marchofdimes.org Open in urlscan Pro
2606:4700:10::6816:4345 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023ma...
Submission: On March 30 via manual (March 30th 2023, 3:16:20 pm UTC) from US — Scanned from DE

Summary HTTP 296 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 82 IPs in 10 countries across 65 domains to perform 296 HTTP transactions. The main IP is 2606:4700:10::6816:4345, located in United States and belongs to CLOUDFLARENET, US. The main domain is marchofdimes.org. The Cisco Umbrella rank of the primary domain is 316704.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 15th 2022. Valid for: a year.

This is the only time marchofdimes.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
41	2606:4700:10:... 2606:4700:10::6816:4345	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6813:bb61	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
17	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
2	108.138.15.119 108.138.15.119	16509 (AMAZON-02) (AMAZON-02)
8	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
4	151.101.193.44 151.101.193.44	54113 (FASTLY) (FASTLY)
12	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 4	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
8	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
8	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2 6	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
7	2606:4700:20:... 2606:4700:20::681a:b13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	23.96.109.67 23.96.109.67	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	34.201.238.83 34.201.238.83	14618 (AMAZON-AES) (AMAZON-AES)
2	2a02:2638:3::e 2a02:2638:3::e	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
4	2600:9000:225... 2600:9000:225f:b000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
8 10	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 6	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
2	18.66.112.41 18.66.112.41	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
3	54.239.28.235 54.239.28.235	16509 (AMAZON-02) (AMAZON-02)
1	23.206.116.8 23.206.116.8	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
4	76.223.13.31 76.223.13.31	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:225... 2600:9000:225e:d400:14:6bfc:5740:93a1	16509 (AMAZON-02) (AMAZON-02)
1	172.67.23.169 172.67.23.169	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
2 4	3.122.123.120 3.122.123.120	16509 (AMAZON-02) (AMAZON-02)
2 2	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
3 3	185.89.210.90 185.89.210.90	29990 (ASN-APPNEX) (ASN-APPNEX)
2 4	185.89.211.12 185.89.211.12	29990 (ASN-APPNEX) (ASN-APPNEX)
2	88.221.168.23 88.221.168.23	16625 (AKAMAI-AS) (AKAMAI-AS)
2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2	3.127.20.54 3.127.20.54	16509 (AMAZON-02) (AMAZON-02)
2	185.86.138.153 185.86.138.153	201081 (SMARTADSE...) (SMARTADSERVER)
2	2.23.197.36 2.23.197.36	16625 (AKAMAI-AS) (AKAMAI-AS)
2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
2 5	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
2	37.157.3.20 37.157.3.20	198622 (ADFORM) (ADFORM)
2	185.255.84.153 185.255.84.153	200271 (IGUANE-) (IGUANE-)
1 3	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1 3	52.209.140.203 52.209.140.203	16509 (AMAZON-02) (AMAZON-02)
2	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
1 3	54.72.214.60 54.72.214.60	16509 (AMAZON-02) (AMAZON-02)
2	34.117.157.22 34.117.157.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	18.192.109.166 18.192.109.166	16509 (AMAZON-02) (AMAZON-02)
2	70.42.32.63 70.42.32.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	2600:1f18:612... 2600:1f18:612b:4200:56a9:a863:35fa:3ae3	14618 (AMAZON-AES) (AMAZON-AES)
2	85.215.5.31 85.215.5.31	6786 (CRONON-BE...) (CRONON-BERLIN-AS)
2	2.22.155.103 2.22.155.103	16625 (AKAMAI-AS) (AKAMAI-AS)
2	63.32.242.157 63.32.242.157	16509 (AMAZON-02) (AMAZON-02)
1	154.59.122.94 154.59.122.94	174 (COGENT-174) (COGENT-174)
2	52.46.131.6 52.46.131.6	16509 (AMAZON-02) (AMAZON-02)
2	3.5.86.140 3.5.86.140	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223e:5200:14:4f74:f880:21	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
3	154.59.122.79 154.59.122.79	174 (COGENT-174) (COGENT-174)
2 2	34.225.94.4 34.225.94.4	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:ed:... 2600:1f18:ed:550f:d48:f65d:a04a:3bfb	14618 (AMAZON-AES) (AMAZON-AES)
1 1	104.111.217.14 104.111.217.14	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	52.213.74.200 52.213.74.200	16509 (AMAZON-02) (AMAZON-02)
12	35.157.254.245 35.157.254.245	16509 (AMAZON-02) (AMAZON-02)
6	151.101.129.35 151.101.129.35	54113 (FASTLY) (FASTLY)
1	54.148.115.137 54.148.115.137	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1 2	64.4.245.84 64.4.245.84	17012 (PAYPAL) (PAYPAL)
2	18.223.64.90 18.223.64.90	16509 (AMAZON-02) (AMAZON-02)
1	54.185.153.95 54.185.153.95	16509 (AMAZON-02) (AMAZON-02)
296	82

41 2606:4700:10::6816:4345 (United States)

ASN13335 (CLOUDFLARENET, US)

marchofdimes.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
give.marchofdimes.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6813:bb61 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.130.133 (United States) 1 redirects

ASN54113 (FASTLY, US)

js.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.15.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-15-119.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.193.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

8832015.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.134 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:20::681a:b13 (United States)

ASN13335 (CLOUDFLARENET, US)

loader.wisepops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
popup.wisepops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
activity.wisepops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.96.109.67 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

doublethedonation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.201.238.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-201-238-83.compute-1.amazonaws.com

px.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::e (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dynamic.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:225f:b000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:2638:3::c (France) 8 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.250.1.9 (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

widget.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.112.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-41.fra56.r.cloudfront.net

static-na.payments-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.239.28.235 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

payments.amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.116.8 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-116-8.deploy.static.akamaitechnologies.com

origin.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 76.223.13.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: ae1d37305401c759d.awsglobalaccelerator.com

payments.braintree-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:225e:d400:14:6bfc:5740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.ywxi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.23.169 (United States)

ASN13335 (CLOUDFLARENET, US)

widgets.guidestar.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.122.123.120 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-123-120.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.226 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.90 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.211.12 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.221.168.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-168-23.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.20.54 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-20-54.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.153 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.23.197.36 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-23-197-36.deploy.static.akamaitechnologies.com

criteo-sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.75.62.37 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.3.20 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.255.84.153 (France)

ASN200271 (IGUANE-, FR)

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.209.140.203 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-140-203.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.117 (France)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.72.214.60 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-214-60.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.157.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.157.117.34.bc.googleusercontent.com

matching.ivitrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.192.109.166 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-109-166.eu-central-1.compute.amazonaws.com

exchange.mediavine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.63 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4200:56a9:a863:35fa:3ae3 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

criteo-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.215.5.31 (Berlin, Germany)

ASN6786 (CRONON-BERLIN-AS, DE)

a.twiago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.22.155.103 (Glattbrugg, Switzerland)

ASN16625 (AKAMAI-AS, US)
PTR: a2-22-155-103.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.32.242.157 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-242-157.eu-west-1.compute.amazonaws.com

sync-criteo.ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.59.122.94 (United States)

ASN174 (COGENT-174, US)

e.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.131.6 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

apay-us.amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.5.86.140 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com

s3-us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223e:5200:14:4f74:f880:21 (United States)

ASN16509 (AMAZON-02, US)

d2ldlvi1yef00y.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 154.59.122.79 (United States)

ASN174 (COGENT-174, US)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.225.94.4 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-94-4.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:ed:550f:d48:f65d:a04a:3bfb (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.217.14 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-14.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.213.74.200 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-74-200.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.157.254.245 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com

client-analytics.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.129.35 (United States)

ASN54113 (FASTLY, US)

c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c6.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.148.115.137 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-148-115-137.us-west-2.compute.amazonaws.com

ssl.kaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.4.245.84 (United States) 1 redirects

ASN17012 (PAYPAL, US)

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dub.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.223.64.90 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-223-64-90.us-east-2.compute.amazonaws.com

s.thebrighttag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.185.153.95 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-185-153-95.us-west-2.compute.amazonaws.com

www.trustedsite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	marchofdimes.org marchofdimes.org — Cisco Umbrella Rank: 316704 give.marchofdimes.org — Cisco Umbrella Rank: 706874	1 MB
22	criteo.com 10 redirects dynamic.criteo.com — Cisco Umbrella Rank: 3638 gum.criteo.com — Cisco Umbrella Rank: 416 mug.criteo.com — Cisco Umbrella Rank: 2381 sslwidget.criteo.com — Cisco Umbrella Rank: 1825 widget.us.criteo.com — Cisco Umbrella Rank: 18056 dis.criteo.com — Cisco Umbrella Rank: 718	57 KB
19	doubleclick.net 6 redirects 8832015.fls.doubleclick.net — Cisco Umbrella Rank: 596098 ad.doubleclick.net — Cisco Umbrella Rank: 172 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 335 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 stats.g.doubleclick.net — Cisco Umbrella Rank: 100 cm.g.doubleclick.net — Cisco Umbrella Rank: 228	39 KB
17	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	697 KB
16	braintreegateway.com 1 redirects js.braintreegateway.com — Cisco Umbrella Rank: 7919 client-analytics.braintreegateway.com — Cisco Umbrella Rank: 8355 assets.braintreegateway.com — Cisco Umbrella Rank: 19540	43 KB
12	bing.com bat.bing.com — Cisco Umbrella Rank: 407	48 KB
11	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35 region1.google-analytics.com — Cisco Umbrella Rank: 2284	108 KB
9	google.com adservice.google.com — Cisco Umbrella Rank: 90 www.google.com — Cisco Umbrella Rank: 2	28 KB
8	paypal.com 1 redirects c.paypal.com — Cisco Umbrella Rank: 5512 b.stats.paypal.com — Cisco Umbrella Rank: 5099 dub.stats.paypal.com — Cisco Umbrella Rank: 21041 c6.paypal.com — Cisco Umbrella Rank: 6640	45 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com maps.gstatic.com	391 KB
8	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	325 B
8	facebook.net connect.facebook.net — Cisco Umbrella Rank: 161	543 KB
8	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1131 pixel.quantserve.com — Cisco Umbrella Rank: 919	37 KB
8	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 958 trc.taboola.com — Cisco Umbrella Rank: 682 trc-events.taboola.com — Cisco Umbrella Rank: 1954 sync-t1.taboola.com — Cisco Umbrella Rank: 1246	40 KB
7	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 230 secure.adnxs.com — Cisco Umbrella Rank: 429	7 KB
7	wisepops.com loader.wisepops.com — Cisco Umbrella Rank: 13330 popup.wisepops.com — Cisco Umbrella Rank: 16110 activity.wisepops.com — Cisco Umbrella Rank: 16185	47 KB
7	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47 maps.googleapis.com — Cisco Umbrella Rank: 409	224 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 433	136 KB
5	acuityplatform.com origin.acuityplatform.com — Cisco Umbrella Rank: 17553 e.acuityplatform.com — Cisco Umbrella Rank: 14617 ums.acuityplatform.com — Cisco Umbrella Rank: 1370	6 KB
5	amazon.com payments.amazon.com — Cisco Umbrella Rank: 12083 apay-us.amazon.com — Cisco Umbrella Rank: 27775	3 KB
4	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 302	950 B
4	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 323	1 KB
4	braintree-api.com payments.braintree-api.com — Cisco Umbrella Rank: 10145	2 KB
4	google.de www.google.de — Cisco Umbrella Rank: 5216	779 B
4	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1047	5 KB
4	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1592 insight.adsrvr.org — Cisco Umbrella Rank: 633	5 KB
3	liadm.com 2 redirects i.liadm.com — Cisco Umbrella Rank: 594 i6.liadm.com — Cisco Umbrella Rank: 2475	1 KB
3	360yield.com 1 redirects ad.360yield.com — Cisco Umbrella Rank: 676	1 KB
3	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 215	3 KB
3	casalemedia.com 1 redirects r.casalemedia.com — Cisco Umbrella Rank: 1416	2 KB
2	thebrighttag.com s.thebrighttag.com — Cisco Umbrella Rank: 1951	535 B
2	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 611	675 B
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 467	1 KB
2	amazonaws.com s3-us-west-2.amazonaws.com	2 KB
2	yieldmo.com sync-criteo.ads.yieldmo.com — Cisco Umbrella Rank: 2254	75 B
2	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 4239	800 B
2	twiago.com a.twiago.com — Cisco Umbrella Rank: 27532	306 B
2	tremorhub.com criteo-partners.tremorhub.com — Cisco Umbrella Rank: 2368	709 B
2	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 733	1010 B
2	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 720	290 B
2	mediavine.com exchange.mediavine.com — Cisco Umbrella Rank: 1310	2 KB
2	ivitrack.com matching.ivitrack.com — Cisco Umbrella Rank: 2776	377 B
2	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 437	2 KB
2	omnitagjs.com visitor.omnitagjs.com — Cisco Umbrella Rank: 935	353 B
2	adform.net cm.adform.net — Cisco Umbrella Rank: 1297	325 B
2	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 387	279 B
2	teads.tv criteo-sync.teads.tv — Cisco Umbrella Rank: 1982	344 B
2	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 604	326 B
2	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 533	69 B
2	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 340	478 B
2	media.net contextual.media.net — Cisco Umbrella Rank: 616	1 KB
2	ywxi.net cdn.ywxi.net — Cisco Umbrella Rank: 11542	14 KB
2	payments-amazon.com static-na.payments-amazon.com — Cisco Umbrella Rank: 16433	115 KB
2	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 111	9 KB
2	adentifi.com px.adentifi.com — Cisco Umbrella Rank: 11801	69 B
2	doublethedonation.com doublethedonation.com — Cisco Umbrella Rank: 70869	113 KB
2	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1071	95 KB
2	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1030	12 KB
1	trustedsite.com www.trustedsite.com — Cisco Umbrella Rank: 18930	1003 B
1	kaptcha.com ssl.kaptcha.com — Cisco Umbrella Rank: 9441	366 B
1	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 573	496 B
1	advertising.com 1 redirects pixel.advertising.com — Cisco Umbrella Rank: 1471	307 B
1	cloudfront.net d2ldlvi1yef00y.cloudfront.net	4 KB
1	guidestar.org widgets.guidestar.org — Cisco Umbrella Rank: 36410	4 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 944	5 KB
296	65

