2ef8b1f4dce63372b12dc6a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: GyWcf2tR/YbHX+3kfHpydHwRUp94uBhbMEi1JRIFShHaztkfb0A1BPuJymaLDgTydXFwbItItSb44E35fhw2Sw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 0914 43 KB
13 KB 230ms
229ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5d32fff495d8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0c546df93a10e40951f3b03a869487bc150e8c1cf91af619e9ea45275a104f1d

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: T+2FT03zl1lVPAlaaRhat+V319m4BUYfqA7n12dUvrKbKY4Sz8nMFpRIYJINUtEHn1xTIEK9pBrqBfDrFaGseA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 2435 43 KB
13 KB 271ms
271ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3eecd564d8102%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

649a3f5c2d09ff6f5972babd1e422e028f40bac1207c89a384090ea991155924

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: hXUuF6dQ+ze9ouUV7j+i9MLLhla1s7Pzzt9/8ykHpOSHYShsljLXYdT7dc+QFhofq+JIesXk5Kurw9B1L5ldfA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 94E7 43 KB
13 KB 285ms
284ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ffc9c19eff574%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

527ba0f1bf89ab0bba319665d0cf34f958a50b139dac9745efd5feadb0db1cd5

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: jWcc5ax+FQ5Ul8a0o84dl3+gk5x/WJ+hxufC8ufYhB3akb/7N5NtrK0/gEtiOcZwYCAH9RkTzs65SyHP451r9Q==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame D5ED 43 KB
13 KB 404ms
403ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df249e81834d5628%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a26cc6d2eb0e784ce0fff3b9af99f69ff41082682e3d52dea692e1c91dcd18cf

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: qWIABiLmiosb1bKAwMOsMOUpeDGPZdJDRAuAHgfTH85Tt896THAKAMUGgjDqoOkc0PCgC2AH3xVRrQporrvsVw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 91D8 43 KB
13 KB 234ms
233ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e85679935775%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cddd809d3fd2a18840dafe8e2ba06f4c8c35d699064c1091222066455feaca1b

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: UVetZXUnGpj0vKoqv4X30KbZfYPGuboHaqvWIXEtmlA28Dcuwf1z8RcLLJquMBLwlkP2BVk4bD6ZmT/cxJI7dA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 15FC 43 KB
13 KB 243ms
243ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8b18f413a03fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e57d9c3364c26938cbd62b9b74587764998362b428d85df0cac67700863c7a9c

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: kJFFAcDj5RR1xzF+K6rOuLcH4Z+cruMwY6UuvA1bi4kGKPYKwFJv8dlZeD20SO3386ilZtpC6JZo5iPVXCI8yg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 76A7 43 KB
13 KB 229ms
228ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3240d163862814%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c1e0b3bd7d463d74a6ac829c3d8f4dddc93369e286a429dba482b85ccb2ecf24

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: j7XSPtWLq2jZNwkTma/UPoqrpsrqbqNl94XCkS+AfnN1JrUMPX+CoUyehCjy4YqzMWqw1qGA7URibR+FEUC++w==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 510F 43 KB
13 KB 189ms
188ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b6855637f21cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

619408a749226ff1011c63b9d2725297ae51004e284c736cdd9011a74e239529

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: WpeN5WnjrjxMk/tA+Ns3MV8U2kVaJEnIKImQyimFDUzHxEECwG7BXi0sKkT0iEO9UQzdO3V6/HE1KDC9S4jPQg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame E1D4 43 KB
13 KB 197ms
196ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfd2d4a7ccc745c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9eb78ede7ef459c55888476fa1928313daedb60e3c61249a7eafb52807055b8e

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: TH4iJmQrAyhknrFuhXBzrMJMOpsGAGsEtsUDwxlnj/514/hSHdE+Jcp/X8vaTdmqetnNe7XKcK8CD81VMuvmWw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame B674 43 KB
13 KB 173ms
173ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17a4397725e0a%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

09c4c80884a6bf6f714f31b25b38e4e7c0f554c57fa146a3458ffe2fec63075a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Gtd/6Ee57x6PRPNNt0yV6Ucf/BPR5oISV6p/TtLH66SyEI2EQLwr9xkHcLBMnlHL8Qhiuk9XX81Bf9Df7yEdcw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 9506 43 KB
13 KB 174ms
173ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df119bae9231e7a8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3e80cc3d9eddff70ae2e3a25774d1438f4275b019fb718fe6be8bd2e0e8ddc8

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: dxLUf9/7fy1bwcBo0Cw6y2ILekdQYSJDMsR/mmq7Bl2Mpd1LNr5VsdK8cuK6LbpNfTcUlTyOpLLFdZQeTSfkUQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 0DBF 43 KB
13 KB 174ms
173ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df61d3579e4d1f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

85d38d8547a9fa3fdc1e6c2bb62068f8401eb350a0d7e732e10a88473c46ce0e

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 2iGNuvzQ1wXs8thOTzvfHrYxpTGiQ3y5ic/x4XvvNp4pyPMAWGVx/X2hgFJx34tP2ODZ0a2Y8ifKavblbivdFA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame B73E 43 KB
13 KB 174ms
173ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df39d091c585c9a4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ff9e9b2d641405ffb37715f67f0f683096091438368fc3dddc67a447a7f1fad3

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: RA4KdiRSMFOPLvzkioPoKLagzj1I7Aj4JHyFTize8UKmFC2XgT6j6aWs5SG0MjEaZgb/TQoBu1qJaHJ6rSDVWg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame 67FC 43 KB
13 KB 151ms
150ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df374d0b8b1175e%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e5dc5b5429f167e31f456365da488fea9ed2fec4e657f051705ca82734619145

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: nfIVno7Qx8n9HGJyo/wUBzh2b9H4HDy1Brq1AFIf9sR8iagfA/Wrc3oF5l+jq9PMdp/Z2Ppb93gdS/mVuhubEA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 share_button.php Show response
www.facebook.com/v2.3/plugins/ Frame D367 43 KB
13 KB 132ms
131ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2474b1e0cadaa8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=64277dbac840e4bd341bc77c7900d000

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f434ed5c095e5242f77ababc08f128304d3fc0b8f28988989a117f2fc8ad4a18

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myreturnticket.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 15:45:14 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: uIO5X2QAvmGr15rvUXiGG5YI5KWIGUf3Vnm4rQYzW/iObwDhFwap6/zjjOzjOFOd2HbA5NuS7NeJV8aTqdz7JQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame A67B 272 B
324 B 33ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df322aa5fff2c698%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame C95A 272 B
324 B 28ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbec8cbf944604%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame A388 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2d5e675377f6b%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame ECE2 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfe1ab8c60b9ebc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 3C4D 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2409024ff246e8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 0EDC 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2982d8fad261fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 210F 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df44276b11a154%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 5E5B 272 B
324 B 26ms
25ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1973d92a755c7c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame A29C 272 B
324 B 19ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df13d5bebc42299c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 43BD 272 B
324 B 21ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfcbc2d4378bd04%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame BB80 272 B
324 B 19ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34c01db24a1e18%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame D237 272 B
324 B 19ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1343261f71a924%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 4448 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e62799d5f9504%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 2D28 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa966d51f93fc4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 27DF 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df154e0a70d32e4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 0914 272 B
324 B 21ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5d32fff495d8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 2435 272 B
324 B 19ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3eecd564d8102%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 91D8 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e85679935775%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame A67B 522 KB
135 KB 22ms
22ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df322aa5fff2c698%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F11%2Fgirls-day-out%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 510F 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b6855637f21cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame B674 272 B
324 B 21ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17a4397725e0a%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 9506 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df119bae9231e7a8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame C95A 522 KB
135 KB 23ms
22ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbec8cbf944604%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fif-you-havent-been-to-abu-dhabi-nows-the-time%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame E1D4 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfd2d4a7ccc745c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame D367 272 B
324 B 23ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2474b1e0cadaa8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 94E7 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ffc9c19eff574%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 15FC 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8b18f413a03fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 76A7 272 B
324 B 20ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3240d163862814%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 67FC 272 B
324 B 19ms
19ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df374d0b8b1175e%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 0DBF 272 B
324 B 19ms
18ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df61d3579e4d1f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame B73E 272 B
324 B 20ms
20ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df39d091c585c9a4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:14 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame A388 522 KB
135 KB 23ms
23ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2d5e675377f6b%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2023%2F03%2F06%2Fmy-top-ten-countries%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame ECE2 522 KB
135 KB 33ms
32ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfe1ab8c60b9ebc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F27%2Fthe-offy-a-european-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 3C4D 522 KB
135 KB 44ms
44ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2409024ff246e8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F11%2F08%2Fla-conner-seafood-prime-rib-house%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 0EDC 522 KB
135 KB 58ms
53ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2982d8fad261fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Fcypress-mountain-gondola-eagle-coaster-cart-rides%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 210F 522 KB
135 KB 63ms
55ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df44276b11a154%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F18%2F2175%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 5E5B 522 KB
135 KB 64ms
56ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1973d92a755c7c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F08%2Fwant-to-access-my-return-tickets-tiktok-quickly%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame A29C 522 KB
135 KB 94ms
83ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df13d5bebc42299c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F18%2Ffelix-jack-guesthouse%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 43BD 522 KB
135 KB 91ms
81ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfcbc2d4378bd04%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F10%2F24%2Ftravel-tootsies%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame BB80 522 KB
135 KB 58ms
45ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34c01db24a1e18%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fbirch-bay%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame D237 522 KB
135 KB 57ms
41ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1343261f71a924%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fharbourside-accountant%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 4448 522 KB
135 KB 53ms
36ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e62799d5f9504%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbeautiful-british-columbia%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 2D28 522 KB
135 KB 49ms
34ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa966d51f93fc4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fabu-dhabi-adventure%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 27DF 522 KB
135 KB 48ms
30ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df154e0a70d32e4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F09%2F04%2Fnasty-jacks-antiques%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 0914 522 KB
135 KB 43ms
28ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e5d32fff495d8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fhornby-island-magnificence%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 2435 522 KB
135 KB 42ms
27ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3eecd564d8102%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fair-canadas-flight-safety-video%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 91D8 522 KB
135 KB 43ms
30ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e85679935775%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Ftop-tips-rental-cars-parking%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 510F 522 KB
135 KB 39ms
30ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b6855637f21cc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Felvis-diner%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame B674 522 KB
135 KB 48ms
42ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17a4397725e0a%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F05%2Fthe-green-rocket-cafe%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 9506 522 KB
135 KB 46ms
41ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df119bae9231e7a8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fquintessential-british-afternoon-tea%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame E1D4 522 KB
135 KB 78ms
70ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfd2d4a7ccc745c%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fportobay-felisia-portugal%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame D367 522 KB
135 KB 38ms
24ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2474b1e0cadaa8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fbeachin-it-branksome-chine-style%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 94E7 522 KB
135 KB 34ms
22ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2ffc9c19eff574%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fil-basilico%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 15FC 522 KB
135 KB 31ms
22ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8b18f413a03fc%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fjust-why%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 76A7 522 KB
135 KB 31ms
25ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3240d163862814%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F20%2Fhyatt-place-heathrow-airport%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 67FC 522 KB
135 KB 28ms
23ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df374d0b8b1175e%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Ffarleigh-hungerford-castle-bath%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame 0DBF 522 KB
135 KB 52ms
45ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df61d3579e4d1f8%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F01%2Fbath-abbey%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame B73E 522 KB
135 KB 48ms
43ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df39d091c585c9a4%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F07%2F31%2Fhall-woodhouse-restaurant-bar%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H3 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame D5ED 272 B
324 B 68ms
30ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df249e81834d5628%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: xfjCe/57EMOMibaePe4zDXNdnkqZu1DTE3uwca5GNUxjk34pAYIGXYaYLQK2Zx2beB0mfXJrYr8gSFJ5jzyEHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 14 Mar 2024 09:16:31 GMT