	Domain	Requested by
24	give.marchofdimes.org	marchofdimes.org give.marchofdimes.org static.cloudflareinsights.com
17	www.googletagmanager.com	marchofdimes.org www.googletagmanager.com give.marchofdimes.org
17	marchofdimes.org	marchofdimes.org static.cloudflareinsights.com
12	client-analytics.braintreegateway.com	give.marchofdimes.org
12	bat.bing.com	www.googletagmanager.com bat.bing.com 8832015.fls.doubleclick.net
10	gum.criteo.com	8 redirects dynamic.criteo.com
8	www.facebook.com	8832015.fls.doubleclick.net
8	connect.facebook.net	marchofdimes.org connect.facebook.net 8832015.fls.doubleclick.net
8	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
7	www.google.com	give.marchofdimes.org www.gstatic.com www.google.com
6	maps.googleapis.com	marchofdimes.org maps.googleapis.com
6	ad.doubleclick.net	2 redirects marchofdimes.org
6	cdn.cookielaw.org	marchofdimes.org cdn.cookielaw.org
5	c.paypal.com	give.marchofdimes.org c.paypal.com
4	ups.analytics.yahoo.com	1 redirects 8832015.fls.doubleclick.net
4	secure.adnxs.com	2 redirects marchofdimes.org
4	dis.criteo.com
4	x.bidswitch.net	2 redirects marchofdimes.org
4	payments.braintree-api.com	give.marchofdimes.org
4	www.gstatic.com	www.google.com www.gstatic.com
4	www.google.de
4	pixel.quantserve.com	8832015.fls.doubleclick.net
4	googleads.g.doubleclick.net	www.googletagmanager.com
4	rules.quantcount.com	secure.quantserve.com
4	activity.wisepops.com	loader.wisepops.com
4	secure.quantserve.com	www.googletagmanager.com 8832015.fls.doubleclick.net
4	8832015.fls.doubleclick.net	2 redirects www.googletagmanager.com
3	ums.acuityplatform.com	8832015.fls.doubleclick.net
3	ad.360yield.com	1 redirects marchofdimes.org
3	dpm.demdex.net	1 redirects
3	r.casalemedia.com	1 redirects marchofdimes.org
3	ib.adnxs.com	3 redirects
3	payments.amazon.com	static-na.payments-amazon.com
3	region1.google-analytics.com	www.googletagmanager.com
3	js.braintreegateway.com	give.marchofdimes.org
2	s.thebrighttag.com
2	maps.gstatic.com
2	beacon.krxd.net
2	pixel.tapad.com	2 redirects
2	i.liadm.com	2 redirects
2	fonts.gstatic.com	www.google.com
2	s3-us-west-2.amazonaws.com	cdn.ywxi.net
2	apay-us.amazon.com	static-na.payments-amazon.com
2	sync-criteo.ads.yieldmo.com
2	ad.yieldlab.net
2	a.twiago.com	marchofdimes.org
2	criteo-partners.tremorhub.com	marchofdimes.org
2	simage2.pubmatic.com	marchofdimes.org
2	sync.outbrain.com
2	exchange.mediavine.com
2	matching.ivitrack.com	marchofdimes.org
2	id5-sync.com	marchofdimes.org
2	visitor.omnitagjs.com	marchofdimes.org
2	cm.adform.net	marchofdimes.org
2	eb2.3lift.com	marchofdimes.org
2	criteo-sync.teads.tv	marchofdimes.org
2	sync-t1.taboola.com
2	rtb-csync.smartadserver.com	marchofdimes.org
2	match.sharethrough.com
2	pixel.rubiconproject.com
2	contextual.media.net	marchofdimes.org
2	cm.g.doubleclick.net	2 redirects
2	trc-events.taboola.com	cdn.taboola.com
2	cdn.ywxi.net	give.marchofdimes.org
2	static-na.payments-amazon.com	give.marchofdimes.org static-na.payments-amazon.com
2	widget.us.criteo.com	8832015.fls.doubleclick.net
2	sslwidget.criteo.com	2 redirects
2	mug.criteo.com	8832015.fls.doubleclick.net
2	insight.adsrvr.org	js.adsrvr.org
2	googleads4.g.doubleclick.net	ad.doubleclick.net
2	pagead2.googlesyndication.com	ad.doubleclick.net
2	trc.taboola.com	cdn.taboola.com
2	adservice.google.com	8832015.fls.doubleclick.net
2	dynamic.criteo.com	8832015.fls.doubleclick.net
2	px.adentifi.com	8832015.fls.doubleclick.net
2	doublethedonation.com	give.marchofdimes.org
2	loader.wisepops.com	marchofdimes.org
2	www.googleoptimize.com	www.googletagmanager.com
2	cdn.taboola.com	www.googletagmanager.com
2	js.adsrvr.org	www.googletagmanager.com
2	static.cloudflareinsights.com	marchofdimes.org give.marchofdimes.org
1	c6.paypal.com
1	www.trustedsite.com	cdn.ywxi.net
1	dub.stats.paypal.com
1	b.stats.paypal.com	1 redirects
1	ssl.kaptcha.com	give.marchofdimes.org
1	assets.braintreegateway.com	1 redirects
1	tags.bluekai.com	1 redirects
1	i6.liadm.com	8832015.fls.doubleclick.net
1	pixel.advertising.com	1 redirects
1	d2ldlvi1yef00y.cloudfront.net
1	e.acuityplatform.com	origin.acuityplatform.com
1	widgets.guidestar.org
1	stats.g.doubleclick.net	www.google-analytics.com
1	origin.acuityplatform.com	8832015.fls.doubleclick.net
1	maxcdn.bootstrapcdn.com	give.marchofdimes.org
1	popup.wisepops.com	loader.wisepops.com
1	fonts.googleapis.com	marchofdimes.org
296	98

This site contains links to these domains. Also see Links.

Domain
gifts.marchofdimes.org
www.marchofdimes.org
nacersano.marchofdimes.org
bit.ly
www.tiktok.com
youtube.com
cookiepedia.co.uk
onetrust.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-10` - `2023-11-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-06` - `2023-04-06`	3 months	crt.sh
doublethedonation.com Sectigo ECC Domain Validation Secure Server CA	`2022-06-03` - `2023-07-04`	a year	crt.sh
adentifi.com Amazon RSA 2048 M02	`2023-02-22` - `2023-09-03`	6 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
quantserve.com R3	`2023-02-13` - `2023-05-14`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
static-na.payments-amazon.com Amazon RSA 2048 M01	`2023-03-01` - `2023-07-21`	5 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-13` - `2023-06-05`	3 months	crt.sh
payments.amazon.com Amazon	`2022-07-12` - `2023-06-13`	a year	crt.sh
*.acuityplatform.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-30` - `2024-02-01`	a year	crt.sh
payments.braintree-api.com DigiCert SHA2 Extended Validation Server CA	`2022-09-15` - `2023-10-16`	a year	crt.sh
*.ywxi.net Amazon RSA 2048 M01	`2023-02-22` - `2023-08-03`	5 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M02	`2023-02-10` - `2023-08-12`	6 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
teads.tv R3	`2023-02-21` - `2023-05-22`	3 months	crt.sh
*.3lift.com Amazon RSA 2048 M01	`2023-02-10` - `2023-06-11`	4 months	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-05-18` - `2023-06-16`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-21` - `2023-07-21`	a year	crt.sh
*.id5-sync.com R3	`2023-01-25` - `2023-04-25`	3 months	crt.sh
itm.ivitrack.com R3	`2023-02-03` - `2023-05-04`	3 months	crt.sh
exchange.mediavine.com Amazon RSA 2048 M01	`2023-02-11` - `2023-08-04`	6 months	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2022-11-06` - `2023-11-28`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.tremorhub.com Amazon RSA 2048 M01	`2023-02-22` - `2024-03-23`	a year	crt.sh
*.twiago.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-28` - `2023-12-29`	a year	crt.sh
*.yieldlab.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-15`	a year	crt.sh
*.ads.yieldmo.com Amazon RSA 2048 M02	`2023-02-10` - `2023-07-01`	5 months	crt.sh
apay-us.amazon.com Amazon RSA 2048 M01	`2023-03-08` - `2024-03-07`	a year	crt.sh
*.s3-us-west-2.amazonaws.com Amazon	`2022-09-21` - `2023-08-24`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
client-analytics.braintreegateway.com DigiCert SHA2 High Assurance Server CA	`2023-02-24` - `2024-03-26`	a year	crt.sh
ssl.kaptcha.com Sectigo RSA Organization Validation Secure Server CA	`2022-10-18` - `2023-10-18`	a year	crt.sh
*.trustedsite.com Amazon RSA 2048 M01	`2023-02-09` - `2024-02-09`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-05` - `2023-05-04`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
casalemedia.com Go Daddy Secure Certificate Authority - G2	`2022-12-13` - `2024-01-13`	a year	crt.sh
*.360yield.com Amazon RSA 2048 M02	`2023-02-10` - `2023-07-27`	6 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh

This page contains 14 frames:

Primary Page: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Frame ID: DB55B3B8055CBC4F1C42B103849D153F
Requests: 87 HTTP requests in this frame

Frame: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Frame ID: 0BAA190C3774159C2143CF2C7FB58D66
Requests: 103 HTTP requests in this frame

Frame: https://8832015.fls.doubleclick.net/activityi;dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Frame ID: D4BADE78F62FEEC6C74E75A0E1C67833
Requests: 15 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=2n62y3m&ref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&upid=b8lvzxo&upv=1.1.0
Frame ID: D3A1E638A7DAFA799153600738BF5EB5
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=marchofdimes.org&origin=onetag
Frame ID: 20078A6CFC36036D891F95383FD916B1
Requests: 2 HTTP requests in this frame

Frame: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Frame ID: 8EB1266E37D4BDF9F734A8C56096A7AC
Requests: 22 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=2n62y3m&ref=https%3A%2F%2Fmarchofdimes.org%2F&upid=b8lvzxo&upv=1.1.0
Frame ID: E1EAA5E1611517D739157169BC514AFA
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf_Xq4UAAAAAHd1hKHMAy-iydWdiqmt5E-IKeak&co=aHR0cHM6Ly9naXZlLm1hcmNob2ZkaW1lcy5vcmc6NDQz&hl=de&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&cb=lf5n8t2yg8vh
Frame ID: B097DCD6650EF1A8EE0B9F33EB22739C
Requests: 7 HTTP requests in this frame

Frame: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-fX_grrHtrRYuXguIBhMNMkxE44PbKKpoWajHnA&expires=30
Frame ID: 11A5D41E2BAF0B98DED3CC7212E48FCF
Requests: 28 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=marchofdimes.org&origin=onetag
Frame ID: 459B6E329811D980681EFC34C996929F
Requests: 2 HTTP requests in this frame

Frame: https://ssl.kaptcha.com/logo.htm?m=null&s=e22c12fb77ce002c0efa0ce8c56c0442
Frame ID: 175BD7A08E5856095E2F99BA8881BFD7
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: F755FC3A7653E7FF5B0286FDC322F9CD
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=d1971207fa5aa1a08f03d202c2fe620a&t=1680189376.253&a=14
Frame ID: BD0D3DC916E159EDBE8F0C3D46502846
Requests: 1 HTTP requests in this frame

Frame: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-fX_grrHtrRYuXguIBhMNMkxE44PbKKpoWajHnA&expires=30
Frame ID: F1F5D3F48BA6B62A402B3C0FDE339859
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Donate Now | March of DimesBack ButtonSearch IconFilter IconArrow

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Braintree (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.braintreegateway\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

296
Requests

91 %
HTTPS

35 %
IPv6

65
Domains

98
Subdomains

82
IPs

10
Countries

4198 kB
Transfer

12292 kB
Size

79
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://gifts.marchofdimes.org/
Title: Gift Guide

Search URL Search Domain Scan URL

URL: https://www.marchofdimes.org/accomplishments-2022
Title: Accomplishments

Search URL Search Domain Scan URL

URL: https://www.marchofdimes.org/donate-now
Title: Donate

Search URL Search Domain Scan URL

URL: https://nacersano.marchofdimes.org/
Title: Nacersano

Search URL Search Domain Scan URL

URL: https://www.marchofdimes.org/peristats/
Title: PeriStats™

Search URL Search Domain Scan URL

URL: http://bit.ly/FBMarchofDimes
Title: March of Dimes Facebook

Search URL Search Domain Scan URL

URL: http://bit.ly/MODInsta
Title: March of Dimes Instagram

Search URL Search Domain Scan URL

URL: http://bit.ly/MarchofDimesLI
Title: March of Dimes LinkedIn

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@marchofdimes
Title: March of Dimes TikTok

Search URL Search Domain Scan URL

URL: http://bit.ly/MODTwitter
Title: March of Dimes Twitter

Search URL Search Domain Scan URL

URL: http://youtube.com/marchofdimes
Title: March of Dimes YouTube Channel

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://8832015.fls.doubleclick.net/activityi;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002 HTTP 302
https://8832015.fls.doubleclick.net/activityi;dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002

Request Chain 61

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=COWVkpb5g_4CFQuR_QcddpQByg;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 106

https://gum.criteo.com/sid/json?origin=onetag&domain=8832015.fls.doubleclick.net&sn=ChromeSyncframe&so=0&topUrl=marchofdimes.org&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=qFibWXxCM0tublBXMGcwQnVSU29VMUhnd1FZdmh4bldkSWM1dC9mblI1Q0huOWE3amJ6a1lvUWZKVldqVXJWVW9QOTNUM1FhV2FTcEhSNyt5K01SZWNYU1lvQzBGUktKc0RxVGlPT3dhcmMzc2RXSHprTnE5bHB3dnJIWkxtMGRJR1dhZ1VlQ3J2SkdOdlliR1NMOTgyemFhUU14M0Y5SHpXbDVXTEpXVWk1cW5LNkJBYXdWUUt0enJmY0p0TzRqbWF6N2thUGkyZ0t4d3BLaDdvUzhYVFU1cjZ3azZTQ0JMUExUWVNjOWQzVElLMjJFRGMxdjgrQnFFY0dvbnRXSUp1Unh3bDZ2NWlGOFBZRDk5VVphR2gwc2dVeXBreDJqajdCMGMvU3h3dFJxdWNIcUp1MzNRYnNwTzZWRVBHVTJqNjRLU3w&cppv=2