GET
H3 200 O1WJI7KKez7.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/ Frame D5ED 522 KB
135 KB 87ms
62ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yI/l/en_US/O1WJI7KKez7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.3/plugins/share_button.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df249e81834d5628%26domain%3Dmyreturnticket.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmyreturnticket.ca%252Ff3eee10fad7a17c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fmyreturnticket.ca%2F2022%2F08%2F21%2Fbar-baratillo%2F&layout=button_count&locale=en_US&sdk=joey

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:45:15 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: MyYj9sALHHK7M+FZQebtPg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137757
x-fb-rlafr: 0
x-fb-debug: GEzki0Yy4zyN/PADBEPLfkpZeYZdmfoWPTWTIURTlWZeRxnlHdxRGw6wf/jfpaoljoPKIHU+tmfnsDkHjEg+PQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 04:07:39 GMT

GET
H2 204 boom.gif
pixel.wp.com/ 0
37 B 18ms
18ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.042&largest_contentful_paint=1432&batcache_hit=0&provider=wordpress.com&service=atomic&effective_connection_type=4g&rtt=0&downlink=10000&host_name=myreturnticket.ca&url_path=%2F&nt_fetchStart=171&nt_domainLookupStart=171&nt_domainLookupEnd=171&nt_connectStart=171&nt_connectEnd=171&nt_secureConnectionStart=171&nt_requestStart=173&nt_responseStart=303&nt_responseEnd=381&nt_domLoading=308&nt_domInteractive=1106&nt_domContentLoadedEventStart=1108&nt_domContentLoadedEventEnd=1126&nt_domComplete=14344&nt_loadEventStart=14344&nt_loadEventEnd=14835&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=607&first_contentful_paint=715&resource_size=1496231&resource_transferred=645738&js_size=244298&js_transferred=88600&resource_cache_percent=0&js_cache_percent=0&last_resource_end=17543
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://myreturnticket.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Mar 2023 15:45:17 GMT
cache-control: no-cache
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s.pubmine.com
URL: https://s.pubmine.com/match?bidder_id=30&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=BF0CD8D4B2044F1D80A92505D97AF586

Domain: p16-sign.tiktokcdn-us.com
URL: https://p16-sign.tiktokcdn-us.com/obj/tos-useast5-p-0068-tx/834d625906a24e32aa05889fa9595f67?x-expires=1679000400&x-signature=LlLh1FMbD1x27CVVKpeHW9Ap2XU%3D

Domain: p16-sign.tiktokcdn-us.com
URL: https://p16-sign.tiktokcdn-us.com/obj/tos-useast5-p-0068-tx/834d625906a24e32aa05889fa9595f67?x-expires=1679000400&x-signature=LlLh1FMbD1x27CVVKpeHW9Ap2XU%3D