Request Chain 116

https://sslwidget.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fmarchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252526q%25253D1%255D&p3=e%3Ddis&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFmS09Zd2ljUjZONGwxbWJTUDVoM3gwQ1pUa3lrMVlzYWxKSzBRWTZLMHh1SEg1Y0ZnWE5uOWNuVWxGa1hDaHFiWUw0ME9tOFBkaCUyQlZ2S1JBdFdHVEslMkZhR09ZazkyWk4lMkZwRHh2eXNRTGk1VkdqTjU1MlZkUXU2MVhMVFR6M0wlMkJ3b0p5MWRkS0Q4YzF6ekNGVGxVYyUzRA&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fmarchofdimes.org&pu=https%253A%252F%252Fmarchofdimes.org&dtycbr=49888 HTTP 302
https://widget.us.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fmarchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252526q%25253D1%255D&p3=e%3Ddis&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFmS09Zd2ljUjZONGwxbWJTUDVoM3gwQ1pUa3lrMVlzYWxKSzBRWTZLMHh1SEg1Y0ZnWE5uOWNuVWxGa1hDaHFiWUw0ME9tOFBkaCUyQlZ2S1JBdFdHVEslMkZhR09ZazkyWk4lMkZwRHh2eXNRTGk1VkdqTjU1MlZkUXU2MVhMVFR6M0wlMkJ3b0p5MWRkS0Q4YzF6ekNGVGxVYyUzRA&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fmarchofdimes.org&pu=https%253A%252F%252Fmarchofdimes.org&dtycbr=49888

Request Chain 130

https://8832015.fls.doubleclick.net/activityi;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002 HTTP 302
https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002

Request Chain 135

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CNvE8Zb5g_4CFQuR_QcddpQByg;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 192

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-fX_grrHtrRYuXguIBhMNMkxE44PbKKpoWajHnA&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-fX_grrHtrRYuXguIBhMNMkxE44PbKKpoWajHnA&expires=30

Request Chain 193

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_cm&google_hm=ay1GbzRvWkxIdHJSWXVYZ3VJQmhNTk1reEU0NE5DaklMWkp3OU9kUQ HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_gid=CAESEGm1CeVgs0KpvZGC0xrXvjc&google_cver=1&google_ula=913071,0

Request Chain 194

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=8797879658784963421

Request Chain 195

https://secure.adnxs.com/setuid?entity=52&code=k-InofSbHtrRYuXguIBhMNMkxE44PTZBJf7F0fiA HTTP 307
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-InofSbHtrRYuXguIBhMNMkxE44PTZBJf7F0fiA

Request Chain 203

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-ALzEQbHtrRYuXguIBhMNMkxE44NDAB0lAQO1ag HTTP 302
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-ALzEQbHtrRYuXguIBhMNMkxE44NDAB0lAQO1ag&verify=true

Request Chain 206

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-nw1MIbHtrRYuXguIBhMNMkxE44NJ5Cqmad6SRw HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-nw1MIbHtrRYuXguIBhMNMkxE44NJ5Cqmad6SRw&C=1

Request Chain 207

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=rYc7DiApsnVq4v0w87MILutSs6aeWEoM HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=rYc7DiApsnVq4v0w87MILutSs6aeWEoM

Request Chain 209

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-DJjlNLHtrRYuXguIBhMNMkxE44NTONaOCH92Lg HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-DJjlNLHtrRYuXguIBhMNMkxE44NTONaOCH92Lg

Request Chain 218

https://sslwidget.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFmS09Zd2ljUjZONGwxbWJTUDVoM3gwQ1pUa3lrMVlzYWxKSzBRWTZLMHh1SEg1Y0ZnWE5uOWNuVWxGa1hDaHFiWUw0ME9tOFBkaCUyQlZ2S1JBdFdHVEslMkZhR09ZazkyWk4lMkZwRHh2eXNRTGk1VkdqTjU1MlZkUXU2MVhMVFR6M0wlMkJ3b0p5MWRkS0Q4YzF6ekNGVGxVYyUzRA&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fmarchofdimes.org&pu=https%253A%252F%252Fmarchofdimes.org&dtycbr=29702 HTTP 302
https://widget.us.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFmS09Zd2ljUjZONGwxbWJTUDVoM3gwQ1pUa3lrMVlzYWxKSzBRWTZLMHh1SEg1Y0ZnWE5uOWNuVWxGa1hDaHFiWUw0ME9tOFBkaCUyQlZ2S1JBdFdHVEslMkZhR09ZazkyWk4lMkZwRHh2eXNRTGk1VkdqTjU1MlZkUXU2MVhMVFR6M0wlMkJ3b0p5MWRkS0Q4YzF6ekNGVGxVYyUzRA&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fmarchofdimes.org&pu=https%253A%252F%252Fmarchofdimes.org&dtycbr=29702

Request Chain 234

https://gum.criteo.com/sid/json?origin=onetag&domain=8832015.fls.doubleclick.net&sn=ChromeSyncframe&so=2&topUrl=marchofdimes.org&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFmS09Zd2ljUjZONGwxbWJTUDVoM3gwQ1pUa3lrMVlzYWxKSzBRWTZLMHh1SEg1Y0ZnWE5uOWNuVWxGa1hDaHFiWUw0ME9tOFBkaCUyQlZ2S1JBdFdHVEslMkZhR09ZazkyWk4lMkZwRHh2eXNRTGk1VkdqTjU1MlZkUXU2MVhMVFR6M0wlMkJ3b0p5MWRkS0Q4YzF6ekNGVGxVYyUzRA&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=1nRBxXx1T0VKcG5HRm9pc1lOSWthNVBlVlpFSmFPS1pCV1NtTlF0L3VNTkNNNU9BNEFPMVpkN1BvMG1ZQXJpYVpLU3FPSDFBTVgxQkg3WjZuNW5YNXZTVkk5UXUzSzBRTzRyVHA4NG1zay9CMlcvU01kTDZ3WDZteVI2cGxkVklOYkl2Q0NWem5naHFCR2xqcjYzakF3bG9jRnpuVWwzK3BPNmVQMEFCTFNzRWFPRzlqWjNvaFV4TmtYQ2ltcGxPVytrcVEyOFA3TFdtamVnZ3pDZ2c4dmloWk1VWE15RS9xSG0xa0dyYlZxcWw5WmRPYitNMkVEUzR5ZXVlejVzcXpFeHprRks0dXB3ckRiQy9yc0xKZktsOEFRZFJ1MVV2RU5ESU9CeVQ5citaMERJWEFuTVJaVXl3SXJVa2ZFUjRWa3oyUXw&cppv=2

Request Chain 247

https://pixel.advertising.com/ups/55950/sync?uid=761406324687&_origin=1 HTTP 301
https://ups.analytics.yahoo.com/ups/55950/sync?uid=761406324687&_origin=1

Request Chain 248

https://secure.adnxs.com/getuid?https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D10%26auid%3D761406324687%26uid%3D%24UID HTTP 302
https://ums.acuityplatform.com/sum?umid=10&auid=761406324687&uid=9049886179572028954

Request Chain 249

https://x.bidswitch.net/sync?dsp_id=236&user_id=761406324687&expires=30&user_group=1 HTTP 302
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=3c96feba-7ccd-44d7-aa3c-b9c2c09923a6 HTTP 303
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=3c96feba-7ccd-44d7-aa3c-b9c2c09923a6&_li_chk=true&previous_uuid=f9aab96527324fd0bd63a6d3c827761e HTTP 303
https://i6.liadm.com/s/52164?licd=&bidder_id=5298&bidder_uuid=3c96feba-7ccd-44d7-aa3c-b9c2c09923a6

Request Chain 250

https://tags.bluekai.com/site/37592?id=123456&limit=0&redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D49%26auid%3D761406324687%26uid%3D%24_BK_UUID HTTP 302
https://ums.acuityplatform.com/sum?umid=49&auid=761406324687&uid=$_BK_UUID

Request Chain 251

https://pixel.tapad.com/idsync/ex/receive?partner_id=3150&partner_device_id=761406324687&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D761406324687%26uid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3150&partner_device_id=761406324687&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D761406324687%26uid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://ums.acuityplatform.com/sum?umid=64&auid=761406324687&uid=f890bcde-af83-42d6-80db-292d2c050c52

Request Chain 252

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=4xhkktPH_4NN2D0vC-L4a14kQYT6Oerv

Request Chain 266

https://assets.braintreegateway.com/data/logo.htm?m=null&s=e22c12fb77ce002c0efa0ce8c56c0442 HTTP 302
https://ssl.kaptcha.com/logo.htm?m=null&s=e22c12fb77ce002c0efa0ce8c56c0442

Request Chain 270

https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=d1971207fa5aa1a08f03d202c2fe620a&t=1680189376.253&a=14 HTTP 302
https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=d1971207fa5aa1a08f03d202c2fe620a&t=1680189376.253&a=14

Request Chain 273

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=jXhRS-lFcrZ78Te0nsZQcYHEfqn6-Lf3

Request Chain 282

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_cm&google_hm=ay1GbzRvWkxIdHJSWXVYZ3VJQmhNTk1reEU0NE5DaklMWkp3OU9kUQ HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_gid=CAESEGm1CeVgs0KpvZGC0xrXvjc&google_cver=1&google_ula=913071,0

Request Chain 283

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=9049886179572028954

Request Chain 292

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=jqXApcO4iKF_vIbW4onIWO1WRh7kdaIJ

Request Chain 308

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=bbI7EKN4guKYwscjrLnCgKRuvzgZlPch

Request Chain 309

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=aXQ7rJSexRB8hpkBQLRFET6JTuUt9uBc

296 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request donate-now Show response
marchofdimes.org/ 34 KB
6 KB 624ms
441ms Document
text/html 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.1.17

Resource Hash

22c9461d0475c88d6fc5621d52d396cfa99e2f270a7621726280d47c57dd6e40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: must-revalidate, no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 7b014ff88f7f2bc6-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=UTF-8
date: Thu, 30 Mar 2023 15:16:12 GMT
expires: Sun, 19 Nov 1978 05:00:00 GMT
permissions-policy: interest-cohort=()
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-drupal-cache: HIT
x-drupal-dynamic-cache: UNCACHEABLE
x-frame-options: SAMEORIGIN
x-generator: Drupal 9 (https://www.drupal.org)
x-powered-by: PHP/8.1.17
x-ua-compatible: IE=edge

GET
H2 200 css_wPRirnkCCeLBInmdzlhDhSaTgXxnt0aIRmg5cfX58KM.css
marchofdimes.org/sites/default/files/css/ 8 KB
2 KB 150ms
149ms Stylesheet
text/css 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/sites/default/files/css/css_wPRirnkCCeLBInmdzlhDhSaTgXxnt0aIRmg5cfX58KM.css
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb4009a87c060e8cd986760bc62821454c55ff6539a78887df48a43cd0b5d0bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 07 Mar 2023 21:06:49 GMT
server: cloudflare
cf-polished: origSize=8217
etag: W/"2019-5f655ca3d6ac8-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7b014ffb4be02bc6-FRA

GET
H2 200 css2
fonts.googleapis.com/ 19 KB
1 KB 138ms
49ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,300;0,400;0,600;0,700;1,300;1,400;1,600;1,700&display=swap

Requested by

Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e4eaadc2def43bb3f805070c6b7bf4361c6501b710c71188469666c12a8ae37c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 14:53:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Mar 2023 15:16:12 GMT

GET
H2 200 css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
marchofdimes.org/sites/default/files/css/ 169 KB
30 KB 154ms
154ms Stylesheet
text/css 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c19c0adeab0b61fb69a6cf3e0357c8eb0f230d489ed2f4ed0cd97e1fde0b256

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 07 Mar 2023 21:06:49 GMT
server: cloudflare
cf-polished: origSize=174244
etag: W/"2a8a4-5f655ca41c028-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 7b014ffb4be12bc6-FRA

GET
H2 200 rocket-loader.min.js Show response
marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 44ms
43ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 21 Mar 2023 12:31:17 GMT
server: cloudflare
etag: W/"6419a395-302c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7b014ffb6c062bc6-FRA
expires: Sat, 01 Apr 2023 15:16:12 GMT

GET
H2 200 vb26e4fa9e5134444860be286fd8771851679335129114 Show response
static.cloudflareinsights.com/beacon.min.js/ 16 KB
6 KB 169ms
85ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4ef73601a6552d55503bcbd9b6cd23fc0c33fa075f8efe724cddd4e3ee55542

Request headers

Referer: https://marchofdimes.org/
Origin: https://marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: gzip
last-modified: Mon, 20 Mar 2023 17:58:49 GMT
server: cloudflare
etag: W/2023.3.0
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7b014ffbebbe03dc-FRA

GET
H2 200 sprite.artifact.svg
marchofdimes.org/themes/gesso/dist/images/ 6 KB
2 KB 155ms
154ms Other
image/svg+xml 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/themes/gesso/dist/images/sprite.artifact.svg
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a03c785037ad1b5e421dd7d4335f1f697c0ab24f71aa14e49e632679b4112299

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 01:09:55 GMT
server: cloudflare
etag: W/"19d4-5f6e600823ec0"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 7b014ffb6c092bc6-FRA

GET
H2 200 js_8jjjAo68G36IWlbzmOefSpvEwYrk2lgaL2Zh51_bD_0.js Show response
marchofdimes.org/sites/default/files/js/ 12 KB
3 KB 151ms
150ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/sites/default/files/js/js_8jjjAo68G36IWlbzmOefSpvEwYrk2lgaL2Zh51_bD_0.js
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eee0761bf0536e5f4bc229317ca5f9969a78fbfee526ede845fb663a7ea9a16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 07 Mar 2023 21:06:50 GMT
server: cloudflare
cf-polished: origSize=12366
etag: W/"304e-5f655ca55bd58-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7b014ffc5d7d2bc6-FRA

GET
H2 200 reminder.js Show response
give.marchofdimes.org/ 4 KB
1 KB 210ms
171ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/reminder.js
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f6cfb0d3d7be77e19468d1f315e892963adf4975af43084e66d25d5b6a7edce1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 19 Dec 2022 20:55:47 GMT
server: cloudflare
cf-polished: origSize=6167
etag: W/"821a745ec13d91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b014ffc9df22bc6-FRA

GET
H2 200 js_CAFeMkWwa5iyzj8ZJCyC7sGBiOlHQwlLUJSBaFwxvU4.js Show response
marchofdimes.org/sites/default/files/js/ 160 KB
62 KB 154ms
153ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/sites/default/files/js/js_CAFeMkWwa5iyzj8ZJCyC7sGBiOlHQwlLUJSBaFwxvU4.js
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8baad8c872e6151f0eebedff088050aa8570d12e30c5ba3e28c4b2cf0a104ebd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 07 Mar 2023 21:06:50 GMT
server: cloudflare
cf-polished: origSize=165626
etag: W/"286fa-5f655ca4d35c0-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7b014ffc6d802bc6-FRA

GET
H2 200 form.js Show response
give.marchofdimes.org/ 4 KB
2 KB 209ms
171ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/form.js
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 50afc1962e4dc0407de9a4a19fe336d29ef2743f2cc8993dd423e24fd5b8b0b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 10 Feb 2023 17:16:27 GMT
server: cloudflare
cf-polished: origSize=6430
etag: W/"6369f768733dd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b014ffc9df12bc6-FRA

GET
H2 200 google_tag.script.js Show response
marchofdimes.org/sites/default/files/google_tag/march_of_dimes/ 348 B
323 B 170ms
170ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/sites/default/files/google_tag/march_of_dimes/google_tag.script.js?rsbvpq
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2717d806962fe1e4c9810ca869fb82c8bbd86638ca6787d01ff8c947c20df3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 30 Mar 2023 12:58:41 GMT
server: cloudflare
etag: W/"15c-5f81da6ea8280-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7b014ffc6d842bc6-FRA

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 26 KB
9 KB 138ms
52ms Script
application/javascript 2606:4700::6813:bb61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: marchofdimes.org
URL: https://marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bb61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e85a649094d881201f7a886c94cd19e72196c761da5017c9269b03b35ca9c5c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XP5ufGIMVAznk1F+pqtwzg==
age: 40049
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8618
x-ms-lease-status: unlocked
last-modified: Wed, 29 Mar 2023 06:31:51 GMT
server: cloudflare
etag: 0x8DB301F482ACD4D
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: cd84d4f9-a01e-0176-4c84-621a0f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7b014ffceda692ba-FRA

GET
H2 200 MoD_March_Campaign_Donation_Bk_v1.png
marchofdimes.org/sites/default/files/2023-03/ 178 KB
178 KB 218ms
217ms Image
image/webp 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marchofdimes.org/sites/default/files/2023-03/MoD_March_Campaign_Donation_Bk_v1.png
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1164ecb2f777a534c77f590ae87b156345764a2b65fda77c127d5fb3694d5ad2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
cf-cache-status: REVALIDATED
cf-bgj: imgq:100,h2pri
last-modified: Thu, 23 Mar 2023 20:36:12 GMT
server: cloudflare
cf-polished: origFmt=png, origSize=305269
etag: "4a875-5f7973a37f770"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
content-disposition: inline; filename="MoD_March_Campaign_Donation_Bk_v1.webp"
accept-ranges: bytes
cf-ray: 7b014ffc6d8a2bc6-FRA
content-length: 181988

GET
H2 200 fcdafeaf549fc682810d.svg
marchofdimes.org/themes/gesso/dist/images/ 8 KB
3 KB 165ms
165ms Image
image/svg+xml 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marchofdimes.org/themes/gesso/dist/images/fcdafeaf549fc682810d.svg
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c73ae3eda72c7eef8b13c75031180df1d81626dec2a68a846094d697fec3546

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 01:07:09 GMT
server: cloudflare
etag: W/"1fb9-5f6e5f69d4940"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 7b014ffc6d8c2bc6-FRA

GET
DATA 200
OK truncated
/ 200 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5fbdec47eb761902c4f7d14ccd5a3b97bbaca6a18d485482157fff7f97684d3d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 224 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35f91a61fb778a5507d8527904d3bb532d0c8655e7a6c77af344df8015adc2c1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 743 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5cc76e7f5b027b2566d97e2701af7b605a376c4a0487302d2634bbceb67eb349

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 538 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4471ccb98d7627f19e1fd997e5562b4be936baf86b6597eb63330c6843fc59c1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 019696b175f8558a9f629b596b30b4715bf1219fbee3e3588dbacfb1582df84c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 328 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e944de09b6e048d89b1dff57baf718b2ac1dc0d273e55560decb4c82cc828c8f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 325 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52142e0671ba7294da28434e2a92636b8848c1fe284fe09543c4e8f7e4716d11

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 116448ff3191f74560d6d91c76cebc18ec741564aa62d5c6f8bdf8f611e8a2b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 218b91569ad8f0a5cf1aba89f3957966ecffb7b5852ca25b709bd8f887a00c90

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 521 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7176a2935514018f4c12a99dccc108407f9f4bdd7c1be1a097cbec7a90fb7542

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 518 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4aa2fdddfcb25552a1713673a954bc864de1a7b22dc0ebe664fe8ddb6bcb21ee

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 392 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 420a436e0e9e1c48a2f9ce50b59fdb2b805d0274cc20fa569fd1726c4dbf90e9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 389 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b73c2239b5b0ae6e051cb135734dc2101aeaf9032dd6b2c29ce9679330fc0bd0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 583 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b81f50d6d819dd6d6aaf0cb6402329f0479c734ad2f0918eb9f8366b66f78c83

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 580 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2a79623b8606d1583bada494ecdaac61b10440ba7a0da23185892f9d86f172dc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 535 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24049fb41335d87d82a9faea10cf9aa2a0ef868037667b029d2953a940cdf67b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 532 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b410913850321efd333e39ddf1a5d49a433b29721126ec6d785f8f039e98bc32

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 329746577f94a4f1785e.otf
marchofdimes.org/themes/gesso/dist/fonts/ 123 KB
49 KB 180ms
179ms Font
font/otf 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/themes/gesso/dist/fonts/329746577f94a4f1785e.otf
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e758310065d56c81731fadefacd48f77fe962456070bcd42b4fab78e044a69d

Request headers

Referer: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Origin: https://marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 01:09:55 GMT
server: cloudflare
etag: W/"1eb4c-5f6e600823ec0"
vary: Accept-Encoding
content-type: font/otf
cache-control: max-age=14400
cf-ray: 7b014ffc8dbe2bc6-FRA

GET
H2 200 7ef1e78abcb43e957eec.otf
marchofdimes.org/themes/gesso/dist/fonts/ 130 KB
54 KB 184ms
183ms Font
font/otf 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/themes/gesso/dist/fonts/7ef1e78abcb43e957eec.otf
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d663da5e7f6fe773fda5fe642d04a71cd988f1132b343edb5be914d44a1f534

Request headers

Referer: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Origin: https://marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 01:09:55 GMT
server: cloudflare
etag: W/"206b0-5f6e600823ec0"
vary: Accept-Encoding
content-type: font/otf
cache-control: max-age=14400
cf-ray: 7b014ffc8dc22bc6-FRA

GET
H2 200 09a9e3080c1a5236f325.otf
marchofdimes.org/themes/gesso/dist/fonts/ 131 KB
56 KB 172ms
170ms Font
font/otf 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/themes/gesso/dist/fonts/09a9e3080c1a5236f325.otf
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1802297dea21b3e6a860ccb64dac092312598f1743b8b6b9dd6c30adb4bfe45

Request headers

Referer: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Origin: https://marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 01:09:55 GMT
server: cloudflare
etag: W/"20b6c-5f6e600823ec0"
vary: Accept-Encoding
content-type: font/otf
cache-control: max-age=14400
cf-ray: 7b014ffc8dc32bc6-FRA

GET
H2 200 f58d53eb72d7239d4ca8.otf
marchofdimes.org/themes/gesso/dist/fonts/ 129 KB
54 KB 184ms
183ms Font
font/otf 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/themes/gesso/dist/fonts/f58d53eb72d7239d4ca8.otf
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebd6d32400095fb406e63e748a6a8451eb6cdefc0f57d5f3217de10fdc57b416

Request headers

Referer: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Origin: https://marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 01:09:55 GMT
server: cloudflare
etag: W/"20448-5f6e600823ec0"
vary: Accept-Encoding
content-type: font/otf
cache-control: max-age=14400
cf-ray: 7b014ffc8dc62bc6-FRA

GET
H2 200 e78d3d4f87bc060c0a1a.otf
marchofdimes.org/themes/gesso/dist/fonts/ 131 KB
55 KB 184ms
183ms Font
font/otf 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/themes/gesso/dist/fonts/e78d3d4f87bc060c0a1a.otf
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75c911d121bdba9548b91e8a057bfae7edbebe988a7423821fc7d4c090c64b92

Request headers

Referer: https://marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Origin: https://marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 01:09:55 GMT
server: cloudflare
etag: W/"20a90-5f6e600823ec0"
vary: Accept-Encoding
content-type: font/otf
cache-control: max-age=14400
cf-ray: 7b014ffc8dc82bc6-FRA

GET
H2 200 ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c.json Show response
cdn.cookielaw.org/consent/ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c/ 3 KB
2 KB 141ms
60ms XHR
application/x-javascript 2606:4700::6813:bb61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c/ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bb61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f312af48d9dcc5d90470fab6410aabb3b5dcb4c8aaf6e5bc4cdef61f614b9dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cfxJGfZoqchvCQVD1/fksw==
age: 654
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1802
x-ms-lease-status: unlocked
last-modified: Wed, 04 Mar 2020 14:33:04 GMT
server: cloudflare
etag: 0x8D7C048F3180C98
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 51e11ad3-101e-000d-46e2-5a37ea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7b014ffedadb9950-FRA
expires: Fri, 31 Mar 2023 15:16:13 GMT

GET
H2 200 / Show response
give.marchofdimes.org/ Frame 0BAA 4 KB
2 KB 436ms
433ms Document
text/html 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/form.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9fa26061bf69aa2713dc46fd1919c2677d8e74c5bf859e3acfaf7cea66367f40

Request headers

Referer: https://marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 7b014ffe59242bc6-FRA
content-encoding: br
content-type: text/html
date: Thu, 30 Mar 2023 15:16:13 GMT
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
permissions-policy: interest-cohort=()
server: cloudflare
x-powered-by: ASP.NET

GET
H2 200 client.min.js Show response
js.braintreegateway.com/web/3.90.0/js/ 42 KB
13 KB 162ms
42ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.90.0/js/client.min.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/form.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a6d5535eebc025b0ec950d3c1afbf12f0de0f37cdfd7b871caa667b5f62f0f6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: 8d50d30377915
dc: ccg11-origin-www-1.paypal.com
content-length: 12961
x-served-by: cache-sjc10063-SJC, cache-hhn-etou8220033-HHN
last-modified: Tue, 21 Feb 2023 15:53:04 GMT
traceparent: 00-00000000000000000008d50d30377915-f35e8558b4e3e831-01
x-timer: S1680189373.295076,VS0,VE0
etag: W/"63f4e8e0-a921"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 5527, 5

GET
H2 200 apple-pay.min.js Show response
js.braintreegateway.com/web/3.90.0/js/ 22 KB
7 KB 165ms
46ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.90.0/js/apple-pay.min.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/form.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0cc1033bf8560f3163075c711d0ae90b5d01918c85bbd5a7f79badfd82a4cda7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: 6bc4f22b6a10d
dc: ccg11-origin-www-1.paypal.com
content-length: 6575
x-served-by: cache-sjc10039-SJC, cache-hhn-etou8220033-HHN
last-modified: Tue, 21 Feb 2023 15:53:04 GMT
traceparent: 00-00000000000000000006bc4f22b6a10d-5641f1bdb922b084-01
x-timer: S1680189373.295324,VS0,VE1
etag: W/"63f4e8e0-5616"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 1924, 1

GET
H2 200 venmo.min.js Show response
js.braintreegateway.com/web/3.90.0/js/ 81 KB
22 KB 167ms
47ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.90.0/js/venmo.min.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/form.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.130.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

71a43dc553fa4925b60196b2fda0cada19776eebb337e8575ca375ca982b3aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
paypal-debug-id: 2ac8e0a351cf9
dc: ccg11-origin-www-1.paypal.com
content-length: 21925
x-served-by: cache-sjc10060-SJC, cache-hhn-etou8220033-HHN
last-modified: Tue, 21 Feb 2023 15:53:04 GMT
traceparent: 00-00000000000000000002ac8e0a351cf9-da282a7635b165ec-01
x-timer: S1680189373.295464,VS0,VE2
etag: W/"63f4e8e0-1452c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 525, 1

GET
H2 200 applepay.js Show response
give.marchofdimes.org/js/ 4 KB
2 KB 153ms
150ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/applepay.js?rnd=230210
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/form.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b5bc7ed953506310e11e30be374ff8c3f4f4e57d4cf5a9265ee213156d70439f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
server: cloudflare
cf-polished: origSize=7984
etag: W/"ff691663f43bd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b014ffe59262bc6-FRA

GET
H2 200 venmo.js Show response
give.marchofdimes.org/js/ 2 KB
1 KB 149ms
146ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/venmo.js?rnd=230210
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/form.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ffb2b6296499399e97425a808cac659e62b109ec67c335c90438feecdd24ca24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 10 Feb 2023 17:31:54 GMT
server: cloudflare
cf-polished: origSize=5195
etag: W/"77209991753dd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b014ffe59282bc6-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 274 KB
90 KB 154ms
65ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Requested by

Host: marchofdimes.org
URL: https://marchofdimes.org/sites/default/files/google_tag/march_of_dimes/google_tag.script.js?rsbvpq

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

95a80c620c52ee45cabc3012b7c565993bbe9c448f7a903c687ed19ca2ea182d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91507
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Mar 2023 15:16:13 GMT

GET
H2 200 sprite.artifact.svg
marchofdimes.org/themes/gesso/dist/images/ 6 KB
2 KB 48ms
48ms Other
image/svg+xml 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marchofdimes.org/themes/gesso/dist/images/sprite.artifact.svg
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/sites/default/files/js/js_CAFeMkWwa5iyzj8ZJCyC7sGBiOlHQwlLUJSBaFwxvU4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a03c785037ad1b5e421dd7d4335f1f697c0ab24f71aa14e49e632679b4112299

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 15 Mar 2023 01:09:55 GMT
server: cloudflare
age: 1
etag: W/"19d4-5f6e600823ec0"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 7b014ffe79422bc6-FRA

GET
H2 200 reminder.css
give.marchofdimes.org/css/ 2 KB
676 B 150ms
150ms Stylesheet
text/css 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/css/reminder.css?5435
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/reminder.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a2925ebc9df04ccd6394511af90bc09bf370d19e6797a2434459574d89a6797e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
server: cloudflare
cf-polished: origSize=3711
etag: W/"aeeb1063f43bd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: text/css
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b014ffe79482bc6-FRA

POST
H2 204 rum Show response
marchofdimes.org/cdn-cgi/ 0
182 B 51ms
49ms XHR
text/plain 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://marchofdimes.org/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type: application/json

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://marchofdimes.org
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7b014ffe89742bc6-FRA

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/5.13.0/ 389 KB
94 KB 53ms
53ms Script
application/javascript 2606:4700::6813:bb61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/5.13.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bb61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