Verdicts & Comments Add Verdict or Comment

165 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

278 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ad-cdn.technoratimedia.com/html	1970-01-20 10:43:11	Name: tads_tbla_bidi Value: 1678981501725
.3lift.com/sync	1970-01-20 12:32:37	Name: sync Value: CgoIoQEQu6bi2O4wCgoIgQIQu6bi2O4wCgoI4gEQu6bi2O4wCgoI5gEQu6bi2O4wCgoIhwIQu6bi2O4wCgkICRC7puLY7jAKCQg6ELum4tjuMAoKCIwCELum4tjuMAoJCF8Qu6bi2O4wCgkIHxC7puLY7jA=
.mrtnsvr.com/sync	1970-01-20 19:10:03	Name: userId Value: fi7GcUNap
i.liadm.com/s	1970-01-20 11:06:13	Name: _li_ss Value: CggKBgjSARDIFA
s.pubmine.com/	1970-01-20 19:59:01	Name: tuuid Value: e3643ba5-6d29-4272-9941-c8ff19e04eb6
s.pubmine.com/	1970-01-20 19:59:01	Name: tuuid_lu Value: 1678981498
s.pubmine.com/	1970-01-20 19:59:01	Name: tps Value: !196,448224298!110,448224298!142,448224298!100,448224298!109,448224298!61,448224298!80,448224298
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: bvj0rZCkrGg
.youtube.com/	1970-01-20 14:42:13	Name: VISITOR_INFO1_LIVE Value: UCtkoUEQ4YA
myreturnticket.ca/	1970-01-20 19:59:01	Name: __ATA_tuuid Value: e3643ba5-6d29-4272-9941-c8ff19e04eb6
.openx.net/	1970-01-20 19:08:37	Name: i Value: 4269ef28-5a83-44ff-8d8b-9b11b167dbcc\|1678981499
.adnxs.com/	1970-01-20 12:32:37	Name: uuid2 Value: 1694000653285184985
.3lift.com/	1970-01-20 12:32:37	Name: tluid Value: 4629100391442130554158
.smaato.net/	1970-01-20 10:53:15	Name: SCM Value: eed380a4
.smaato.net/	1970-01-20 10:38:08	Name: SCMp Value: eed380a4
.technoratimedia.com/	1970-01-20 10:23:05	Name: tads_ipv6 Value: 2607:5300:60:7867::11
.yahoo.com/	1970-01-20 19:08:59	Name: A3 Value: d=AQABBHs5E2QCENkj7tfF4qYrW3QXEgFwRKIFEgEBAQGKFGQdZAAAAAAA_eMAAA&S=AQAAAnpz7lNYfi9huZftFPB-qhc
.gumgum.com/	1970-01-20 19:08:37	Name: vst Value: u_b7c2dee0-caea-4e8b-abbf-57324bbef484
.tynt.com/	1970-01-20 19:08:37	Name: uid Value: CoIKS2QTOXsBH36KDptXAg==
.33across.com/	1970-01-20 19:08:37	Name: 33x_ps Value: u%3D212097253572021%3As1%3D1678981499550%3Ats%3D1678981499550
.casalemedia.com/	1970-01-20 19:08:37	Name: CMID Value: ZBM5ew3lKTK1bGaeTrJAtAAA
.casalemedia.com/	1970-01-20 12:32:37	Name: CMPS Value: 3575
.casalemedia.com/	1970-01-20 12:32:37	Name: CMPRO Value: 3575
.go.sonobi.com/	1970-01-20 10:23:08	Name: __uqc Value: 1
.go.sonobi.com/	1970-01-20 11:06:13	Name: __uis Value: 7c3fb959-88fc-4f34-8df5-f97b7ca85c6d
.go.sonobi.com/	1970-01-20 10:23:30	Name: __uir_bw Value: 1
.go.sonobi.com/	1970-01-20 10:44:37	Name: __uir_mm Value: 1
.go.sonobi.com/	1970-01-20 10:24:27	Name: __uir_td Value: 1
.go.sonobi.com/	1970-01-20 10:41:44	Name: __uir_zt Value: 1
.go.sonobi.com/	1970-01-20 10:41:44	Name: __uir_pp Value: 1
.go.sonobi.com/	1970-01-20 10:41:44	Name: __uir_vb Value: 1
.go.sonobi.com/	1970-01-20 10:44:37	Name: __uir_av Value: 1
.go.sonobi.com/	1970-01-20 10:41:44	Name: __uir_ad Value: 1
.go.sonobi.com/	1970-01-20 10:44:37	Name: __uir_en Value: 1
.go.sonobi.com/	1970-01-20 10:41:44	Name: __uir_co Value: 1
.go.sonobi.com/	1970-01-20 10:41:44	Name: __uir_tl Value: 1
.go.sonobi.com/	1970-01-20 10:44:37	Name: __uir_an Value: 1
.go.sonobi.com/	1970-01-20 10:44:37	Name: __uir_sr Value: 1
.go.sonobi.com/	1970-01-20 10:41:44	Name: __uir_eb Value: 1
.go.sonobi.com/	1970-01-20 10:41:44	Name: __uir_yh Value: 1
.go.sonobi.com/	1970-01-20 10:41:44	Name: __uir_bk Value: 1
.go.sonobi.com/	1970-01-20 10:41:44	Name: __uir_ox Value: 1
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8S Value: s85193\|ZBM5f
.bidswitch.net/	1970-01-20 19:08:37	Name: c Value: 1678981499
.bidswitch.net/	1970-01-20 19:08:37	Name: tuuid_lu Value: 1678981499
.media.net/	1970-01-20 19:08:37	Name: visitor-id Value: 3219830991454823000V10
.rubiconproject.com/	1970-01-20 19:08:37	Name: khaos Value: LFBA8GCO-24-1S47
.bidswitch.net/	1970-01-20 19:08:37	Name: tuuid Value: 88b2fc1d-8ebb-4ab8-85b5-11599c163215
.smartadserver.com/	1970-01-20 19:53:15	Name: pid Value: 5271008299598803031
.mookie1.com/	1970-01-20 19:51:49	Name: id Value: 10596829190722811243
.mookie1.com/	1970-01-20 19:51:49	Name: mdata Value: 1\|10596829190722811243\|1678981499705
.mookie1.com/	1970-01-20 19:51:49	Name: ov Value: e55d39339d03e8f20cb211a52e73830f
.omnitagjs.com/	1970-01-20 11:06:13	Name: ayl_visitor Value: 891db04b52d1c464646f27898eed8846
.everesttech.net/	1970-01-20 19:08:37	Name: everest_g_v2 Value: g_surferid~ZBM5ewABwf-WXQBG
.id5-sync.com/	1970-01-20 10:23:01	Name: cf Value:
.id5-sync.com/	1970-01-20 10:23:01	Name: cip Value:
.id5-sync.com/	1970-01-20 10:23:01	Name: cnac Value:
.id5-sync.com/	1970-01-20 10:23:01	Name: car Value:
.id5-sync.com/	1970-01-20 10:23:01	Name: gdpr Value:
.id5-sync.com/	1970-01-20 12:32:37	Name: id5 Value: 7e05012a-937f-7715-b4fb-2724d405c9c1#1678981499856#2
.id5-sync.com/	1970-01-20 12:32:37	Name: 3pi Value:
.id5-sync.com/	1970-01-20 10:23:01	Name: callback Value:
.tiktok.com/	1970-01-20 19:01:25	Name: ttwid Value: 1%7C1fJ3jewsFiOWXy2fuN7W91Br0ENf1RUldrexeJJFVgY%7C1678981499%7Ca2ea47fccce62a93f08613257158e7a0138f2ef1066f0812b50f62471ad679ff
.adsrvr.org/	1970-01-20 19:10:03	Name: TDID Value: 3d9ac594-fe09-4c7e-87b5-bf29cab7004f
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uid_cd Value: 20230316154500+0000
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_zora Value: 2
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uid Value: 3D2E27AC42E64EE8AD58528E3DA25669
.deepintent.com/	1970-01-20 19:59:01	Name: CDIUSER Value: di_ceccdb14380943aaae433
.360yield.com/	1970-01-20 12:32:37	Name: tuuid Value: 369c474d-bcb1-496e-8b73-77f1f6fe3cfb
.360yield.com/	1970-01-20 12:32:37	Name: tuuid_lu Value: 1678981500
.pubmatic.com/	1970-01-20 19:08:37	Name: KADUSERCOOKIE Value: 4BA59E21-32B2-424E-991B-86C3DF8ACE81
.ipredictive.com/	1970-01-20 19:08:37	Name: cu Value: c63294f0-203b-4b30-9308-cb83039ba6ed\|1678981500201
sync.srv.stackadapt.com/	1970-01-20 19:08:37	Name: sa-user-id Value: s%3A0-4dc4839d-c658-578e-70ac-1dd3650e544d.qpamCQ0CTKcckQe1h0ASUQjSDSNd0EqXDlfdzWWr8%2B8
sync.srv.stackadapt.com/	1970-01-20 19:08:37	Name: sa-user-id-v2 Value: s%3ATcSDncZYV45wrB3TZQ5UTZU4mbQ.knZeo8fldKwytf7oRbkbxDMYskjOk7NxzVWUq7WcH4c
.srv.stackadapt.com/	1970-01-20 19:08:37	Name: sa-user-id-v2 Value: s%3ATcSDncZYV45wrB3TZQ5UTZU4mbQ.knZeo8fldKwytf7oRbkbxDMYskjOk7NxzVWUq7WcH4c
.sportradarserving.com/	1970-01-20 19:08:37	Name: zuuid Value: 00c78c89-c149-493d-9f8b-619f396156a7
.sportradarserving.com/	1970-01-20 19:08:37	Name: c Value: 1678981500
.sportradarserving.com/	1970-01-20 19:08:37	Name: zuuid_lu Value: 1678981500
.contextweb.com/	1970-01-20 19:01:25	Name: V Value: JUNCdIyla4Wq
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 5ab02ace17c236e2
.doubleclick.net/	1970-01-20 19:59:01	Name: IDE Value: AHWqTUki5b9m0wBFBYrL4-W5pTQnlymq63pKiH9gVT0TjIjjDnmoyoB4KeyvJFelhaI
.media.net/	1970-01-20 19:08:37	Name: data-dat Value: setstatuscode~~1
.mathtag.com/	1970-01-20 19:48:56	Name: uuid Value: e7ef6413-397c-4900-b930-b5f1dddc2b71
.criteo.com/	1970-01-20 19:44:37	Name: uid Value: 05e6e464-9963-46c4-a9db-af7eb26de19c
.bttrack.com/	1970-01-20 12:32:37	Name: GLOBALID Value: 2uKlc8-sIBd987FnJ3u_ZZn6egsDJ1D9DnI45QywIkMOPEZucIvBLP60nB3TnXAqImr2YOqfvJQC4TM1
.w55c.net/	1970-01-20 19:54:42	Name: wfivefivec Value: p7n9V5AJ1PCPMM5
.zemanta.com/	1970-01-20 19:08:37	Name: zuid Value: WEha6rUd7_V4Ay6vDE19
.mfadsrvr.com/	1970-01-20 19:59:01	Name: tuuid Value: a2ad1b4b-ff5f-4ad6-9ca7-6e34fbda1f27
.mfadsrvr.com/	1970-01-20 19:59:01	Name: c Value: 1678981500
.mfadsrvr.com/	1970-01-20 19:59:01	Name: tuuid_lu Value: 1678981500
.outbrain.com/	1970-01-20 12:32:37	Name: obuid Value: a6beb119-9360-46e3-938c-e1b92a61bb00
.amazon-adsystem.com/	1970-01-20 15:09:35	Name: ad-id Value: A0Y5drgpbks7pMyWCoTf4Pc
.amazon-adsystem.com/	1970-01-20 19:59:01	Name: ad-privacy Value: 0
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjS3NDeysDA0MjA0NDGytDA3MRLiM9Q1SCox0w00zc3IKfUBAOVagtIlAAAA
.rfihub.com/	1970-01-20 19:44:37	Name: rud Value: H4sIAAAAAAAA_-MSNjS3NDeysDA0MjA0NDGytDA3MRLiM9Q1SCox0w00zc3IKfUBAOVagtIlAAAA
.admanmedia.com/	1970-01-20 10:43:11	Name: admtr Value: d15241ba-d2da-4c8b-89fb-be3a9c3d1612
.admanmedia.com/	1970-01-20 10:43:11	Name: ac_r Value: CS71
.media.net/	1970-01-20 19:07:11	Name: data-rk Value: 1797288120114298742~~13
.sportradarserving.com/	1970-01-20 19:08:37	Name: zuuid_k Value: 1
.sportradarserving.com/	1970-01-20 19:08:37	Name: zuuid_k_lu Value: 1678981500
.media.net/	1970-01-20 19:07:11	Name: data-o Value: 59e9b9ee-5804-41e8-b412-2d9767af7aed~~13
.w55c.net/	1970-01-20 11:06:13	Name: matchmedianet Value: 5
.media.net/	1970-01-20 19:07:11	Name: data-ayl Value: 891db04b52d1c464646f27898eed8846~~13
.mfadsrvr.com/	1970-01-20 19:59:01	Name: ssh Value: !medianet,1678981500
.pswec.com/	1970-01-20 19:59:01	Name: c Value: 1678981500
.media.net/	1970-01-20 10:43:11	Name: data-g Value: CAESEL1EKEpxwdDczGaGgWQr2iQ~~13
.pswec.com/	1970-01-20 19:59:01	Name: tuuid Value: edc50dcb-743d-4993-aeee-f39c4644410b
.media.net/	1970-01-20 10:43:11	Name: data-ttd Value: 3d9ac594-fe09-4c7e-87b5-bf29cab7004f~~1
.media.net/	1970-01-20 11:03:20	Name: data-so Value: 7c3fb959-88fc-4f34-8df5-f97b7ca85c6d~~13
.media.net/	1970-01-20 12:31:11	Name: data-a Value: 1694000653285184985~~13
.media.net/	1970-01-20 19:07:11	Name: data-mm Value: e7ef6413-397c-4900-b930-b5f1dddc2b71~~13
.media.net/	1970-01-20 11:06:13	Name: data-c Value: 05e6e464-9963-46c4-a9db-af7eb26de19c~~1
.media.net/	1970-01-20 11:06:13	Name: data-c-ts Value: 1678981500
.bluekai.com/	1970-01-20 14:42:13	Name: bku Value: ikG99cy8Wtx1F5yz
pool.admedo.com/	1970-01-20 19:08:37	Name: tuuid Value: 897e86b3-726e-4a27-8e37-ab5da3e3a153
pool.admedo.com/	1970-01-20 19:08:37	Name: c Value: 1678981501
pool.admedo.com/	1970-01-20 19:08:37	Name: tuuid_lu Value: 1678981501
.socdm.com/	1970-01-20 19:59:01	Name: SOC Value: ZBM5fcCo8XoAAFrgCrwAAAAA
.openx.net/	1970-01-20 10:44:37	Name: univ_id Value: 537072971\|3d9ac594-fe09-4c7e-87b5-bf29cab7004f\|1678981501750063
.pswec.com/	1970-01-20 19:59:01	Name: tuuid_lu Value: 1678981501
.taboola.com/	1970-01-20 19:08:37	Name: t_gid Value: 9a198dff-160b-4b87-8578-80cd6b29de08-tuctb0cbefd
.tynt.com/	1970-01-20 12:32:37	Name: pids Value: %5B%7B%22p%22%3A%22797f54a72d%22%2C%22f%22%3A1%2C%22ts%22%3A1678981501831%7D%2C%7B%22p%22%3A%223bfd58deb3%22%2C%22f%22%3A1%2C%22ts%22%3A1678981501831%7D%2C%7B%22p%22%3A%224bee518595%22%2C%22f%22%3A1%2C%22ts%22%3A1678981499651%7D%2C%7B%22p%22%3A%22029cc11ae7%22%2C%22f%22%3A1%2C%22ts%22%3A1678981501831%7D%2C%7B%22p%22%3A%221fbac30d28%22%2C%22f%22%3A1%2C%22ts%22%3A1678981501831%7D%2C%7B%22p%22%3A%227daaa56bb0%22%2C%22f%22%3A1%2C%22ts%22%3A1678981499651%7D%2C%7B%22p%22%3A%227912d88d74%22%2C%22f%22%3A1%2C%22ts%22%3A1678981501831%7D%2C%7B%22p%22%3A%2224c05c7b76%22%2C%22f%22%3A1%2C%22ts%22%3A1678981499651%7D%2C%7B%22p%22%3A%22bac1bc34e2%22%2C%22f%22%3A1%2C%22ts%22%3A1678981499651%7D%2C%7B%22p%22%3A%22d26852f088%22%2C%22f%22%3A1%2C%22ts%22%3A1678981499651%7D%2C%7B%22p%22%3A%2222833ea406%22%2C%22f%22%3A1%2C%22ts%22%3A1678981501831%7D%2C%7B%22p%22%3A%22f9a4a8fd15%22%2C%22f%22%3A1%2C%22ts%22%3A1678981499651%7D%5D
.pro-market.net/	1970-01-20 14:42:13	Name: anProfile Value: "-55mza9sqr8b4+1+1j=3k:1+rs=s+rt=26075300006078670000000000000011+s2=(rrmef0)+vm=15-3219830991454823000V10"
.pro-market.net/	1970-01-20 11:06:13	Name: anHistory Value: "-55mza9sqr8b4+2+!#7/y!o!0hj"
.aralego.com/	1970-01-20 19:08:37	Name: sspid Value: b5f949c1-909b-34e0-aab6-e55c10862ebd
.media.net/	1970-01-20 19:08:37	Name: data-mf Value: a2ad1b4b-ff5f-4ad6-9ca7-6e34fbda1f27~~1
.media.net/	1970-01-20 19:08:37	Name: data-sy Value: 3D2E27AC42E64EE8AD58528E3DA25669~~3
.media.net/	1970-01-20 19:07:11	Name: data-xu Value: p7n9V5AJ1PCPMM5~~13
s.pubmine.com/	1970-01-20 19:59:01	Name: ih Value: !4478,448224301
s.pubmine.com/	1970-01-20 19:59:01	Name: lcai9h Value: !210,1,1678981501
s.pubmine.com/	1970-01-20 19:59:01	Name: lcri5m Value: !2751,1,1678981501
s.pubmine.com/	1970-01-20 19:59:01	Name: ar1d Value: !0,1,1678981501
.creativecdn.com/	1970-01-20 19:08:37	Name: u Value: kjbsEGvaAZbLcNsn551P
.creativecdn.com/	1970-01-20 19:08:37	Name: ts Value: 1678981501
.turn.com/	1970-01-20 14:42:13	Name: uid Value: 7826914019700556296
.bidr.io/	1970-01-20 19:51:35	Name: bito Value: AAFHm07IJnMAAB-p_D8lqA
.bidr.io/	1970-01-20 19:51:35	Name: bitoIsSecure Value: ok
.media.net/	1970-01-20 19:07:11	Name: data-co Value: AAAB4nu1owEOvgNkva_pAAAAAAA~~13
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_46 Value: 1694000653285184985
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_50 Value: aca99fcf-9453-433b-bd9d-4d99e1a0d6d7
.technoratimedia.com/	1970-01-20 10:27:20	Name: tads_uidp_82 Value: ZBM5ew3lKTK1bGaeTrJAtAAA&3575
.technoratimedia.com/	1970-01-20 10:27:20	Name: tads_uidp_79 Value: 369c474d-bcb1-496e-8b73-77f1f6fe3cfb
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_7 Value: 3d9ac594-fe09-4c7e-87b5-bf29cab7004f
.technoratimedia.com/	1970-01-20 10:27:20	Name: tads_uidp_80 Value: y-I.IRXxNE2uGU0hjFU6GayyWjqzi6tT0E~A
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_64 Value: sqXAZiAazWpjCwTq9HOq8td9EEzBY3h_
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_62 Value: 3219830991454823000V10
.linkedin.com/	1970-01-20 19:08:37	Name: bcookie Value: "v=2&d32f7885-3665-42b4-802b-e71d018203af"
.linkedin.com/	1970-01-20 10:24:27	Name: lidc Value: "b=VGST06:s=V:r=V:a=V:p=V:g=2611:u=1:x=1:i=1678981502:t=1679067902:v=2:sig=AQEf2d9BWG0fkZXT4Dn5Ytl9-ngHN-VY"
.smartadserver.com/	1970-01-20 19:10:03	Name: csync Value: 127:AAFHm07IJnMAAB-p_D8lqA
.intentiq.com/	1970-01-20 19:59:01	Name: IQver Value: 1.9
.intentiq.com/	1970-01-20 19:59:01	Name: intentIQ Value: SJOlR2RL0e
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_73 Value: AAFHm07IJnMAAB-p_D8lqA
.simpli.fi/	1970-01-20 19:10:03	Name: suid Value: AA77F830412244B9A960431CFB8DC128
.contextweb.com/	1970-01-20 19:08:37	Name: pb_rtb_ev Value: 3-1jhm\|7dN.0.AAFHm07IJnMAAB-p_D8lqA\|7bq.0.1
.analytics.yahoo.com/	1970-01-20 19:08:37	Name: IDSYNC Value: "191a~2ajr:190u~2ajr:18yi~2ajr:18z8~2ajr:18za~2ajr"
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_699 Value: 22727-AAFHm07IJnMAAB-p_D8lqA
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_80 Value: 16514-CAESEHgJtB_TbD0IjyZHVfK0U5M&KRTB&22987-CAESEHgJtB_TbD0IjyZHVfK0U5M&KRTB&23025-CAESEHgJtB_TbD0IjyZHVfK0U5M&KRTB&23386-CAESEHgJtB_TbD0IjyZHVfK0U5M
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_22 Value: 14911-7826914019700556296&KRTB&23150-7826914019700556296
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_377 Value: 6810-3d9ac594-fe09-4c7e-87b5-bf29cab7004f&KRTB&22918-3d9ac594-fe09-4c7e-87b5-bf29cab7004f&KRTB&23031-3d9ac594-fe09-4c7e-87b5-bf29cab7004f
.thrtle.com/	1970-01-20 15:11:01	Name: mc Value: eyJpZCI6ImRmMTg4ZDRiLTdlMmUtNDliMS1iYmM2LTIxMmU0YzQ3MmEzOCIsImwiOjE2Nzg5ODE1MDMxMTIsInQiOjF9
.tapad.com/	1970-01-20 11:49:25	Name: TapAd_TS Value: 1678981503119
.tapad.com/	1970-01-20 11:49:25	Name: TapAd_DID Value: 7ff921e5-25b0-4e04-b3af-8fa1c58c64b2
.sitescout.com/	1970-01-20 19:08:37	Name: ssi Value: 39c3f4bb-8c0c-46d7-a72e-db6085393c12#1678981503133
.crwdcntrl.net/	1970-01-20 16:51:47	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-20 16:51:47	Name: _cc_id Value: d2b5f00740396742d906f7972a05d680
.technoratimedia.com/	1970-01-20 10:27:20	Name: tads_uidp_88 Value: 4629100391442130554158
.media.net/	1970-01-20 14:42:13	Name: data-r Value: LFBA8GCO-24-1S47~~1
.bing.com/	1970-01-20 19:44:37	Name: MUID Value: 15D153360A1866F308E341E00BCE670A
.c.bing.com/	1970-01-20 10:33:06	Name: MR Value: 0
.openx.net/	1970-01-20 10:44:37	Name: pd Value: v2\|1678981499.2.2\|iKvPvMgakWgy.mmbwuYeShEgKwrg2f8ke.g6fYn8wtmKvJvuoqvRwi
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_49 Value: AAAJNwbPpexnAANRMcZVAAAAAAA
.media.net/	1970-01-20 19:07:11	Name: data-bs Value: 88b2fc1d-8ebb-4ab8-85b5-11599c163215~~1
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_148 Value: 19421-uid:AA77F830412244B9A960431CFB8DC128
.intentiq.com/	1970-01-20 19:59:01	Name: intentIQCDate Value: 1678981503382
.intentiq.com/	1970-01-20 19:59:01	Name: IQPending Value: pending
.intentiq.com/	1970-01-20 19:59:01	Name: CSDT Value: UEQ6Ml8wJlRZZ05IWW0
.intentiq.com/	1970-01-20 19:59:01	Name: ASDT Value: 0
.intentiq.com/	1970-01-20 19:59:01	Name: IQPData Value: 2503514548#1678981503380#0#1678981503380
.targeting.unrulymedia.com/	1970-01-20 19:08:37	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005%22%7D
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_61 Value: 212097253572021
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_48 Value: 88b2fc1d-8ebb-4ab8-85b5-11599c163215
ads.avct.cloud/	1970-01-20 19:08:37	Name: uuid Value: ed5cac5a-1761-4a6e-89a2-2143c80f6b22
.rubiconproject.com/	1970-01-20 19:08:37	Name: audit Value: 1\|UfeNRvdGqm6KSDbECgR0FqMbfKSnWkXVktNLKma9LZQeECEUBMheiv1NCcrlU/K/qG2fUVmoiCAkEa5N2k7U1SEEFoCDRlfY38xmjE6FV7e+l3fWWiCiUDRCkYBlYcc9KHQUk+e1QYKqCT8d2kD8WRpqbW2ADuJR80E9NJvaWrnPXVm9S0X9YVs7PoCMm1Rr92FIPnQoDGbV8FUhnVJ0MsIkLLFjj16KdEHbawpF/myma+WVcS1g3g==
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_76 Value: RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
.w55c.net/	1970-01-20 11:06:13	Name: matchopenx Value: 5
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_44 Value: LFBA8GCO-24-1S47
.pippio.com/	1970-01-20 19:08:37	Name: did Value: sgKmcHnl3BNtBO7q
.pippio.com/	1970-01-20 19:08:37	Name: didts Value: 1678981504
.pippio.com/	1970-01-20 11:49:25	Name: nnls Value:
.rfihub.com/	1970-01-20 19:44:37	Name: eud Value: H4sIAAAAAAAA_9vFyGtoZm5haWFoamBibGwIAMomizMQAAAA
.quantserve.com/	1970-01-20 19:53:15	Name: mc Value: 64133980-63777-832c1-4755d
.adform.net/	1970-01-20 11:07:39	Name: C Value: 1
.liadm.com/	1970-01-20 19:59:01	Name: lidid Value: e50a6acc-ab9c-4036-a28e-b4d4abf4d276
.bluekai.com/	1970-01-20 14:42:13	Name: bkdc Value: phx
.agkn.com/	1970-01-20 19:08:37	Name: ab Value: 0001%3Amj%2BXsndms8GJzNRlmRj%2F8NbyrZCKLiDb
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_279 Value: 22890-c63294f0-203b-4b30-9308-cb83039ba6ed&KRTB&23011-c63294f0-203b-4b30-9308-cb83039ba6ed&KRTB&23355-c63294f0-203b-4b30-9308-cb83039ba6ed
.byteoversea.com/	1970-01-20 10:37:25	Name: msToken Value: I6SbDf8vVcpwXQ5aDkIN4OGqKXPhAHID-wWm1KKi5PY8_H_AuatW88037ujI-TqJq-vLrQzzVXqgRk_PF9qlr1gSPlTuVYQw6MNhwXiUg1M=
.adform.net/	1970-01-20 11:49:25	Name: uid Value: 8357322694280695671
.quantserve.com/	1970-01-20 12:32:37	Name: d Value: ELIBEQHDKPijCJiTAA
.deepintent.com/	1970-01-20 19:59:01	Name: CDIPARTNERS Value: %7B%22113%22%3A%2220230316%22%2C%22141%22%3A%2220230316%22%7D
s.pubmine.com/	1970-01-20 19:59:01	Name: rum Value: !11,4BA59E21-32B2-424E-991B-86C3DF8ACE81,448224305!1,88b2fc1d-8ebb-4ab8-85b5-11599c163215,448224303!26,4BA59E21-32B2-424E-991B-86C3DF8ACE81,448224302!15,y-9lc2ruBE2uELq44caZfZ3pGK4X26tZdXxHVuUYA-~A,448224299!29,eed380a4,448224299!18,88b2fc1d-8ebb-4ab8-85b5-11599c163215,448224299!27,y-7CbZu.9E2uFA5W00stOwAMKe__rYGCWWc1JjUvo-~A,448224299!13,ce709306-291c-43cf-a3be-60b68d0dfea9,448224299!6,212097253572021,448224300!24,212097253572021,448224300!25,u_b7c2dee0-caea-4e8b-abbf-57324bbef484,448224300