759cbd9881e14214af52dfb585ccf70ea59037598b67cc9cf6df7d3fea7abfd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: av5EYi/+VJcKyIBzruXtUw==
age: 36163
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 95775
x-ms-lease-status: unlocked
last-modified: Tue, 25 Feb 2020 19:24:49 GMT
server: cloudflare
etag: 0x8D7BA2861DF0E68
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 92428193-e01e-0013-1de1-5aed07000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7b014fff389692ba-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c/03dae8d3-1490-4973-98ef-e49e49eac3e6/ 59 KB
11 KB 49ms
49ms Fetch
application/x-javascript 2606:4700::6813:bb61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c/03dae8d3-1490-4973-98ef-e49e49eac3e6/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/5.13.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bb61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21f7167ab74ead6a6e3489d9b9fba5d85d81ccab4acc32c6903f46be4e0595df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Mm7MKhwPDTwiFeSK2bbVLw==
age: 654
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11098
x-ms-lease-status: unlocked
last-modified: Wed, 04 Mar 2020 14:33:05 GMT
server: cloudflare
etag: 0x8D7C048F393E3C4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 090e1ff1-501e-0163-0be3-5ad896000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7b014ffffcd29950-FRA
expires: Fri, 31 Mar 2023 15:16:13 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 141ms
40ms Script
application/x-javascript 108.138.15.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-15-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 02:11:41 GMT
Content-Encoding: gzip
Via: 1.1 3199fed6c4260c9448326645d333530a.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-P7
Age: 47073
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: G9B1Ss1ZUKvKZRgsyveY1SYNMQtP1rXDQP9BgUtxUMBFvkTs2yAQgQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 113 KB
44 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8832015

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0dc204ce8fb59a2c1864c0273ac638bdc6be6be4ef7c8d40a82ef9df00625e80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44970
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Mar 2023 15:16:13 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 138ms
40ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 30 Mar 2023 14:05:11 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 4262
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 30 Mar 2023 16:05:11 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1335104/ 58 KB
18 KB 241ms
145ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dcc003d373fc9e1c1963e7bfe4bf3eaee9ae2cac7404e5ce3bd5b2f3bbbd14c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: z4sucPrcq9csdsiSOKYMvy1TKIPrzRAd
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 15:16:13 GMT
x-amz-request-id: Z4T9WA0NCJ1R5NY7
age: 0
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 18200
x-amz-id-2: HcvpCVXCaz1mSqubEyk8CpbejDSElhMWuzrk1cgcBdJwwHdoZ/FYhQxGTJvgkqT9MWVmW+NvWdM=
x-served-by: cache-hhn-etou8220052-HHN
last-modified: Sun, 26 Mar 2023 11:13:33 GMT
server: AmazonS3
x-timer: S1680189374.558291,VS0,VE101
etag: "2e77fe33ef8a7f12c326246a2efade16"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 28
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 169ms
65ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 30 Mar 2023 15:16:13 GMT
last-modified: Thu, 16 Feb 2023 18:31:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F37D61C688154B8699002D3917F53F7C Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:13Z
etag: "8072cff03442d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11894

GET
H2

200

activityi;dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3D... Show response
8832015.fls.doubleclick.net/ Frame D4BA
Redirect Chain

https://8832015.fls.doubleclick.net/activityi;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%...
https://8832015.fls.doubleclick.net/activityi;dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarcho...

3 KB
2 KB

90ms
87ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8832015.fls.doubleclick.net/activityi;dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

f2f66724875ef0f8c7439487ea313065bbc5c523edcd26be97fffe78f2f62c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 1326
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Mar 2023 15:16:13 GMT
expires: Thu, 30 Mar 2023 15:16:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Mar 2023 15:16:13 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8832015.fls.doubleclick.net/activityi;dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
9 KB 196ms
48ms Script
application/javascript 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
etag: "DUHyBE1e2vdA+NAhXV6BXg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Thu, 06 Apr 2023 15:16:13 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 107 KB
28 KB 126ms
43ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dbf060c555e91a539d9cb849f4aa0c656db9b0a1da32c99aafb12d7c508c6849

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 30 Mar 2023 15:16:13 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27909
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: SZnx2E+02m/HbT7F06Z7xFLwqLw7LfGA90mutUTgwR4ZSxLBPRe6CR0uClJsREpsUSIWpPgy6r/VQlQAXgZMrg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 B21591273.227039140;sz=1x2;ord=899413162896 Show response
ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/ 35 KB
14 KB 168ms
70ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=899413162896?

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

46512df65d6f7a2a829b0658449f14bc878fc921288323382f837e9da9c23b84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13624
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 126 KB
48 KB 141ms
50ms Script
application/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-W2ZD7L3

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

929c21db5bf95ecf20f6f913ee57c214a4983e17d8fba30e0f2f830c40e88858

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 48366
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 30 Mar 2023 15:16:13 GMT

GET
H2 200 get-loader.js Show response
loader.wisepops.com/ 74 KB
23 KB 167ms
66ms Script
text/javascript 2606:4700:20::681a:b13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://loader.wisepops.com/get-loader.js?v=1&site=HmKchyy73N
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86cb375873208e19ef9ed2e513be7132f9464c148aa954e23fa76d1fea49be4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 30 Mar 2023 13:41:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5710
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JxD78hjHJ2aVbC1bPWNkRzSvbHh4arv1NQehFgP0QzNFRxU1K4Wo3eGuw8V%2FiWmR3G0BvtwOcSCBcv0LGF%2FyyZXpEotrxWoIPWTV9gFJ4dNJ1KWQciU%2FxpzpMdFFFirigvYrNL9W6T5zuXaoW9LdXt8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
x-cloud-trace-context: d8cd14d70203ae8c266ec0db2da59752
cache-control: private, max-age=1800
cf-ray: 7b015000eb4d9046-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
77 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0DRBVSJJB1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a860f4cc89edb16c78de7469f9f0fa77eaa319a6cdaa73c64a581eba4ab203ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78987
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 30 Mar 2023 15:16:13 GMT

GET
H2

200

B21581475.265419780;dc_pre=COWVkpb5g_4CFQuR_QcddpQByg;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=COWVkpb5g_4CFQuR_QcddpQByg;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;ta...

42 B
346 B

61ms
60ms

Image
image/gif

142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=COWVkpb5g_4CFQuR_QcddpQByg;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Protocol

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:13 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=COWVkpb5g_4CFQuR_QcddpQByg;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/5.13.0/assets/ 15 KB
3 KB 52ms
52ms Fetch
application/json 2606:4700::6813:bb61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/5.13.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/5.13.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bb61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f52e4e999a441c151183d77efd6dad3915e650409ea65b94b7e0fc067dcd0abd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: idLIfkDq/eva4EuRGVQzZQ==
age: 654
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2839
x-ms-lease-status: unlocked
last-modified: Tue, 25 Feb 2020 19:24:47 GMT
server: cloudflare
etag: 0x8D7BA28607C070E
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f71020b7-601e-00ce-47e3-5abea9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7b0150005d6c9950-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/5.13.0/assets/ 84 KB
17 KB 54ms
54ms Fetch
application/json 2606:4700::6813:bb61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/5.13.0/assets/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/5.13.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bb61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bd6c30a523ce8b33d96dc79b1d759b5d5634740ae76aa6557e2d3741082e067

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Bbq+cqhXBxu2QqVrgDpPqg==
age: 654
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 17012
x-ms-lease-status: unlocked
last-modified: Tue, 25 Feb 2020 19:24:47 GMT
server: cloudflare
etag: 0x8D7BA28609F260F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 56c7f4de-001e-00de-01e3-5a884f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7b0150005d6d9950-FRA

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 142ms
46ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-0DRBVSJJB1&gtm=45je33r0&_p=708449883&cid=1440869162.1680189374&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1680189373&sct=1&seg=0&dl=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&dt=Donate%20Now%20%7C%20March%20of%20Dimes&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0DRBVSJJB1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery-ui.css
give.marchofdimes.org/js/ Frame 0BAA 28 KB
7 KB 151ms
149ms Stylesheet
text/css 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/jquery-ui.css
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 25a26a31ffe8b00b9f7b84305ebb06c50376ad33265161f71ccf908604988a92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
server: cloudflare
cf-polished: origSize=29588
etag: W/"18b81663f43bd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: text/css
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b0150018e112bc6-FRA

GET
H2 200 ddplugin.css
doublethedonation.com/api/css/ Frame 0BAA 154 KB
21 KB 630ms
258ms Stylesheet
text/css 23.96.109.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://doublethedonation.com/api/css/ddplugin.css
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 23.96.109.67 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: fe63a0bc548ebb27d59fe1a01b00dc7dde7c5c108182c65c4ab62a4b0640797d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
last-modified: Thu, 30 Mar 2023 12:21:33 GMT
server: nginx
etag: "64257ecd-5295"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=3600;
content-length: 21141

GET
H2 200 app.6d5de37d.css
give.marchofdimes.org/css/ Frame 0BAA 238 KB
36 KB 184ms
183ms Stylesheet
text/css 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/css/app.6d5de37d.css
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a8885dda1f5115b78e1b418482712f90f30a9d7e94257c037365d82e7f850534

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
server: cloudflare
etag: W/"63b7d63f43bd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b0150018e122bc6-FRA

GET
H2 200 app.c44d9fa4.js Show response
give.marchofdimes.org/js/ Frame 0BAA 343 KB
57 KB 247ms
246ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/app.c44d9fa4.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 947fec2f9330916ea55fd8601137f793dedd0fd8c59db7dd0e28e92872e14c90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
server: cloudflare
cf-polished: origSize=351305
etag: W/"63b7d63f43bd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b0150018e132bc6-FRA

GET
H2 200 chunk-vendors.e4bafff4.js Show response
give.marchofdimes.org/js/ Frame 0BAA 834 KB
209 KB 303ms
302ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6da677b1bb2132071aca775218b2b5c6e866265548c07212bbab1f1a0931fc77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
server: cloudflare
cf-polished: origSize=853753
etag: W/"aeeb1063f43bd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b0150018e142bc6-FRA

GET
H2 200 rocket-loader.min.js Show response
give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame 0BAA 12 KB
4 KB 45ms
44ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 21 Mar 2023 12:31:17 GMT
server: cloudflare
etag: W/"6419a395-302c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7b015001be682bc6-FRA
expires: Sat, 01 Apr 2023 15:16:13 GMT

GET
H2 200 vb26e4fa9e5134444860be286fd8771851679335129114 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame 0BAA 16 KB
6 KB 83ms
82ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4ef73601a6552d55503bcbd9b6cd23fc0c33fa075f8efe724cddd4e3ee55542

Request headers

Referer: https://give.marchofdimes.org/
Origin: https://give.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
last-modified: Mon, 20 Mar 2023 17:58:49 GMT
server: cloudflare
etag: W/2023.3.0
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7b015001bd6303dc-FRA

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 183 KB
66 KB 65ms
63ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-794610601&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

02de37e6c05a29703da310424db1ec9d02962b05964458b0974903e066161b33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67215
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Mar 2023 15:16:13 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 131 KB
50 KB 70ms
55ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1071894384&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f6b0708b553a766ec424cc2608fc4687261a22bf981929e1ee5391e41dbae11a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51614
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Mar 2023 15:16:13 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
208 B 50ms
44ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=708449883&t=pageview&_s=1&dl=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&ul=en-us&de=UTF-8&dt=Donate%20Now%20%7C%20March%20of%20Dimes&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=881839768&gjid=1454742879&cid=1440869162.1680189374&tid=UA-219864-60&_gid=1237877152.1680189374&_r=1&_slc=1&gtm=45He33r0n81WNJ3K3P&z=994979168

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1621384747882069 Show response
connect.facebook.net/signals/config/ 379 KB
109 KB 533ms
518ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1621384747882069?v=2.9.100&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c540fb6c113d965f842e6205921df5e238d36780c249e0794962ac5069c5d5f3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 30 Mar 2023 15:16:14 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: lPQBI12B4ifN6FITS91lmqgo92o/KrguPi1ce5YwGtx/S2qM/fjACZ6+9ZDB6runx1br9TqxaYrFdh3qz+YhJg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 Pixels
px.adentifi.com/ Frame D4BA 0
35 B 414ms
118ms Image
text/plain 34.201.238.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.adentifi.com/Pixels?a_id=3405;uq=2133631321;
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.201.238.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-201-238-83.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ Frame D4BA 44 KB
15 KB 319ms
86ms Script
application/javascript 2a02:2638:3::e
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=81237

Requested by

Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::e , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

982d7ffdc626ce6cdd5acf310b6bc7a71ba48ae70bb6fb52661b29f18be67cf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=*;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm...
adservice.google.com/ddm/fls/z/ Frame D4BA 42 B
401 B 223ms
80ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=*;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 my-wisepop Show response
popup.wisepops.com/ 244 B
725 B 423ms
222ms XHR
application/json 2606:4700:20::681a:b13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popup.wisepops.com/my-wisepop
Requested by: Host: loader.wisepops.com
URL: https://loader.wisepops.com/get-loader.js?v=1&site=HmKchyy73N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83c5ffb81eec09aa94d013db8389c24a964285c865f6089edac03fece58ff26d

Request headers

Accept: application/json
Referer: https://marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JTAKTosJqkxIjDG%2F7hTwk1tMHtEb3J8FQ6dFxQewJU20YzpAEVqWMnxJIw7%2FAF8pme10elgS0EoObMGBS1h0MAuvMMULecuFk5SBWsBE1GdxUqhZH1IB6hWDdX3IJNYxUVjLB2P5y41XN%2FAye90D3w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cloud-trace-context: 410bfb54c21e305f84762a03631c088e
cache-control: no-store
cf-ray: 7b015003d9239267-FRA
access-control-allow-headers: *

POST
H2 200 / Show response
activity.wisepops.com/ 0
273 B 156ms
156ms XHR
text/plain 2606:4700:20::681a:b13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://activity.wisepops.com/?v=1.4.2&site=HmKchyy73N
Requested by: Host: loader.wisepops.com
URL: https://loader.wisepops.com/get-loader.js?v=1&site=HmKchyy73N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2F9WqPnjIvmV4IhGzZqH1VAdVBxDcf0ML82e4HbZtJ0VKy1krTRX6MFfJFxMd4xvzhRG03Mz6171dW06GL%2BIY1Y7%2ByOzZqxqJONu0iXDpdQUyS4%2FrSrlDTCF1nGbxbLtSZ9DTTFUcPJkxUlqboxVOFcN6g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7b015004dfc39960-FRA
content-length: 0