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_27 Value: 16735-uid:e7ef6413-397c-4900-b930-b5f1dddc2b71&KRTB&16736-uid:e7ef6413-397c-4900-b930-b5f1dddc2b71&KRTB&23019-uid:e7ef6413-397c-4900-b930-b5f1dddc2b71&KRTB&23114-uid:e7ef6413-397c-4900-b930-b5f1dddc2b71
.sitescout.com/	1970-01-20 11:06:13	Name: _ssuma Value: eyI0NSI6MTY3ODk4MTUwNTUzMywiMzkiOjE2Nzg5ODE1MDMyNTgsIjE3IjoxNjc4OTgxNTAzNTMyLCI3IjoxNjc4OTgxNTAzMjU4fQ
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_153 Value: 1923-cywC1nYhC9VoLgDSci8e3XYqUNRoLATQcHx_ftNx&KRTB&19420-cywC1nYhC9VoLgDSci8e3XYqUNRoLATQcHx_ftNx&KRTB&22979-cywC1nYhC9VoLgDSci8e3XYqUNRoLATQcHx_ftNx&KRTB&23462-cywC1nYhC9VoLgDSci8e3XYqUNRoLATQcHx_ftNx
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_1251 Value: 23269-di_ceccdb14380943aaae433
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_57 Value: 22776-1694000653285184985&KRTB&23339-1694000653285184985
.dotomi.com/	1970-01-20 10:23:01	Name: DotomiTest Value: 7b6ba078131304de
.pippio.com/	1970-01-20 11:49:25	Name: pxrc Value: CIHzzKAGEgQIAhAAEgYI7OsBEAA=
.bfmio.com/	1970-01-20 19:08:37	Name: __187_cid Value: 4BA59E21-32B2-424E-991B-86C3DF8ACE81
.kargo.com/	1970-01-20 19:08:37	Name: ktcid Value: 60aef35f-1064-0e34-5297-bbc76eda66dc
.bfmio.com/	1970-01-20 19:08:37	Name: __io_cid Value: 9252ca291b7a4f15c0919bcaf94f3c4f4ee310a7
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_391 Value: 22924-8357322694280695671&KRTB&23263-8357322694280695671
ads.playground.xyz/	1970-01-20 10:32:30	Name: connect.sid Value: s%3A8zZM653ZRPUQc97JfNb-eFvYf-rx-8qY.e05mdkW1N4hV1yxmzL7r5xSYEn2LThJjJpTYjVUi5hM
.adgrx.com/	1970-01-20 19:51:49	Name: ADGRX_UID Value: 85e60e8e-c411-11ed-ad00-8b125e48859e
.adgrx.com/	1970-01-20 10:24:27	Name: ADGRX_CM_PUBMATIC_BRIDGED Value: 1
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_1003 Value: 22761-85e60e8e-c411-11ed-ad00-8b125e48859e&KRTB&23275-85e60e8e-c411-11ed-ad00-8b125e48859e
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_188 Value: 3189-39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341&KRTB&23418-39c3f4bb-8c0c-46d7-a72e-db6085393c12-6413397f-4341
.linksynergy.com/	1970-01-20 19:08:37	Name: rmuid Value: 4f654d6e-652e-420e-aacd-15ef59c9e751
.linksynergy.com/	1970-01-20 19:08:37	Name: icts Value: 2023-03-16T15:45:06Z
a.clickcertain.com/	1970-01-20 19:08:37	Name: _ccpx_u Value: a02e46c5%2df971%2d40ab%2d86f0%2d9e8853975518
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_32 Value: 11175-AAABurFedqwI2gNcvOhJAAAAAAA&KRTB&22713-AAABurFedqwI2gNcvOhJAAAAAAA&KRTB&22715-AAABurFedqwI2gNcvOhJAAAAAAA
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_52 Value: 22772-R1B341_FFA08470_53A62AD8&KRTB&23092-R1B341_FFA08470_53A62AD8
.rlcdn.com/	1970-01-20 19:08:37	Name: rlas3 Value: yNGLsGfYzKS4YNW7HUqHI620+5d82BxpBSrgwqlFFo8=
.w55c.net/	1970-01-20 11:06:13	Name: matchpubmatic Value: 5
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_107 Value: 1471-uid:p7n9V5AJ1PCPMM5&KRTB&23457-uid:p7n9V5AJ1PCPMM5&KRTB&23421-uid:p7n9V5AJ1PCPMM5
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_860 Value: 16335-TcSDncZYV45wrB3TZQ5UTZU4mbQ&KRTB&23334-TcSDncZYV45wrB3TZQ5UTZU4mbQ&KRTB&23417-TcSDncZYV45wrB3TZQ5UTZU4mbQ&KRTB&23426-TcSDncZYV45wrB3TZQ5UTZU4mbQ
.rlcdn.com/	1970-01-20 11:49:25	Name: pxrc Value: CP3yzKAGEgUI6AcQABIFCOhHEAISBgi46wEQBg==
.mxptint.net/	1970-01-20 19:59:01	Name: mxpim Value: R1B341_FFA08470_53A62AD8.1.000000000000000064133983
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_466 Value: 16530-88b2fc1d-8ebb-4ab8-85b5-11599c163215
.pubmatic.com/	1970-01-20 12:32:37	Name: chkChromeAb67Sec Value: 10
.pubmatic.com/	1970-01-20 10:24:27	Name: pi Value: 156423:4
.pubmatic.com/	1970-01-20 12:32:37	Name: DPSync3 Value: 1680134400%3A256_235_228_221_255_263_236_226_259_245_262_261_258_260_219_201%7C1679529600%3A253_248_252%7C1679961600%3A257
.pubmatic.com/	1970-01-20 12:32:37	Name: SyncRTB3 Value: 1681516800%3A224%7C1680220800%3A35%7C1680134400%3A56_239_71_55_104_204_238_3_54_243_176_8_165_81_7_5_233_178_250_234_166_13_240_48_231_214_99_96_220_249_22_21%7C1679788800%3A63%7C1684108800%3A69%7C1679529600%3A15_2_38_223
.a.usbrowserspeed.com/	1970-01-20 19:08:37	Name: tuid Value: 8e772cca-f69c-4a48-8e44-55decbd33365
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_1305 Value: 23408-fi7GcUNap&KRTB&23413-fi7GcUNap
beacon.lynx.cognitivlabs.com/	1970-01-20 19:10:03	Name: UID Value: e9a25b29-a600-4282-9245-484b9eb85153
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_594 Value: 17105-RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005&KRTB&17107-RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005
.rkdms.com/	1970-01-20 19:08:58	Name: sessionid Value: h-99735d0ae76c66c5b1089dab49097d14_t-1678981507
.rkdms.com/	1970-01-20 19:08:58	Name: sc Value: 13%3A106983
.csync.loopme.me/	1970-01-20 12:35:30	Name: viewer_token Value: 7120e98b-e98b-4688-a0d1-dcb3c3f12c9b
.acuityplatform.com/	1970-01-20 19:08:37	Name: auid Value: 755368186129
.acuityplatform.com/	1970-01-20 19:08:37	Name: aum Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANvqNdXNlck1hdGNoaW5nSWTMkWxhc3REcm9wVGltZU1pbGxpcyUBQzpjClicmGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUM6YwpYnI90aGlyZFBhcnR5VXNlcklkIfv7hnZlcnNpb27C+w=="
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_1278 Value: 23329-e9a25b29-a600-4282-9245-484b9eb85153&KRTB&23340-e9a25b29-a600-4282-9245-484b9eb85153
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_469 Value: 8273-755368186129&KRTB&23428-755368186129
.technoratimedia.com/	1970-01-20 19:59:01	Name: tads_uidp_45 Value: 4BA59E21-32B2-424E-991B-86C3DF8ACE81
.tribalfusion.com/	1970-01-20 12:32:37	Name: ANON_ID Value: a8nseFw5EGiAaINQeAcAyM7HMkSCWXRyTH1GbSMtuUoVZbYSsjC3lgh4Ly3rA1166gkbZdfGNpOrPJf0garlKg
beacon.lynx.cognitivlabs.com/	1970-01-20 19:10:03	Name: ss Value: ysuIhmo48Q4ScRzHpKBDxyCnNfYd3Bs%2BAXSjUvF1qejQcBggzcsiwzcniQYaB9VbpUfR9Zd0mPEuL6ndv5U78Q%3D%3D
.1rx.io/	1970-01-20 19:08:37	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-d2b454e6-c171-4964-9682-92313ebf9f6a-005%22%2C%22nxtrdr%22%3Afalse%7D
io.narrative.io/	1970-01-20 19:59:01	Name: io.narrative.guid.v2 Value: 872f5e30-c411-11ed-b41e-0ee5b27fb8ad
.inmobi.com/	1970-01-20 12:32:37	Name: idsp_c Value: c2fdb966-d9f3-49f0-99f8-5b63e31eb9bb
.audrte.com/	1970-01-20 10:44:37	Name: arcki2 Value: ci0J5v6z4kVTq6STTailap7jg!20220908!1678981508023!ip#149.56.153.180
.audrte.com/	1970-01-20 10:44:37	Name: arcki2_pubmatic Value: 4BA59E21-32B2-424E-991B-86C3DF8ACE81!20220908!1678981508028
.fiftyt.com/	1970-01-20 19:08:37	Name: fifid Value: 54b04234-db9f-40e6-79bf-6e263aa92ba7
.fiftyt.com/	1970-01-20 19:08:37	Name: cs Value: MTY3ODk4MTUwOHxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fOQ50K7oPGIEu9nsFR3_8-F0vTEMGrEYjcpDW_hzJwAP
.owneriq.net/	1970-01-20 10:37:25	Name: p2 Value: pmc
.owneriq.net/	1970-01-20 19:59:01	Name: si Value: Q7322679081744262523P
.owneriq.net/	1970-01-20 10:37:25	Name: pmc Value: 1
.pubmatic.com/	1970-01-20 11:06:13	Name: PugT Value: 1678981508
.tapad.com/	1970-01-20 11:49:25	Name: TapAd_3WAY_SYNCS Value: 1!1815
.semasio.net/	1970-01-20 19:08:37	Name: SEUNCY Value: D1AF9883CA04BB64
.onaudience.com/	1970-01-20 19:08:37	Name: cookie Value: 952214257d33a416
.onaudience.com/	1970-01-20 10:24:27	Name: done_redirects147 Value: 1
.audrte.com/	1970-01-20 10:44:37	Name: arcki2_ddp2 Value: ci0J5v6z4kVTq6STTailap7jg!20220908!1678981508681
.c.appier.net/	1970-01-20 19:08:37	Name: _auid Value: 3wiLY6BODK2N0x6YhDkTZA
.fiftyt.com/	1970-01-20 10:33:06	Name: fppm Value: 20230316154508
.pubmatic.com/	1970-01-20 11:06:13	Name: KRTBCOOKIE_904 Value: 16787-3wiLY6BODK2N0x6YhDkTZA
.adsrvr.org/	1970-01-20 19:10:03	Name: TDCPM Value: CAESFQoGY2FzYWxlEgsIjMmI8e2P0zsQBRIWCgdydWJpY29uEgsIiqD__u2P0zsQBRIXCghwdWJtYXRpYxILCPbez4Xuj9M7EAUSFgoHc3Z4OXQ1MBILCPaVj4fuj9M7EAUSFAoFdGFwYWQSCwiY7J697o_TOxAFGAEgASgCMgsI-LbU74SQ0zsQBTgBWgd4a3N3OWxhYAI.
.adsby.bidtheatre.com/	1970-01-20 10:33:06	Name: __kuid Value: 41a04464-94e4-4efc-9f92-df7de44ad977.448195508
.audrte.com/	1970-01-20 10:44:37	Name: arcki2_adform Value: 8357322694280695671!20220908!1678981508940
.onaudience.com/	1970-01-20 10:24:27	Name: done_redirects161 Value: 1
.exelator.com/	1970-01-20 13:15:49	Name: EE Value: "fbd929def1f1838de93dfe51e6d3f928"
.exelator.com/	1970-01-20 13:15:49	Name: ud Value: "eJxrXxzq6XKLQSEtKcXSyDIlNc0wzdDC2CIl1dI4JS3V1DDVLMU4zdLIYnFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDQcEl%252BUWb6ImfHxUUpaQyLSopPBR8u7QEA4lgq%252Fg%253D%253D"
.onaudience.com/	1970-01-20 10:24:27	Name: done_redirects219 Value: 1
.zeotap.com/	1970-01-20 19:08:37	Name: zc Value: b9514cb0-6fd3-4cc0-4165-d12078b4ac31
.zeotap.com/	1970-01-20 10:24:27	Name: zsc Value: %CE-%E7%14%0D%00%5D%A8%E8%05%EDn%2A%EF%1C%D0%F1fC%00+%C3%DC%BCJ%FF+-%D2%94%F0%82%E5%9AD%AA%B6%FAO%5C%B3%B3%0F%A1%0A%CFws%C2%B2%D4fo%AF%D5%09%B6+a4%F4%BE%9C%95_uo%A5%FA%5D%0B%D0%C8l%1E%91E%94%A2%FC
.pubmatic.com/	1970-01-20 11:06:13	Name: SPugT Value: 1678981510
.tiktok.com/	1970-01-20 10:37:25	Name: msToken Value: gkN_1X5lFEdWBQdknoRFQtFZWmYgcgmu1j4Mbo-HW1PrSW6kS-Ei5KK-iT-gs6enDH2UWe_fNm8GWVmCsZRLaLr3t2gjLtezi6x7J4hgM8nHeitpNe8Z
.ctnsnet.com/	1970-01-20 19:08:37	Name: cid_162c1c06dfea4b3c899a1cf1fbe3ef3c Value: 1