OPTIONS
H2 200 /
activity.wisepops.com/ Frame 0
0 341ms
151ms Preflight 2606:4700:20::681a:b13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://activity.wisepops.com/?v=1.4.2&site=HmKchyy73N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
cf-cache-status: DYNAMIC
cf-ray: 7b015003de6a9960-FRA
content-length: 0
date: Thu, 30 Mar 2023 15:16:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cu1Qnolnxqzdr0Ktylw2EfCw1obbB8nGnmiKWUhPzcKpnJjCy6cHa3UGH0ur5UzOY93%2F7LxIDpkDvkbB7b8ksR9ZijgXMcabKxl5v1BJIVAfhJp6CdvJWTzNp2WymM1MHoyMt31r8XRuw7MID3wyCus9Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 200 rules-p-4LjrHyeV3QUW4.js Show response
rules.quantcount.com/ 160 B
642 B 213ms
29ms Script
application/javascript 2600:9000:225f:b000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-4LjrHyeV3QUW4.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225f:b000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2aa9b0ccf31fe34e187c3b09bec7e9d8fccdeb48a5b2223d9f80df2a8790a6af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 14:21:57 GMT
via: 1.1 0cd2c3fbaf7659321a893cd5ab933aa4.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P2
age: 3258
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 23:45:31 GMT
server: AmazonS3
etag: "52b67ed0d6de08757c0affd0509ae576"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: zun310alIlX-RFmFYsrYCYvUO3mDvaBvIKHa_3cmKE13-sv6iwXUSA==

GET
H2 204 25017097.js Show response
bat.bing.com/p/action/ 0
119 B 181ms
180ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25017097.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 30 Mar 2023 15:16:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8B643D3B85B64A1880BC9D8749CA4401 Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:13Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
285 B 69ms
68ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25017097&tm=gtm002&Ver=2&mid=ae384026-93da-4509-b688-a4968e863872&sid=cf5a6f20cf0d11ed8f76b17f68e9369d&vid=cf5a7ba0cf0d11ed8a3c47c740a5264b&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Donate%20Now%20%7C%20March%20of%20Dimes&p=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&r=&lt=1107&evt=pageLoad&sv=1&rn=18119

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 30 Mar 2023 15:16:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0C5003176160482F8C0A16582575AC63 Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:13Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
trc.taboola.com/1335104/trc/3/ 3 KB
2 KB 76ms
69ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1335104/trc/3/json?tim=1680189373882&data=%7B%22id%22%3A466%2C%22ii%22%3A%22%2Fdonate-now%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1680189373875%2C%22cv%22%3A%2220230326-2-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtruenorth-marchofdimes-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1680189373881%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22ler%22%3A%22other%22%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7a4c507f02947a44a9e459a37c9f703b2219530f0c68815bcc5f3fd37f991e42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-vcl-time-ms: 23
date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
via: 1.1 varnish
x-served-by: cache-hhn-etou8220052-HHN
server: nginx
x-timer: S1680189374.920292,VS0,VE23
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230328/r20110914/elements/html/ 11 KB
4 KB 190ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230328/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=899413162896?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:40:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74157
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4123
x-xss-protection: 0
server: cafe
etag: 4541610132340792384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Apr 2023 18:40:17 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
0 231ms
81ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvaiRZh7W1qDReQGRHS9Plk4gZwuVf-a6kymzgn6Gcfmnbs14rydvTJS2mQHwmRf7zZnf8oXzuPLUUZaLllgwoBNNqBToLn-1-mi7sf1YaGxOwX_7tES9RYCOqRq9IfVxzGLSYsxRAKyEdQwQ&sai=AMfl-YQzgDH2vtvBXYZsObSYRteWJazKRBIyZAb8r6U5I_yTJ3FAgBOzF_vFUwjZ3nqdIXLs9GSbXrbYjjEIpz0&sig=Cg0ArKJSzENnVZk2m-9UEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cisv=r20230328.80854&arae=0&ftch=1&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=899413162896?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 30 Mar 2023 15:16:14 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame D3A1 0
182 B 187ms
59ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=2n62y3m&ref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&upid=b8lvzxo&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Thu, 30 Mar 2023 15:16:14 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 200 bat.js Show response
bat.bing.com/ Frame D4BA 40 KB
12 KB 68ms
67ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 30 Mar 2023 15:16:13 GMT
last-modified: Thu, 16 Feb 2023 18:31:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 52D4893D57DD47EE99F5101C5FCE45DC Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:13Z
etag: "8072cff03442d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11894

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame D4BA 22 KB
9 KB 52ms
51ms Script
application/javascript 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=COWDk5b5g_4CFWRUwgodNnAOxQ;src=8832015;type=rt;cat=donforms;ord=837105368787;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:13 GMT
content-encoding: gzip
etag: "DUHyBE1e2vdA+NAhXV6BXg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Thu, 06 Apr 2023 15:16:13 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame D4BA 107 KB
27 KB 46ms
46ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dbf060c555e91a539d9cb849f4aa0c656db9b0a1da32c99aafb12d7c508c6849

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 30 Mar 2023 15:16:13 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27909
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: SZnx2E+02m/HbT7F06Z7xFLwqLw7LfGA90mutUTgwR4ZSxLBPRe6CR0uClJsREpsUSIWpPgy6r/VQlQAXgZMrg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/ Frame 0BAA 20 KB
5 KB 192ms
55ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/css/app.6d5de37d.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 723, 617
age: 17153674
cdn-cachedat: 2021-07-24 09:40:41
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 2b50aaedc481ac5a56e54a88a5b8c43a
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7b015003ef896933-FRA
cdn-requestpullsuccess: True

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/794610601/ 3 KB
2 KB 178ms
83ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/794610601/?random=1680189373927&cv=11&fst=1680189373927&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&hn=www.googleadservices.com&frm=0&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&auid=212508955.1680189373&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-794610601&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a8aab71d13462db545e890bf14c27a210642f13a61174b20972b6d48536fe06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071894384/ 3 KB
1 KB 128ms
84ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071894384/?random=1680189374000&cv=11&fst=1680189374000&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&hn=www.googleadservices.com&frm=0&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&auid=212508955.1680189373&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1071894384&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c27d52f5a0d4ebd16e8367a3831dd51566bf87bfec6f48678f6c836ec2cf81fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 25042596.js Show response
bat.bing.com/p/action/ Frame D4BA 0
137 B 147ms
145ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25042596.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 30 Mar 2023 15:16:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 41938607FEBA44B6B840DF869982CD9A Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:14Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ Frame D4BA 0
122 B 64ms
64ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25042596&Ver=2&mid=66c919e6-defb-46b1-ae4c-5d6de608f63c&sid=cf745cb0cf0d11edb731271a54f9b0d6&vid=cf752930cf0d11ed9d1cbb436de4ba09&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fmarchofdimes.org%2F&r=&lt=455&evt=pageLoad&ifm=1&sv=1&rn=36608

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 30 Mar 2023 15:16:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 39E3B1A2E5EB43DE85856ECA6D357E51 Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:14Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-uyn8UnTsRXguL.js Show response
rules.quantcount.com/ Frame D4BA 5 KB
2 KB 44ms
43ms Script
application/javascript 2600:9000:225f:b000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-uyn8UnTsRXguL.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225f:b000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d375fb8f67575a449606683fc8be339674f03ff2fee1c42e632564d0b207c3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:05:21 GMT
content-encoding: gzip
via: 1.1 0cd2c3fbaf7659321a893cd5ab933aa4.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P2
age: 654
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Thu, 13 Oct 2022 15:08:42 GMT
server: AmazonS3
etag: W/"b4a376a3ece8af98e7567e60db986dc9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-id: j7OYaBlLVq2u5iDWtMimEQXbbmy1H4QqjAxQSfPnHRErwes5xplEbg==

GET
H3 200 812396462484872 Show response
connect.facebook.net/signals/config/ Frame D4BA 378 KB
108 KB 184ms
184ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/812396462484872?v=2.9.100&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f283fcbda7992093172d1d5d1a3ecc85437378723d6d1b1cc5d3f7a18a9e54cd

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 30 Mar 2023 15:16:14 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: dCHt8h1DUK6oLXC3GxqVX8woujki+CaDJDeXfYF3g1oS/7HUU3yxS4yprfGTeZkhlvM/bTPzcCCGllHRLdqHWg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel;r=1771958814;source=gtm;rf=0;a=p-4LjrHyeV3QUW4;url=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2...
pixel.quantserve.com/ 35 B
371 B 72ms
46ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1771958814;source=gtm;rf=0;a=p-4LjrHyeV3QUW4;url=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002;uht=2;fpan=1;fpa=P0-1839879569-1680189373857;pbc=;ns=0;ce=1;qjs=1;qv=93f4cf8b-20230329153214;cm=;gdpr=0;ref=;d=marchofdimes.org;dst=0;et=1680189374077;tzo=0;ogl=type.Page%2Ctitle.Donate%20Now%2Cdescription.March%20of%20Dimes%20donations%20go%20towards%20lifesaving%20research%20and%20advocating%20policies%20%2Cimage.https%3A%2F%2Fmarchofdimes%252Eorg%2Fsites%2Fdefault%2Ffiles%2F2022-11%2FJAJEES_v2%252Ejpg;ses=2a09fcca-da17-42f3-8b90-9e9e0274d737

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:14 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 pixel;r=375403571;labels=_fp.channel.marchofdimes;rf=0;a=p-uyn8UnTsRXguL;url=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOWDk5b5g_4CFWRUwgodNnAOxQ%3Bsrc%3D8832015%3Btype%3Drt%...
pixel.quantserve.com/ Frame D4BA 35 B
371 B 51ms
47ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=375403571;labels=_fp.channel.marchofdimes;rf=0;a=p-uyn8UnTsRXguL;url=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOWDk5b5g_4CFWRUwgodNnAOxQ%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Ddonforms%3Bord%3D837105368787%3Bgtm%3D45He33r0%3Bauiddc%3D212508955.1680189373%3B~oref%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%3F;ref=https%3A%2F%2Fmarchofdimes.org%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-166004688-1680189374049;pbc=;ns=1;ce=1;qjs=1;qv=93f4cf8b-20230329153214;cm=;gdpr=0;d=8832015.fls.doubleclick.net;dst=0;et=1680189374100;tzo=0;ogl=;ses=6cdc630d-74da-4cf5-af4c-ce432b22df1c

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:14 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 2007 15 KB
6 KB 166ms
70ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=marchofdimes.org&origin=onetag

Requested by

Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=81237

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3014acc16bf3744b41bb869785bf686290d9834a5e6f69d4583c4e39fca26bff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://8832015.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 30 Mar 2023 15:16:13 GMT
server: Kestrel
server-processing-duration-in-ticks: 508092
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 /
www.google.com/pagead/1p-user-list/794610601/ 42 B
108 B 172ms
55ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/794610601/?random=1680189373927&cv=11&fst=1680188400000&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&frm=0&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1741066557&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:14 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/794610601/ 42 B
455 B 168ms
51ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/794610601/?random=1680189373927&cv=11&fst=1680188400000&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&frm=0&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1741066557&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:14 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1071894384/ 42 B
455 B 168ms
54ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1071894384/?random=1680189374000&cv=11&fst=1680188400000&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&frm=0&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2296187119&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:14 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1071894384/ 42 B
108 B 167ms
53ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1071894384/?random=1680189374000&cv=11&fst=1680188400000&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&frm=0&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2296187119&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:14 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 2007
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=8832015.fls.doubleclick.net&sn=ChromeSyncframe&so=0&topUrl=marchofdimes.org&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=qFibWXxCM0tublBXMGcwQnVSU29VMUhnd1FZdmh4bldkSWM1dC9mblI1Q0huOWE3amJ6a1lvUWZKVldqVXJWVW9QOTNUM1FhV2FTcEhSNyt5K01SZWNYU1lvQzBGUktKc0RxVGlPT3dhcmMzc2RXSHprTnE5bHB3dnJIWk...

447 B
672 B

170ms
54ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=qFibWXxCM0tublBXMGcwQnVSU29VMUhnd1FZdmh4bldkSWM1dC9mblI1Q0huOWE3amJ6a1lvUWZKVldqVXJWVW9QOTNUM1FhV2FTcEhSNyt5K01SZWNYU1lvQzBGUktKc0RxVGlPT3dhcmMzc2RXSHprTnE5bHB3dnJIWkxtMGRJR1dhZ1VlQ3J2SkdOdlliR1NMOTgyemFhUU14M0Y5SHpXbDVXTEpXVWk1cW5LNkJBYXdWUUt0enJmY0p0TzRqbWF6N2thUGkyZ0t4d3BLaDdvUzhYVFU1cjZ3azZTQ0JMUExUWVNjOWQzVElLMjJFRGMxdjgrQnFFY0dvbnRXSUp1Unh3bDZ2NWlGOFBZRDk5VVphR2gwc2dVeXBreDJqajdCMGMvU3h3dFJxdWNIcUp1MzNRYnNwTzZWRVBHVTJqNjRLU3w&cppv=2

Requested by

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3e411821523f54d77a721b31f0db063d8dfb2f008c5a2b18e7d9c586dc05fe32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:13 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2512971
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:13 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=qFibWXxCM0tublBXMGcwQnVSU29VMUhnd1FZdmh4bldkSWM1dC9mblI1Q0huOWE3amJ6a1lvUWZKVldqVXJWVW9QOTNUM1FhV2FTcEhSNyt5K01SZWNYU1lvQzBGUktKc0RxVGlPT3dhcmMzc2RXSHprTnE5bHB3dnJIWkxtMGRJR1dhZ1VlQ3J2SkdOdlliR1NMOTgyemFhUU14M0Y5SHpXbDVXTEpXVWk1cW5LNkJBYXdWUUt0enJmY0p0TzRqbWF6N2thUGkyZ0t4d3BLaDdvUzhYVFU1cjZ3azZTQ0JMUExUWVNjOWQzVElLMjJFRGMxdjgrQnFFY0dvbnRXSUp1Unh3bDZ2NWlGOFBZRDk5VVphR2gwc2dVeXBreDJqajdCMGMvU3h3dFJxdWNIcUp1MzNRYnNwTzZWRVBHVTJqNjRLU3w&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 371304
content-length: 0
expires: 0

GET
H2 200 amazon.js Show response
give.marchofdimes.org/js/ Frame 0BAA 6 KB
2 KB 144ms
142ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/amazon.js?rnd=20210831
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9c56f97c002513e5266bed356153984b1612bac56582f71f519180dac3c712d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
server: cloudflare
cf-polished: origSize=11007
etag: W/"ff691663f43bd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b015005ed702bc6-FRA

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 0BAA 113 KB
44 KB 54ms
52ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dd99424797974da18966bcf847bfd700383ad4d7e5f9fcaa0e50b4b7832e99b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44750
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Mar 2023 15:16:14 GMT

GET
H2 200 donation.doublemydonation.js Show response
give.marchofdimes.org/js/ Frame 0BAA 3 KB
1020 B 156ms
152ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/donation.doublemydonation.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 52e86f5586819f24342659ff63cc353f4350f806a44d8ac57d21672d1eb9107b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
server: cloudflare
cf-polished: origSize=5595
etag: W/"ff691663f43bd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b015005ed792bc6-FRA

GET
H2 200 ddplugin.js Show response
doublethedonation.com/api/js/ Frame 0BAA 432 KB
92 KB 124ms
121ms Script
text/javascript 23.96.109.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://doublethedonation.com/api/js/ddplugin.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 23.96.109.67 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: 6e715867b765ec2e09cc3d038600ae8ee3bfba3a51fa6354b5d47863ae6c5108

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
last-modified: Thu, 30 Mar 2023 12:21:32 GMT
server: nginx
etag: "64257ecc-16ef2"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=3600;
content-length: 93938

GET
H2 200 jquery-ui.js Show response
give.marchofdimes.org/js/ Frame 0BAA 327 KB
80 KB 326ms
323ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/jquery-ui.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 1ba5287a919753a8fdb18929f1e3e7f6ccc31154169d254872080d11a9b1c4ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
server: cloudflare
cf-polished: origSize=539419
etag: W/"54541763f43bd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b015005ed7b2bc6-FRA

GET
H2 200 jquery-3.6.0.min.js Show response
give.marchofdimes.org/js/ Frame 0BAA 87 KB
31 KB 516ms
513ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/jquery-3.6.0.min.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 08 Feb 2023 19:34:40 GMT
server: cloudflare
etag: W/"b911663f43bd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b015005ed7e2bc6-FRA

GET
H2 200 constants.js Show response
give.marchofdimes.org/ Frame 0BAA 599 B
489 B 150ms
147ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/constants.js?20210814
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2a551c6a84e41383c61251d498656509ca2609cf7e5d54a8ed4c8c6df97c3d00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 05 Aug 2021 14:19:11 GMT
server: cloudflare
cf-polished: origSize=732
etag: W/"c582b1dc48ad71:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 7b015005ed7f2bc6-FRA

GET
H2 200 /
www.facebook.com/tr/ Frame D4BA 0
185 B 130ms
41ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=812396462484872&ev=PageView&dl=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOWDk5b5g_4CFWRUwgodNnAOxQ%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Ddonforms%3Bord%3D837105368787%3Bgtm%3D45He33r0%3Bauiddc%3D212508955.1680189373%3B~oref%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%3F&rl=https%3A%2F%2Fmarchofdimes.org%2F&if=true&ts=1680189374389&sw=1600&sh=1200&v=2.9.100&r=stable&ec=0&o=30&cs_est=true&it=1680189374053&coo=false&exp=c1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 30 Mar 2023 15:16:14 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 111ms
42ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1621384747882069&ev=PageView&dl=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&rl=&if=false&ts=1680189374426&sw=1600&sh=1200&v=2.9.100&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1680189374411.1122426364&it=1680189373773&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 30 Mar 2023 15:16:14 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2

200

event Show response
widget.us.criteo.com/ Frame D4BA
Redirect Chain

https://sslwidget.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fmarchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252526q...
https://widget.us.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fmarchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252526q...

8 KB
4 KB

536ms
270ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.us.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fmarchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252526q%25253D1%255D&p3=e%3Ddis&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFmS09Zd2ljUjZONGwxbWJTUDVoM3gwQ1pUa3lrMVlzYWxKSzBRWTZLMHh1SEg1Y0ZnWE5uOWNuVWxGa1hDaHFiWUw0ME9tOFBkaCUyQlZ2S1JBdFdHVEslMkZhR09ZazkyWk4lMkZwRHh2eXNRTGk1VkdqTjU1MlZkUXU2MVhMVFR6M0wlMkJ3b0p5MWRkS0Q4YzF6ekNGVGxVYyUzRA&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fmarchofdimes.org&pu=https%253A%252F%252Fmarchofdimes.org&dtycbr=49888

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e7a91542ec268faeb02be83be87bc0bd37ead5af197eb34afd78d477f4c4326

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
content-type: application/x-javascript
access-control-allow-origin: *
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 146464238
timing-allow-origin: *
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://widget.us.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fmarchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252526q%25253D1%255D&p3=e%3Ddis&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFmS09Zd2ljUjZONGwxbWJTUDVoM3gwQ1pUa3lrMVlzYWxKSzBRWTZLMHh1SEg1Y0ZnWE5uOWNuVWxGa1hDaHFiWUw0ME9tOFBkaCUyQlZ2S1JBdFdHVEslMkZhR09ZazkyWk4lMkZwRHh2eXNRTGk1VkdqTjU1MlZkUXU2MVhMVFR6M0wlMkJ3b0p5MWRkS0Q4YzF6ekNGVGxVYyUzRA&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fmarchofdimes.org&pu=https%253A%252F%252Fmarchofdimes.org&dtycbr=49888
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 4477917
timing-allow-origin: *
content-length: 0
expires: 0

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ Frame 0BAA 171 KB
56 KB 85ms
67ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

f5c5f67296f64062fb152366aae1130efa959945dab66485ff50e63db11b15cd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: gzip
server: mafe
vary: Accept-Language
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=28
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57340
x-xss-protection: 0
expires: Thu, 30 Mar 2023 15:46:14 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 0BAA 274 KB
89 KB 59ms
58ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eaae9ceef499dbafc3f8082c0e7b44759dd447a561c99a1df70a2f820efecc7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91432
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Mar 2023 15:16:14 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 44ms
39ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1621384747882069&ev=Microdata&dl=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&rl=&if=false&ts=1680189374933&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Donate%20Now%20%7C%20March%20of%20Dimes%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22Page%22%2C%22og%3Atitle%22%3A%22Donate%20Now%22%2C%22og%3Adescription%22%3A%22March%20of%20Dimes%20donations%20go%20towards%20lifesaving%20research%20and%20advocating%20policies%20that%20prioritize%20the%20health%20of%20moms%20and%20babies.%20Your%20donation%20to%20our%20nonprofit%20can%20help%20improve%20the%20lives%20of%20moms%20and%20babies%20everywhere.%20Donate%20to%20March%20of%20Dimes%20today.%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fmarchofdimes.org%2Fsites%2Fdefault%2Ffiles%2F2022-11%2FJAJEES_v2.jpg%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.100&r=stable&ec=1&o=30&fbp=fb.1.1680189374411.1122426364&it=1680189373773&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 30 Mar 2023 15:16:14 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 Widgets.js Show response
static-na.payments-amazon.com/OffAmazonPayments/us/js/ Frame 0BAA 329 KB
101 KB 148ms
49ms Script
application/x-javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/amazon.js?rnd=20210831
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-41.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d5ba54ef3f43fbe858f0c0fc90f58ac64df5cdc014f3f6155afa96da07407caa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: VRUhz.ig_HAdwOk9nRS4lvmdTLwp1GUL
content-encoding: gzip
via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
date: Thu, 30 Mar 2023 14:56:58 GMT
last-modified: Tue, 28 Mar 2023 10:19:28 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 1157
x-amz-server-side-encryption: AES256
etag: W/"7157052e59db775127eee635432e6907"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=1200,public
x-amz-cf-id: xH-a9VHSKnFQYP_hwaAmrOGMnHKAYL9op-BVQRWqDDeQlFTrX2N5Pw==

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 0BAA 49 KB
20 KB 40ms
40ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 30 Mar 2023 14:05:11 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 4263
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 30 Mar 2023 16:05:11 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ Frame 0BAA 852 B
748 B 52ms
50ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

50729fc01ddcbb59b0af0d2ea959ba56251d5158d45ba32ae05c48bcb23473bb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 556
x-xss-protection: 1; mode=block
expires: Thu, 30 Mar 2023 15:16:15 GMT

GET
H2 200 get Show response
give.marchofdimes.org/server/api/donationforms/ Frame 0BAA 7 KB
3 KB 401ms
401ms XHR
application/json 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/server/api/donationforms/get?donationFormId=270&srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https:%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 675f06d08b68f81fd284510ff1a625dd5edb9382ebcc3dbee78a322fb6e1f723

Request headers

Accept: application/json, text/plain, */*
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
accept-language: de-DE,de;q=0.9
X-Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: ASP.NET
content-type: application/json; charset=utf-8
permissions-policy: interest-cohort=()
cf-ray: 7b01500a2c6e2bc6-FRA

POST
H2 204 rum Show response
give.marchofdimes.org/cdn-cgi/ Frame 0BAA 0
83 B 52ms
51ms XHR
text/plain 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://give.marchofdimes.org/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type: application/json

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://give.marchofdimes.org
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7b01500a3c872bc6-FRA

GET
H3 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ Frame 0BAA 1 KB
763 B 41ms
40ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 14:37:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2335
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 30 Mar 2023 15:37:20 GMT

GET
H3 200 js Show response
www.google-analytics.com/gtm/ Frame 0BAA 126 KB
47 KB 54ms
54ms Script
application/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-W2ZD7L3&t=gtag_UA_219864_1&cid=1440869162.1680189374

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d5e5b7fbd17aad861afd718298e3d533c442395f1d847630c9cc9739a45672df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 48586
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 30 Mar 2023 15:16:15 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ Frame 0BAA 4 KB
2 KB 39ms
39ms Script
application/x-javascript 108.138.15.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-15-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 02:11:41 GMT
Content-Encoding: gzip
Via: 1.1 3199fed6c4260c9448326645d333530a.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-P7
Age: 47075
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: uAqqlzcdNmc21ro09CXTUa2Y6Jv6k3x4HcZXwmhA-4Nmtn3S4Ajg2g==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 0BAA 113 KB
44 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8832015

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

109cfb3475cf2124422ae10749c749f53d83010ad362cdd1457cbfd4e24d3b9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44890
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Mar 2023 15:16:15 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 0BAA 49 KB
20 KB 55ms
54ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 30 Mar 2023 14:05:11 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 4264
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 30 Mar 2023 16:05:11 GMT

GET
H3

200

activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2... Show response
8832015.fls.doubleclick.net/ Frame 8EB1
Redirect Chain

https://8832015.fls.doubleclick.net/activityi;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENE...
https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.march...

4 KB
2 KB

96ms
96ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

1158286d0999457eb95a4a81008e3583444ab2140445e8792121a37fae4f0ceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://give.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 1568
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Mar 2023 15:16:15 GMT
expires: Thu, 30 Mar 2023 15:16:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Mar 2023 15:16:15 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1335104/ Frame 0BAA 58 KB
18 KB 42ms
37ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dcc003d373fc9e1c1963e7bfe4bf3eaee9ae2cac7404e5ce3bd5b2f3bbbd14c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: z4sucPrcq9csdsiSOKYMvy1TKIPrzRAd
content-encoding: gzip
via: 1.1 varnish
date: Thu, 30 Mar 2023 15:16:15 GMT
x-amz-request-id: Z4T9WA0NCJ1R5NY7
age: 1
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 18200
x-amz-id-2: HcvpCVXCaz1mSqubEyk8CpbejDSElhMWuzrk1cgcBdJwwHdoZ/FYhQxGTJvgkqT9MWVmW+NvWdM=
x-served-by: cache-hhn-etou8220052-HHN
last-modified: Sun, 26 Mar 2023 11:13:33 GMT
server: AmazonS3
x-timer: S1680189375.136070,VS0,VE0
etag: "2e77fe33ef8a7f12c326246a2efade16"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 28
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 bat.js Show response
bat.bing.com/ Frame 0BAA 40 KB
12 KB 68ms
61ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 30 Mar 2023 15:16:14 GMT
last-modified: Thu, 16 Feb 2023 18:31:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5DEE49FF9CC2441BADC31E8C99DDDAF0 Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:15Z
etag: "8072cff03442d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11894

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 0BAA 22 KB
9 KB 56ms
50ms Script
application/javascript 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: gzip
etag: "DUHyBE1e2vdA+NAhXV6BXg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Thu, 06 Apr 2023 15:16:15 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 0BAA 107 KB
27 KB 49ms
45ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dbf060c555e91a539d9cb849f4aa0c656db9b0a1da32c99aafb12d7c508c6849

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 30 Mar 2023 15:16:15 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27909
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: SZnx2E+02m/HbT7F06Z7xFLwqLw7LfGA90mutUTgwR4ZSxLBPRe6CR0uClJsREpsUSIWpPgy6r/VQlQAXgZMrg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

B21581475.265419780;dc_pre=CNvE8Zb5g_4CFQuR_QcddpQByg;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/ Frame 0BAA
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CNvE8Zb5g_4CFQuR_QcddpQByg;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;ta...

42 B
63 B

72ms
70ms

Image
image/gif

142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CNvE8Zb5g_4CFQuR_QcddpQByg;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Protocol

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CNvE8Zb5g_4CFQuR_QcddpQByg;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 B21591273.227039140;sz=1x2;ord=961347434074 Show response
ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/ Frame 0BAA 35 KB
13 KB 83ms
80ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=961347434074?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

984bb82d2cf023307edfe42a24567ab4008b4318090f843ef2b0f095995d49d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13693
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ Frame 0BAA 126 KB
47 KB 54ms
50ms Script
application/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-W2ZD7L3

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

929c21db5bf95ecf20f6f913ee57c214a4983e17d8fba30e0f2f830c40e88858

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 48366
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 30 Mar 2023 15:16:15 GMT

GET
H2 200 get-loader.js Show response
loader.wisepops.com/ Frame 0BAA 74 KB
23 KB 60ms
56ms Script
text/javascript 2606:4700:20::681a:b13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://loader.wisepops.com/get-loader.js?v=1&site=HmKchyy73N
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86cb375873208e19ef9ed2e513be7132f9464c148aa954e23fa76d1fea49be4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 30 Mar 2023 13:41:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5712
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rqdVivyPZFiLJCarisSuWD2sDqq1LfF8DyJ7ZvhYwVpjL3G8iZwGPTUrd44Dwu%2Fd%2FtQn8w7Eu4V%2F8zGr45PME8rFmL31%2B170%2BvKNfq%2FD23Ib0Q2aN7nF2im7Z09%2FCAHDrZuM13bYLP75z0rkTwLGDIs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
x-cloud-trace-context: d8cd14d70203ae8c266ec0db2da59752
cache-control: private, max-age=1800
cf-ray: 7b01500aa9e29046-FRA

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 0BAA 221 KB
77 KB 60ms
57ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0DRBVSJJB1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b2ee3ecd6868f4a2740b36025b04c7b992ca3a02c69985f75d076a2a5dedaba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78987
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 30 Mar 2023 15:16:15 GMT