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://ad-cdn.technoratimedia.com/html/usersync.html?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D Message: Access to XMLHttpRequest at 'https://s.pubmine.com/match?bidder_id=30&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=BF0CD8D4B2044F1D80A92505D97AF586' (redirected from 'https://sync.technoratimedia.com/services?cb=https%3A%2F%2Fs.pubmine.com%2Fmatch%3Fbidder_id%3D30%26ssp_data%3De3643ba5-6d29-4272-9941-c8ff19e04eb6%26rid%3D%26us_privacy%3D%26gdpr%3D0%26gdpr_consent%3D%26external_user_id%3D%5BUSER_ID%5D&srv=cs') from origin 'https://ad-cdn.technoratimedia.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://s.pubmine.com/match?bidder_id=30&ssp_data=e3643ba5-6d29-4272-9941-c8ff19e04eb6&rid=&us_privacy=&gdpr=0&gdpr_consent=&external_user_id=BF0CD8D4B2044F1D80A92505D97AF586 Message: Failed to load resource: net::ERR_FAILED
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
javascript	warning	URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js(Line 51) Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js(Line 51) Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/embed/static/tiktok-embed.module.83fa1c2949de12423f21.js(Line 51) Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

33across-match.dotomi.com
a.audrte.com
a.clickcertain.com
a.sportradarserving.com
a.tribalfusion.com
a.usbrowserspeed.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad-cdn.technoratimedia.com
ad.360yield.com
ad.mrtnsvr.com
ad.turn.com
ads.avct.cloud
ads.playground.xyz
ads.pubmatic.com
aorta.clickagy.com
aud.pubmatic.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.lynx.cognitivlabs.com
bh.contextweb.com
bpi.rtactivate.com
bttrack.com
c.bing.com
c0.pubmine.com
c1.adform.net
casale-match.dotomi.com
cm.adgrx.com
cm.g.doubleclick.net
cms-xch-chicago.33across.com
cms.quantserve.com
connect.facebook.net
contextual.media.net
core.iprom.net
crb.kargo.com
creativecdn.com
cs.admanmedia.com
cs.media.net
csync.loopme.me
d.turn.com
de.tynt.com
dis.criteo.com
dmp.adform.net
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
events-ssc.33across.com
fei.pro-market.net
fonts-api.wp.com
fonts.gstatic.com
fonts.wp.com
gocm.c.appier.net
googleads.g.doubleclick.net
gum.criteo.com
i.liadm.com
i.w55c.net
i.ytimg.com
i0.wp.com
ib.adnxs.com
ic.tynt.com
id.rlcdn.com
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
io.narrative.io
ipac.ctnsnet.com
jnn-pa.googleapis.com
lf16-tiktok-common.ttwstatic.com
lf16-tiktok-web.ttwstatic.com
loada.exelator.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
matching.truffle.bid
mcs-va.tiktok.com
medianet-match.dotomi.com
mid.rkdms.com
mon-va.byteoversea.com
mssdk-va.byteoversea.com
mssdk-va.tiktok.com
mweb.ck.inmobi.com
mwzeom.zeotap.com
myreturnticket.ca
odr.mookie1.com
onetag-sys.com
p.rfihub.com
p16-sign-va.tiktokcdn.com
p16-sign.tiktokcdn-us.com
p19-sign.tiktokcdn-us.com
pippio.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.33across.com
pixel.onaudience.com
pixel.rubiconproject.com
pixel.tapad.com
pixel.wp.com
platform.twitter.com
pm.w55c.net
pmp.mxptint.net
pool.admedo.com
pr-bh.ybp.yahoo.com
public-api.wordpress.com
pubmatic-match.dotomi.com
px.ads.linkedin.com
px.owneriq.net
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
s.ad.smaato.net
s.amazon-adsystem.com
s.pubmine.com
s.tribalfusion.com
s.w.org
s0.wp.com
secure-assets.rubiconproject.com
secure.adnxs.com
secure.gravatar.com
sf16-secsdk.ttwstatic.com
sf16-short-va.bytedapm.com
sf16-website-login.neutral.ttwstatic.com
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.doubleclick.net
static.xx.fbcdn.net
stats.wp.com
synacor-match.dotomi.com
sync-tm.everesttech.net
sync.1rx.io
sync.aralego.com
sync.bfmio.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.inmobi.com
sync.intentiq.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.taboola.com
sync.targeting.unrulymedia.com
sync.teads.tv
sync.technoratimedia.com
sync1.intentiq.com
synchroscript.deliveryengine.adswizz.com
syndication.twitter.com
t.pswec.com
tags.rd.linksynergy.com
tg.socdm.com
thrtle.com
token.rubiconproject.com
u.openx.net
uat-net.technoratimedia.com
uipglob.semasio.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
v0.wordpress.com
v16-web-newkey.tiktokcdn.com
v19-web-newkey.tiktokcdn.com
videopress.com
videos.files.wordpress.com
visitor.fiftyt.com
visitor.omnitagjs.com
vmweb-va.byteoversea.com
widgets.wp.com
wordadsmediafiles.files.wordpress.com
www.facebook.com
www.google.com
www.gstatic.com
www.myreturnticket.ca
www.tiktok.com
www.youtube.com
x.bidswitch.net
yt3.ggpht.com
p16-sign.tiktokcdn-us.com
s.pubmine.com
104.126.118.201
104.126.118.203
104.126.118.210
104.126.118.216
104.126.118.225
104.126.118.241
104.244.42.72
104.36.115.113
104.45.178.220
107.178.254.65
108.139.47.49
124.146.215.42
139.162.117.143
141.226.224.48
141.94.171.215
141.95.33.111
142.250.72.98
146.75.34.113
146.75.38.73
151.101.129.108
151.101.66.49
162.210.196.208
162.248.18.10
162.248.18.34
173.231.178.116
18.210.31.252
18.211.94.188
18.235.68.39
185.167.164.43
185.184.8.90
185.255.84.152
192.0.72.25
192.0.72.3
192.0.76.3
192.0.77.2
192.0.77.32
192.0.77.38
192.0.77.48
192.0.78.13
192.0.78.193
192.0.78.23
192.0.78.25
192.132.33.46
192.40.39.223
195.5.165.20
198.148.27.139
199.127.204.171
199.187.193.177
199.187.193.179
199.187.193.197
199.38.167.131
20.127.253.7
204.2.255.233
207.198.113.204
23.195.100.26
23.195.101.76
23.204.152.11
23.204.152.15
23.205.77.247
23.3.115.102
23.34.59.22
23.34.59.7
23.40.18.4
23.40.18.5
23.46.156.17
23.46.156.171
23.5.227.42
23.52.161.180
23.52.167.93
23.88.86.2
2600:1901:0:8eee::
2600:1f18:2963:701:e440:4b18:a35c:e14d
2600:1f18:4e9:5a02:460b:2b68:c137:43d7
2600:9000:2209:ec00:1b:5138:8a40:93a1
2600:9000:23cb:9600:1b:6b7d:2300:93a1
2603:c020:400d:3000:7130:bb0b:d7e:bee2
2606:2800:21f:2cf1:7be6:911:71d9:25f7
2606:2800:220:131d:1d30:1f1d:238b:1e56
2606:4700:10::6816:1957
2606:4700:20::ac43:4acf
2606:4700::6812:19ad
2606:ae80:1451:14::1050
2606:ae80:1471:15::410
2607:f8b0:4006:807::2004
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80c::2001
2607:f8b0:4006:816::2003
2607:f8b0:4006:816::200a
2607:f8b0:4006:81c::2006
2607:f8b0:4006:81f::2016
2607:f8b0:4006:820::200e
2620:100:a001::c
2620:112:f002:bbbb::21
2620:112:f002:bbbb::23
2620:116:800b:21:c1e8:5385:5098:6bf0
2620:1ec:21::14
2620:1ec:c11::200
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
2a04:fa87:fffe::c000:4902
3.213.224.199
3.223.50.249
3.231.1.199
3.234.22.82
3.86.122.109
34.102.163.6
34.102.253.54
34.111.113.62
34.117.239.71
34.208.79.250
34.229.3.43
34.236.110.233
34.98.67.3
35.170.255.253
35.172.92.2
35.186.193.173
35.186.253.211
35.190.60.146
35.190.90.30
35.194.66.159
35.201.96.126
35.207.24.140
35.210.53.219
35.211.178.172
35.211.233.246
35.214.223.115
35.244.159.8
35.71.131.137
38.133.127.63
38.91.45.7
44.193.60.178
44.196.123.162
44.208.144.209
44.213.52.212
50.31.142.95
50.57.31.206
51.222.39.184
52.0.142.7
52.206.122.60
52.207.206.215
52.223.22.214
52.45.33.138
52.46.143.56
52.85.61.93
52.86.55.103
54.171.218.252
54.172.237.109
54.172.82.93
54.243.121.93
64.227.64.62
67.202.105.23
67.202.105.31
67.202.105.34
67.220.224.150
68.67.178.10
68.67.179.113
69.166.1.10
69.173.151.100
69.90.254.78
72.247.65.83
74.119.119.150
74.121.140.14
8.28.7.82
8.28.7.83
8.28.7.84
8.43.72.97
80.77.87.166
0054bb64379007e1dc5b4b03fa5b95379384d70ab260bb7b4c7695884de2fe21
0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36
019868423396868e03b3b7ed69e29e61f356e65aeb402403be2a1dd468683eb2
0286cc2a8c1be55a9775ea0ccd2f698e21a3a71a1e443229aac98f8e6990ea5c
02937e82ec51d1062fb9484c9d118e5daa2eedcb6f958853322ff63c22ba9044
0328ddfa9da0bdee54740bf571c4db6ef8d6ec908351a313f99599972ef3185b
03bdc578df22c63b243c4f3e898dd7d083c65b24205260541b0abc072cc38e5a
04f9e15d97bf49799e9468889b72551f097fc44bccdccdbed84e7f2631ae5888
05ad56421e9fae5e03e99164b482906ea998136040e11e6074a5f63bbcd842c3
070df4b3ad2812a3efa90856c75470a33e9151e178519010866846044e7631f1
0785592bada1722517b7ae15f56a0585a6f00932aa8be72876dcdea583de1471
0798b5cd2edc4e8646e9f707d54be00af3322cc069a36bd7fd85f4f1a7c45eb7
07eef98522a75f3d26d7e00088266068506bb5812ab207b8412f15657ff01a7b
07ff480685fee392e4f8580dc32bd6cb908506b0a9599fe33aa826f1f0a25e2d
09c4c80884a6bf6f714f31b25b38e4e7c0f554c57fa146a3458ffe2fec63075a
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b00a33b7b6d0eeeb7db07965105ad7577a2dd0b590ca917fedd8dff078a588b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c546df93a10e40951f3b03a869487bc150e8c1cf91af619e9ea45275a104f1d
0e83ea598c00b75b76b01a2764860abfd5f369f8c293a8e5862c531a257d197e
0ea6c65d8e460987a7ea8f98355f789fe6bfbe11b0afe7a1c65d6042da65ea33
0f4328dd583577482da89d8af94cd1146cec997553dd53bc2f9ee3d406cfa9ce
11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990
145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5
1487bfed1f532d8cff7ec61ac6bb53dc91e8745905444ba4fdb237eb19071cf0
159bbfc67b046563c4677800806ba13bd6e25e5e0b4237df34c33ad284425728
1685dccdec161950556c43dbcbbd7fb467fdcce0cc3bfae9563c31a82e5c47fd
17eca03dbee78234d1b0040c232e9480e05707594e4d8ffcdb2b0294dac1b0d0
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1875bb81ac5b62ff3f00f0ec569b3a3107f7e60e0d2a992e3621566c5f3ce6de
198ea1f009ad42b4a3cef7e746429a187ed00f0dab494a585d50f745c0b0ba6e
19b57e82d970a1558a564d468bbd474187062c6ce3fd4035539080ceca3e4fb1
1a72c573becfb1e8529cc987d0508245574afed28a710b3ca816d0f52028c66d
1bc7f9e210e46b3bf70b0e1b710b6248d4f505d0b837a7859cf57849e8a0620a
1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6
1ef1560addcf7272b9e3efa956bc4ea4cca2b58694c3b0caea1883af0c27061b
1f27cb09e28927a4d80ca0a864a6f9c99ecc2a4d97fed7c7dc8b6324b25e1150
1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75
1f49f874503a572ad4de1e09409614e1231be0ceaa036651babd68714308adf6
22ccbe5ec3b3ffb63f69e3fd5d6c1697c484ab87b4506fb3026fcaba69c9175f
24bfeb8c2001fbf404d916c211663a18c07e15a34b62f48ea6a89bbf00a1655b
2503a70f3f3392baf783ae9c7ba12599b8587163724f2309616faba1e23ec585
250ec322699c4270969d3ea1f5114d6f478eaf480c8d650662d4fc1f2589751f
25327681a11396ccb404f8d6cca63eef4cc90ec1731f2dec52461c2fa1ff749a
25be315ec4666021707243d86c60cd082b8f898314a6bdced489432b82cead44
273c8613cdd2852dd5318f224d804ae6d2fc717c48d3f1dab587b6d396fb4fc8
28591c05e2f139616458dd439196f4abb148b6b3a4cee13a273d00515d32f4e7
28924fcb84d16af502e948cbdf22d54757cf3f3d3f8082a613e97d1edd19376c
28aeb734703e8168f4ea0a79217438e09456a12a43a04270424788cad24540bb
29a734dbe0c87dca942095cf4038b7a2519fb48ff2e06d1f49b8d8854493ac35
29bf2a50aee014094acec5526b47e1a370f0b6e312514eec31fd3e853f8daff0
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2acb4e29daf1b1354c36fbc6dcebf7ba357508a6c3c89e68cc0bf85dc8996a71
2db59f523430f3b88c530c7a8fe51aa23948a64a1b438d7ed5c11aa6fd3136c2
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e52bcdc0b91cdf1060c6b1b62793fc25f919bba2183c9a828ca14740f4a7a92
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30ca792cdb0a20c5c50ed95ce02efc59246c30ff0c14d551f887b081b074b6e8
3285ccad564996ec76ee325e1ab72f2f31c39486cd513b4b508fa8066d8651e9
32cf39fdd1cd09157852ef8193ff69bc05364c447e0fbbf2271bd963b30ebd7c
337addd9aa9a16c1bfb46b340d14a9bdb5f674a4c8c5fb7c6710b53c43c33b27
3562d6f044f64a4fc1f10f605f9526f878567c59c81d660dd46b51278f534d75
3642df12f0d930d5846a96652080908eb2f383b602a95cf80d1e6227e66e1c46
36884b575efdea77a176a00f6371bebb9d96045b967d5ce37711c9f2e48a5b86
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37d030d02d5d28046a3745ca9a4b6459667753c76bd6f3114f8aed0508a24beb
381e5a664274a2bb2192ba972942266d4b1dd7f4b0ff32012108dbdf789980ec
38f8855de58b8be47870f11e2fcb2502bcac87a342f4e68079371388af0ebca0
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3b55b8a231a3a6a1a4bebc091b611a55f6a0ceb161f1ef403c808f96e719a4d4
3bcd2bc141b162d74683eccdb193b3e616cc5bd2f342f5c734df96ace8fbb9b3
3c9fa5e24179855811108cfa316758b0cf1a76552909bc33a92f927452410f84
3dd4f09f2b161e0f7162cf65f859ea4826d509aa986cc05e2363da0b32472dc4
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e535ec26b28458329f030affe83de91d405ff6e80d740df0c623f28ee2ddd18
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
427eef88c2d9c68f28ee1a99fb8e237dbcdc8c7e2e598ad583a3bc6942e3a9bb
44a761b080ebfef1ac252a597dc0b3a95c7dd52a198e19ce66926343d7e3976a
4573b4b7bcf4898d0d4a4b7be84aacc0d20ec27f7a0b2f23021dd1308fad78a8
4653895945c1f85762fc514ac9dbec0cb455b714ae8863c93f462dbcb10df14e
4667bb8eeb34282aec017941d056502a4a53f958c711d79fead0b943f568ed7a
479a304588db1854b032d1b78564413e9dd270f4c546c378e133a0f592125ba4
48936f736af03400e469982565d12dfa88860943bd07a3f55708b5fc3c7d71ff
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
499ec54eb2afd103ec37505e23c6570fc7d89a0d728dde19d87a092e4a3261b4
4a312de5d5df23f9f480daa5837af8b88f77bb83c0ad3f04d474a449d43e7859
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e41012b584c62c7aedd25964f4bd07766df2cb83267666346529b3020548a2e
4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
5025bac324e85e4a8e7e7d685ae202c70bd8ffe8960d8afc4aafed62745def0e
513c743030d6d436282807ba5998d6b35c550e3bb1d198e3084da2337d69311b
51a524f1017aebcb45ff710848c36ea0f42c1f89fe0abebf21a3661a4070d4e0
51dc1ea3b9642d966bbdf2c63346e4d2d3f668a693fa8e7f1e31bf6acbe48860
527ba0f1bf89ab0bba319665d0cf34f958a50b139dac9745efd5feadb0db1cd5
527d891c609b8d1b97924b466683f588753b2ad822821bdb8360a302d184a77c
5323f300b1b171659cc26cb6e5eeabc7b2e25e51d0dcabe57b63e269f982b79a
53d1124a84286074a4b825a8456b22329da65ddacb4d762c5a6c0bc9745500d2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5751c9ff78c4a48e27ec346ab17332997d8fc108adebe13ccf7babe10ac9d9e3
586f3dcb8c2d4ecc85dc3228c4875b1bc46b704b5e7f621f44253a8e6cb7e357
5891c67601020cabaf90ed5ddda027b085f57af3ab6c669cdeadd85ddd1f62a8
58e706aa7ebb88c00de8b1eafe4988c755fd6a230e1f94977b4f1b76bbaeb8b3
593d59f9f319875b02111ac46a9f70df2c1e0f3a5fd92810c3f5ddbb598ca62c
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5b08ba63b71f17685e1d02326f767161e66896d565133dae25a86d6a17105fb9
5b5acfb319cfbd1ac052aafa3bd4d256c9803f9e68d306047e75fe0702496a33
5bdbed60ac40be9a1f9b5ce25a04a5805e713f9a6f6a784b620bb03cdb443443
5c164c47c51642258f413a6f8083c8dfd6b8c25dd4d112c116d52d04cb9c1031
5c2d662e92bcbf1a5970b97040f901031295e79a96314db8302f549003022087
5d34c9c4fdbdbdc490800e91e3fc5f0cfdfc734eea23c427aab2de17dbefd609
5f5beabf59a0f4c1c28f05dd34047cd1f401f146b85eebbaa7ab8d971f075e64
5f6cfbb95a24944b5196aad7d85f3aacf782d9008ac0498876b0b01825003acb
602420af75c791682ae9f4a1553fa935ac2308dbf2ef8b1f4dce63372b12dc6a
619408a749226ff1011c63b9d2725297ae51004e284c736cdd9011a74e239529
620b91facf960edbb349af147c9d3c354a90a6fec12dc1486ed19e296413d877
627b65348371145aaabe55e47cd88f930ac1deceee9035c225e2599620b31809
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
6348a488689f9ba812aebafed7f1c9b9a9347b057c4aad3075dc05b6d6b9ea93
649a3f5c2d09ff6f5972babd1e422e028f40bac1207c89a384090ea991155924
6500ea459acea71d6708f18ed81c0a9556f9277f4c6bd5c5865457a5f8f18ebb
6793fa2f8d1a76e1ff51f8a83ecf5aa7ebbdc5f422196c1cdcda31f496d4d41e
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6820dc5a852a390b26eaa791f6f9f9b976fa0ba6c17412089b25946d7d9de99c
68bcabe8a89729ef9647f0ecf9c543bbe167e55f40f9e4d266ac81ba60ce8b76
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b011c28917d3fa99b9860f2b824189f6c5748773a8ef1df070b4fac8797edbe
6bed81d640861b73c73d7c0822e71df139a10551a18a5b82b1c493a4da20c2dc
6c8210878b445817d946a9ca013987f950b29a7b2ebb6fb529bbc1d88a5a27d5
6cc3327e9f74d8440ff73c82bad544eae316dfdc3d1529cb66d75dfd0ba13dfc
6d6905234cdd5f45051bece6da239c116e4c6d027c817e96e30d2ab7d1d33591
6e074a5f0edb1270587c096bac6fe90794a2380d8d670f994d65b954dcfe1df5
6eb47eddc2939dfd973d0c390a02410b1341642374c4812388f1113f42748c5e
6efb84b87f5aa5b2fbae4ca22ce3458652c84df358f431ad6afe97f251c4747a
716a727e47216ad28191f60fb09d59015b1bcb3df8cc32b5bb94f73d534a5732
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53
725009d861547b1ad980adb1aa845f2445a61d2a05e8aa3dbfee3403b1a3a590
72664adbaca56185f8a36cf96ae29bd00389eca1a693bc48a331f9d4feb6942e
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
7364d32e7ae3480a5e82ac421c9de640df6efc15abc2e38f2e7eaa85996e8fff
7483b63b9a8f2c8c5ac42c149c723c29c58c5e50ff7f39eececd2d23f6c664f3
7520bda9576b519df3561d67722d95bea0bfb8f644b8b83b38b663138d62cd68
76680efd61dc1f00144c9af7adb317cc0642fe53282525e7e35806a12e74a084
780f397af51cc4e5ff03ae3928d04e33b8cf2f9522513955200408fb2e56cbc9
7837e876f1eef549b3250b78380ec2df00ad6da4da6c27667424b1636854df3c
787abd6ff6fcd7934e6aa6c400ed253127ca1c23f1f5f1d77843e0f76afe06bf
789702f65833aa6323e0fa3286829b1efe6fcbce143363f3acdb0c11622a776c
7b9c955184c035663a589d8cda7d26899570883e69a72b9b312f920cb451f144
7c05a4475469ffeec0900ab894a10b93c6e1a4ac7f9f0ed7d8931bb10d54cbae
7ce4c25aa7c2fa24b63c05cbd733dbc89c677bdcc50aaec21fca9f2af33f7f3d
7cf51bb086864575674a8676d4395edfee324b7c906ab0378ca405924c982da9
7e4d695ebaa1b96bdc35fcb585618254612d65a5dc6506369f797765a3bf6f71
7e5480b896d72d7eb139527f4478332a17cc485049b49e6a23b19e23faa6b58f
8028eeb56bab92d02ae72e77370cd68b6b53fab8e8539f6b83f8370706a21e7a
818b4e85ba7eef4f3d469e91c15561223d7e751c87ea96e7523f8b65f4831a97
81cd29d1413ecf75834fb3ce1da572fe5c39e53b22c61f5dafec5b14ed4ee12e
82be39fec355411c0ba2309df7a0dfc0ff74262fe03a32f0aed19decb931ed05
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
82d7db2beaf0bed1398411ac2509f5fb4ca0564af181a066c77bec4b835b93bb
831d0297ef02248d890cec3436dd2085945d14cc82c37d761c93db656055241e
841fee61c1724519fce296da783c4346d73054922cc718992655ea3ee19066e7
8480ea8a09b83544a41d81eb16d1357253e0e7e5e6040441df9b55f35fab1d9d
853b6242d851436432885d6ba50566e89e29ad5256807f3abea8137caec3d288
85d38d8547a9fa3fdc1e6c2bb62068f8401eb350a0d7e732e10a88473c46ce0e
872db3cfe3551af5452187ced39a006550cdff8ee2a508014591081d39b6ecc4
8730c26defc411dd8a51f1da47e5ae3804fab6868f7914a26b09d8e0791bbe39
8848f7b4f4344ac088ca265add62659588b7e324f27fe2d3d4914595e38fbf3a
88dec960d00fbbae87d69f27bf0c1a6b8045ec286ea15b694c191ce0f681f581
894c783178eb7ccec8bec8aa7b8a886a54342f6c43f6725a103cd5e0ffda9589
89530c720f670e5e215b13e96e84db774002f83e659da7b48909aa81de084e56
89c5314e12d29bf3bc413ae55b71d08b57919695674b14aed3c4ef8670ed2b2a
8bfab0d129df3b82bb91b20a679c22469bed26d944548f1bab1d4e87dabf7317
8bff9960f704c72b0888bc3e2d51bd2765d79634485c21d1af8f47e6591c0a7b
8dbdc6a09769365447f2956f10b02b3f1fd8c7b3efc36b0653770ebb12bb8f53
90242b720debaa769af3d359ba813842af99cc1fd4ae3f4d61114bcca2674605
90a788a6783f06538320fc5e1083432ff5ae211c50fc1e1af59a8acc44b3649f
92d7cec1ffba87de844120540310180198b520721d720c31dc1a03dae4646e32
93797d89682220b8c1a4cd106144370fc2f1df3e31a7c68184c9e4e7537e409e
940d67c5e6edb9bd6e78bc96aaba722f0991875818055ced9438466dd24d23a4
948190a15ae7d94bc1d62d16316370c5365c520310b32a4e3719a93d9a05f78f
94e9470c7f3fbbcf874d293723dcbd74a4346ce3edf5bc76c9972d3358a4265d
962c75c86fd0722b9d27e2f3f9c94f41c14af8a2c9c899cee408558556f15151
976aa8f863de17f9e879dfc3716a8b440275a49bc39f30da334ecd568ed41d51
989f334ed5cdfa37f48f933cfda28cb96803adfad94ec1ce5697d7b58737e4f6
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b49659fb26f046c8c7491a2aa736d47a1424e22a043646e4a0621e405f625cb
9bed24f08cdc0eeef8f1f4bb52d2393b32099c9410678c6324ed6bae45d20114
9cf7b580e825b8c9b0c022210900d67bfe63a0dc473ce54084e2bc57c75d6b19
9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc
9eb78ede7ef459c55888476fa1928313daedb60e3c61249a7eafb52807055b8e
9ec71e36acf5205e5dfaf0358b1e08bc9d240d1e4878d940b5fd1d0b1a39ee7a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a06a95ea00628094b12ee3d0b282b697cb39e774a4a67a59b8f66b6e4c85a86e
a1dbbafdc3544cc1a9eafad30123a7da4f4dc92a9c282efea53821cb648a4aa3
a26cc6d2eb0e784ce0fff3b9af99f69ff41082682e3d52dea692e1c91dcd18cf
a28299bebe468622310c700bf1e596eaadd1fb001917fc409f13c434de9f077c
a318b95438ad006eba1587fbb33a6cd6be2bcb68759e6db7303851263e9d86f8
a38aca823bb17c7335f249bb6194adbc333694c11ffa76563b4cba3a033cd99c
a452d886679256741d27135e29d2a1e6abeabef20653a8e3e95e013ccff244f0
a53e0354865b02c562361b3514858c376cacafe997e5e8fdab0af3c754376299
a607444d7c4a47be64d7b310770c0fca233f8bd20f0a8ce45d7aafe8d0cb3c31
a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b
a83c4abbd4a9722051a75c74939b8a81dc2a5f502780942da2a305b41c96279d
a8b8d32e43a9da143d82e258571b2a15fdca6315f712502cb04c35aad0e389a4
a9c0cef076b1b383064b2a4c6646c3e39f18bfd8694bc7103c25a14a579842fa
a9f2f7ad522f41e86ac8dbc907d37db9cd7bdd5f3c9dc4dec9b3f7deb48ffe59
aabb81e8ca89df24d05d690d7843eeb9c88fddd714a29a5caf2c0fdeddcb9519
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ad47ba94a10ae1d33ae560908be64e82a702d3a8bc37b6036093926531d8211f
adb109500959e94d22eec1e26da77730b763a7b0d993559d4fe27074757c06a1
ae3cf5aa3568fd9d46f7d88506d61af60c056bb31ccaf9bddc5586443064bcb1
af07e8e8f5c056dbb8096bc11e0a1cd33a3a93633f6fc3936a04cdc956328dab
af43b638a4229ffc7b81fa1914aafd1b9c4ac296345b568544d0673c7a338fb0
b043531311546e69ef15d19c719f394bed075b10a4d3dd56628cabda1e46b9d3
b06364ba73f029b1ae3576c98bd92cfcbdc717bb43cc875c48f76e6b0b6d93e9
b097fc471c067f5960fbf018f38f1e00396bb71612d79be26976b8f18cf8da26
b0e3dea3ead4a88d28a0203a5dd56155100bf5d61b73c371992aa9f211ff5480
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b20dfc5fa44e7c4df84aea06512c0d1a08f0446b5f0052fda8a25241049f3ccf
b29c6a754f45310e946a97bcbccc44374ed897a0c775b7166282c90fa4e25ee0
b38e8d0671497a9d9bd6fba89ffe2260743f8d331644fee79659d45fe42fb764
b407aa623a088cc294558a9bfd8aaf7031231fc32d6abbece34bc1aafba19e32
b4593431b272bb27e6ccf17780144aad9cca229550441cedf2391549cef0a695
b4b0789c9d823fd2888f4f2501afd255b449971ea288d46ab65bc2408088515a
b625dfad220f1313e782af595c9c08d584a8b34c2f473732f3ed76228d579574
b68f4c5a0351dd567c9aa229d1ea90af6a2148fe8c8f36083619c7316fb1fa79
b7cccc373c605e392385aa245428f422d90b715d85a7376ebc4afe1e6882a018
b7fe72fa7c50526641c33344cb251bcd64570ae2077d02443af6091ff7403d27
b81545e6162f1d5814081df0790eed545b7d8cddf9af33d443571c200fc9dc13
b8b82aaec29dbca3104d2d57256a6951954fc95fb5fc79ef89ef9e68e83d611d
b9711fdc2eb806e7f86b266d9bbc6cd03f3fda68c6ec902aa3a942b99ba4f213
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be22b9b288ee2731863854b80b4fb652412a6a513c4c2e56c609425c1dedbac5
be52cc0c4ad33c383310317c3d945a2349d489e84e01ca8a284661f38a7644bf
bec03ce7a69cba3f0c0db4439e7c839017913d8d3596eb96e3c7bed807b73fa7
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bf1d67ceed1ff1089d98db4dd45104cb895540427596bffb3fe6a16fdf4fba7c
c093b1020f02bb70adaf6d648e3fe71409475aae8d054596484e244aa9dc1d20
c1dde03ff77bdd49b0c9be61c1c719dab315d38a900f3341824249b2bac6907f
c1e0b3bd7d463d74a6ac829c3d8f4dddc93369e286a429dba482b85ccb2ecf24
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c2b051d53ba403c8953a386369a33fcf2e58ba7e08177194cabcdba7a52701a2
c300107aa80b31398a8c1db7500a6e951951efcdd08d2ae7a7ae376958142529
c32a1d1b779a2bac3e9fd5fa716dfeceb0c19c6a11cb11dd91584f9f9aaff5cb
c4ed980116c12325b30c81ef2bf6e2284ba2242b57d7c2ee4867278fd078dcae
c5cdaccdb5ae058fbc4f9051562b0a5142372082152eeded79045550c079c32f
c6303d4462378ddfc0b91eed4f9c84f0fa8cc6f7c5f3868aa128114b598bae52
c7bb55ef8544f9e9c9c6513e0bee9dabd9e8baf9d89c89b6f1ec8048dc0b66f9
c8aee342812ce7c5e0f7f3f96501065bb598f8556583ccfc2f8a549448c5b92a
ca3a0dcad7ffc7ec4ffd3481e69bee559c81ed31f481027b43e05db41f534fd6
ca521527d1f5c94284c69c1a6dd8740bfb8992e1e1865e2e267ac1e18a7ad677
ca7d7dff6307e8decc45de9e33dab490312ebf338508f6952e33aae33d63c280
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cddd809d3fd2a18840dafe8e2ba06f4c8c35d699064c1091222066455feaca1b
ce0a15177d7493376c4107e6ed4c87d7224642995692c17376eb00e0b63e05fe
d3b435390b2a5f36a9447eda0ccbaa07e7164f0ece669e245db449c3f3f04feb
d3c805b737a38026d7942ec389da445e2ea058550842846a458ac09b9d03c953
d4b2d5aff0d450d7ab1ecf485419963e8e76f8708ac14499130d2bc589149a18
d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115
d731b8734322d97cb8d0de94787235219dd7dfd9e9b11c74e696c5dd7d3faf3d
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d858782d53337cb280fd29487a8c25544984a1abc8619d4fc3535e4458101d1f
d9586dc23491b8f02252d2ee8f0b8dc080ebf4a1f24d052a6f2d0794bb2c1b46
d994257abaf5f4b6b085c3210a1ab76e85b38b24cc65e0b53acb5158963b675b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e145b1a56b822a1f604021905dc0c661a5447c13a569b6424be2abc8c140b668
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e80cc3d9eddff70ae2e3a25774d1438f4275b019fb718fe6be8bd2e0e8ddc8
e40392e86c82f3bce196182c21ed8467cca4aea225e451db8fd16ca727fa52d8
e54d86561445d293d82172fc7071e7600a138024a8d4d29ad03952923a8b1b28
e57d9c3364c26938cbd62b9b74587764998362b428d85df0cac67700863c7a9c
e5dc5b5429f167e31f456365da488fea9ed2fec4e657f051705ca82734619145
e62ee4be449cf0c49c8bec3c89f6654f93d3e92b505c3d4c2ead7ef38520d981
e7a3bdd1d9b0978713286dc890c849e82798bffef8c6207797d835438ecea518
e9b808c0f6120ffa74bd8a8e2b90c01447161b3b713518d9abbea2d8f7315d42
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366
ec3a21a491af4587bee1627d1283c4ec4b36021a7e281dea2ea6e20fd827ce71
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee1c3df88658889dd16eb51f1be75e083f5bfcf340c74622f52cd257393174b2
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f20787bfc7f1fa72a25b34791bb22ad02d6d6b225d757989712d37395c4cccf2
f35600ad8da7f848599c63b2ab63bdeadb87b87ec13e6a75d1e10e8dcbb1c8cf
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f434ed5c095e5242f77ababc08f128304d3fc0b8f28988989a117f2fc8ad4a18
f6629f41802994e457edcb7e45ad40a5dde8583afefde5221ffe66c92ac02cae
f70e786fd62f0d65e8d9b60532bde7784a5d87fb5472124f272e503c8dad1d50
f871a20cc81d534bb7daabfa1c4b937c94464358d4bba35b785a5d99cc996b12
f8fba15bcc32240859f0e8e3630392574ca991861c7f84ae1850badb458fbf5e
faeb32352af50842ae43eeeeb493610d6a263c552467e7bde879f965eb4f6e9d
fc419a10a98b1613255943931a9d1aeba15d57844b8e29153b7ed41fbd777f22
fcd5f958e42bb819daefe2c5988b207664b1dbeb1a59568a59c315f9ae16ca1e
fcef7cb04a9dacbf7f9f99d7267dbcd1d3a5d01225cb8ddb112433df6dd328b1
fd16b6a5609992d1c58fbb173db4e30c78e4639527aee8cebc40f23960016ce7
fd5645318b6ed2dba91420c8d1a1758404640e0caf9cc9a56186b1501299a19c
fe01a884862a9fc8f18526db1bd61dfc106b692821df5d965ccd3046b23bc65c
ff727fd212923b4b4646cd9e0036512be9a33929b023b5f6f8b3d490dcefb439
ff9e9b2d641405ffb37715f67f0f683096091438368fc3dddc67a447a7f1fad3

myreturnticket.ca Open in urlscan Pro 192.0.78.193 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

889 Requests

84 %HTTPS

18 %IPv6

123 Domains

192 Subdomains

104 IPs

10 Countries

28885 kBTransfer

102005 kBSize

278 Cookies

23 Outgoing links

Page URL History

Redirected requests

889 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 46 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

myreturnticket.ca Open in urlscan Pro
192.0.78.193 Public Scan

Screenshot
Live screenshot

Full Image

889
Requests

84 %
HTTPS

18 %
IPv6

123
Domains

192
Subdomains

104
IPs

10
Countries

28885 kB
Transfer

102005 kB
Size

278
Cookies

889 HTTP transactions
46 data transactions