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ Frame 0BAA 3 B
45 B 154ms
66ms XHR
application/json 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://give.marchofdimes.org
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/ Frame 0BAA 409 KB
165 KB 133ms
40ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6d3f75dcb2320ed386f2dcb0ef91e545558ded6c268cda18015869cb59658d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://give.marchofdimes.org/
Origin: https://give.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:04:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 721
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 167834
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 04:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 29 Mar 2024 15:04:14 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame E1EA 0
181 B 60ms
56ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=2n62y3m&ref=https%3A%2F%2Fmarchofdimes.org%2F&upid=b8lvzxo&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Thu, 30 Mar 2023 15:16:15 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 0BAA 183 KB
66 KB 61ms
58ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-794610601&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1fd0a6d8445524122307eb3228ed90648edd400b6881f1b909cb0d0d12df53cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67212
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Mar 2023 15:16:15 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 0BAA 131 KB
50 KB 56ms
53ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1071894384&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

857b5f687408604ae560898819ad94a3d43931ca7dabfc87e84b5e82d8e2c554

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51613
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Mar 2023 15:16:15 GMT

GET
H3 200 a
www.googletagmanager.com/ Frame 0BAA 0
11 B 67ms
64ms Image
text/html 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=DC-8832015&cv=1&v=3&t=t&pid=2115137731&rv=33r0&es=1&e=gtm.init_consent&eid=-1&h=Ag&tc=1&dl=give.marchofdimes.org%2F&tdp=DC-8832015;;0;0;0&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 td
www.googletagmanager.com/ Frame 0BAA 0
15 B 51ms
48ms Image
image/gif 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googletagmanager.com/td?id=DC-8832015&cv=1&v=3&t=t&pid=2115137731&rv=33r0&es=1&e=gtm.init_consent&eid=-1&h=Ag&tc=1&dl=give.marchofdimes.org%2F&tdp=DC-8832015;;0;0;0&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
server: Golfe2
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 a
www.googletagmanager.com/ Frame 0BAA 0
11 B 66ms
62ms Image
text/html 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=DC-8832015&cv=1&v=3&t=t&pid=2115137731&rv=33r0&es=1&e=gtm.init&eid=0&h=Ag&tc=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 a
www.googletagmanager.com/ Frame 0BAA 0
11 B 68ms
65ms Image
text/html 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=DC-8832015&cv=1&v=3&t=t&pid=2115137731&rv=33r0&es=1&e=gtm.js&eid=1&h=Ag&tc=1&tr=1rep&ti=1rep&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 a
www.googletagmanager.com/ Frame 0BAA 0
11 B 64ms
61ms Image
text/html 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=DC-8832015&cv=1&v=3&t=t&pid=2115137731&rv=33r0&es=1&e=gtag.config&eid=2&h=Ag&tc=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 a
www.googletagmanager.com/ Frame 0BAA 0
11 B 68ms
66ms Image
text/html 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=DC-8832015&cv=1&v=3&t=t&pid=2115137731&rv=33r0&es=1&e=gtm.dom&eid=4&h=Ag&tc=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK sessionstabilizer Show response
payments.amazon.com/gp/widgets/ Frame 0BAA 91 B
1 KB 543ms
158ms XHR
application/json 54.239.28.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.amazon.com/gp/widgets/sessionstabilizer?countryOfEstablishment=US&ledgerCurrency=USD&isSandbox=false

Requested by

Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.239.28.235 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

fb81694d1349900105001b23643fb19aee0afaaa11840b923981e91da0ea8129

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 15:16:15 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: HXC7984P0YB77AHX18C3
x-amzn-RequestId: HXC7984P0YB77AHX18C3
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 91

GET
H2 200 login.js Show response
static-na.payments-amazon.com/v2/ Frame 0BAA 45 KB
14 KB 50ms
43ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static-na.payments-amazon.com/v2/login.js
Requested by: Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-41.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e3bbafe726c7315d7ede88bfc9f78b6c5a75fa9579a2a75c68185e8e417b358

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: uVeYjuHskLaOMPAmopNG69r_gU0cMttC
content-encoding: gzip
via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
date: Thu, 30 Mar 2023 15:03:32 GMT
last-modified: Tue, 28 Mar 2023 10:19:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 764
x-amz-server-side-encryption: AES256
etag: W/"3d081405da933a88647fa70e8bebbca5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1200,public
x-amz-cf-id: IDAfqNtB1uemL6LE8uCm-zqbPq18ikYCDimWhp6wDoZuNMJ3E0j7VQ==

GET
H2 200 json Show response
trc.taboola.com/1335104/trc/3/ Frame 0BAA 3 KB
1 KB 62ms
59ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1335104/trc/3/json?tim=1680189375239&data=%7B%22id%22%3A306%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1680189375234%2C%22cv%22%3A%2220230326-2-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtruenorth-marchofdimes-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1680189375239%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%22%2C%22tos%22%3A4%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22ler%22%3A%22other%22%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a773ebaa09f389183f3d78fcfb810a1d4b81315ffe01c0027550237aa50f3534

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-vcl-time-ms: 19
date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: gzip
via: 1.1 varnish
x-served-by: cache-hhn-etou8220052-HHN
server: nginx
x-timer: S1680189375.261761,VS0,VE19
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ Frame 0BAA 2 B
22 B 49ms
48ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1377108416&t=pageview&_s=1&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&dr=https%3A%2F%2Fmarchofdimes.org%2F&ul=en-us&de=UTF-8&dt=March%20of%20Dimes%20Donation&sd=24-bit&sr=1600x1200&vp=736x560&je=0&_u=SCCAAUITQAAAACAAI~&jid=595603273&gjid=617022017&cid=1440869162.1680189374&tid=UA-219864-1&_gid=1237877152.1680189374&_r=1&gtm=457e33r0&jsscut=1&z=1330831747

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ Frame 0BAA 3 B
23 B 47ms
46ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1377108416&t=pageview&_s=1&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&dr=https%3A%2F%2Fmarchofdimes.org%2F&ul=en-us&de=UTF-8&dt=March%20of%20Dimes%20Donation&sd=24-bit&sr=1600x1200&vp=736x560&je=0&_u=SCCAAUITQAAAACAAI~&jid=&gjid=&cid=1440869162.1680189374&tid=UA-219864-60&_gid=1237877152.1680189374&_slc=1&gtm=45He33r0n81WNJ3K3P&z=335482693

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-4LjrHyeV3QUW4.js Show response
rules.quantcount.com/ Frame 0BAA 160 B
631 B 29ms
29ms Script
application/javascript 2600:9000:225f:b000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-4LjrHyeV3QUW4.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225f:b000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2aa9b0ccf31fe34e187c3b09bec7e9d8fccdeb48a5b2223d9f80df2a8790a6af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 14:21:57 GMT
via: 1.1 0cd2c3fbaf7659321a893cd5ab933aa4.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P2
age: 3259
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 23:45:31 GMT
server: AmazonS3
etag: "52b67ed0d6de08757c0affd0509ae576"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: r27F_e2m5NvO5awOYemNiZFg-wa0lRq9-hP7KT__pyb1_8rdbpqtJg==

GET
H3 200 1621384747882069 Show response
connect.facebook.net/signals/config/ Frame 0BAA 379 KB
108 KB 42ms
42ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1621384747882069?v=2.9.100&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c540fb6c113d965f842e6205921df5e238d36780c249e0794962ac5069c5d5f3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 30 Mar 2023 15:16:15 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110934
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: lPQBI12B4ifN6FITS91lmqgo92o/KrguPi1ce5YwGtx/S2qM/fjACZ6+9ZDB6runx1br9TqxaYrFdh3qz+YhJg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 / Show response
activity.wisepops.com/ Frame 0BAA 0
271 B 149ms
147ms XHR
text/plain 2606:4700:20::681a:b13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://activity.wisepops.com/?v=1.4.2&site=HmKchyy73N
Requested by: Host: loader.wisepops.com
URL: https://loader.wisepops.com/get-loader.js?v=1&site=HmKchyy73N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jJy2kkDkXMq3fKL%2FgTGmxzTs36bNFoHI61o3z%2FgVm73tkKqLdihGM1El9nUU4Qsb8cDN3tyAmLaduCc92xP1RSx8B5z1K2hgdfk7QeuzyA6l7m%2BEGAXG519vxyfNKa0%2FdbvQ%2FrIYMr0I5lodMjtnAP0XXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7b01500cecb79960-FRA
content-length: 0

OPTIONS
H2 200 /
activity.wisepops.com/ Frame 0
0 147ms
145ms Preflight 2606:4700:20::681a:b13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://activity.wisepops.com/?v=1.4.2&site=HmKchyy73N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
cf-cache-status: DYNAMIC
cf-ray: 7b01500bfb459960-FRA
content-length: 0
date: Thu, 30 Mar 2023 15:16:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FChFn0t75zEgQJqENvg9UbLkV738exDwPSyifEwZFzr7WnJXvomFxETCqhuKODJS8NUTqk%2BB3xk3s%2Bcjgb0F1DTf%2BoC65dIHaGAecoyC%2FXk8BSNJxNcwOQa2qB3Ax0wl4tZdDEwZZgXlKx7Vg1dF9BTBSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230328/r20110914/elements/html/ Frame 0BAA 11 KB
4 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230328/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=961347434074?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:40:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4123
x-xss-protection: 0
server: cafe
etag: 4541610132340792384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Apr 2023 18:40:17 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0BAA 0
0 78ms
78ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsun1N2g9GKzlSdlcp_-gsE8nnzydF8nRmsLrYq6nqi3xG-rZ-6j0xmaoTjO3eX_JAcAyvKs1J9PYNRUYOsRBSWHUN8RrnM_ExcN2LzlV_V9yGzixCmJqJfwp1I0EkdjtVkkOIO6s_uue8RwNc-GtSJF7iR_b3JxrvpsNCu2gg&sai=AMfl-YR0as_BpfQf1KLHud6yOmUCbtwkFlQ_vOlls1emLfkTLSWvGVeZAo9es_ktQOYtg6reB5CcQRc70VdLn08J0kDy1nt_nRVXVoyIpQ&sig=Cg0ArKJSzLAbTI7XuhLEEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cisv=r20230328.45075&arae=0&ftch=1&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=961347434074?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 30 Mar 2023 15:16:15 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ Frame 0BAA 0
67 B 54ms
51ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-0DRBVSJJB1&gtm=45je33r0&_p=1377108416&cid=1440869162.1680189374&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1680189373&sct=1&seg=1&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&dr=https%3A%2F%2Fmarchofdimes.org%2F&dt=March%20of%20Dimes%20Donation&en=page_view
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0DRBVSJJB1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ Frame 8EB1 44 KB
15 KB 59ms
57ms Script
application/javascript 2a02:2638:3::e
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=81237

Requested by

Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::e , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

982d7ffdc626ce6cdd5acf310b6bc7a71ba48ae70bb6fb52661b29f18be67cf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 204 Pixels
px.adentifi.com/ Frame 8EB1 0
34 B 119ms
117ms Image
text/plain 34.201.238.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.adentifi.com/Pixels?a_id=3404;uq=2022881520;
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.201.238.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-201-238-83.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT

GET
H2 200 dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=*;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3...
adservice.google.com/ddm/fls/z/ Frame 8EB1 42 B
107 B 88ms
77ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=*;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 25017097.js Show response
bat.bing.com/p/action/ Frame 0BAA 0
118 B 167ms
165ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25017097.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 30 Mar 2023 15:16:15 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 975DC9F57D9441B5A974D218614488C0 Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:15Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ Frame 0BAA 0
122 B 65ms
62ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25017097&tm=gtm002&Ver=2&mid=b57a3441-9c93-47e2-ae7c-79b2e9b0a65c&sid=cf5a6f20cf0d11ed8f76b17f68e9369d&vid=cf5a7ba0cf0d11ed8a3c47c740a5264b&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=March%20of%20Dimes%20Donation&p=https%3A%2F%2Fmarchofdimes.org%2F&r=&lt=1213&evt=pageLoad&ifm=1&sv=1&rn=430322

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 30 Mar 2023 15:16:14 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 82EBFB4C8A934A0DAE302CA5D8315B6F Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:15Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 8EB1 107 KB
27 KB 56ms
46ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dbf060c555e91a539d9cb849f4aa0c656db9b0a1da32c99aafb12d7c508c6849

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 30 Mar 2023 15:16:15 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27909
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: SZnx2E+02m/HbT7F06Z7xFLwqLw7LfGA90mutUTgwR4ZSxLBPRe6CR0uClJsREpsUSIWpPgy6r/VQlQAXgZMrg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 8EB1 22 KB
9 KB 53ms
43ms Script
application/javascript 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: gzip
etag: "DUHyBE1e2vdA+NAhXV6BXg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Thu, 06 Apr 2023 15:16:15 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ Frame 8EB1 40 KB
12 KB 73ms
63ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 30 Mar 2023 15:16:15 GMT
last-modified: Thu, 16 Feb 2023 18:31:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6647048A68A24C959AB1DCB05E0FA595 Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:15Z
etag: "8072cff03442d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11894

GET
H/1.1 200
OK pixel.js Show response
origin.acuityplatform.com/event/v2/ Frame 8EB1 2 KB
3 KB 172ms
48ms Script
application/javascript 23.206.116.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://origin.acuityplatform.com/event/v2/pixel.js
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.206.116.8 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-206-116-8.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 /
Resource Hash: 89cf66cb9de8da20fc15e9953845dd4d1de2c0fb465c827a09d818449222c533

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 15:16:15 GMT
Last-Modified: Wed, 04 Jan 2023 18:57:40 GMT
Server: nginx/1.14.0
ETag: "63b5cc24-978"
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2424

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ Frame 0BAA 1 B
350 B 156ms
48ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-219864-1&cid=1440869162.1680189374&jid=595603273&gjid=617022017&_gid=1237877152.1680189374&_u=SCCAAUISQAAAACAAI~&z=818437231

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 30 Mar 2023 15:16:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071894384/ Frame 0BAA 4 KB
1 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071894384/?random=1680189375455&cv=11&fst=1680189375455&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023m&ref=https%3A%2F%2Fmarchofdimes.org%2F&hn=www.googleadservices.com&frm=2&tiba=March%20of%20Dimes%20Donation&auid=212508955.1680189373&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1071894384&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1ad44df389ce4b651d59bb2db6105bec849138d5f56df55e7a6de9ae50e81893

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1407
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/794610601/ Frame 0BAA 4 KB
1 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/794610601/?random=1680189375483&cv=11&fst=1680189375483&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023m&ref=https%3A%2F%2Fmarchofdimes.org%2F&hn=www.googleadservices.com&frm=2&tiba=March%20of%20Dimes%20Donation&auid=212508955.1680189373&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-794610601&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a066d6c942526152af579203cd19d9e9c9bf270786bf1cee1149ea94b3bf29b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1407
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame B097 47 KB
26 KB 65ms
63ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf_Xq4UAAAAAHd1hKHMAy-iydWdiqmt5E-IKeak&co=aHR0cHM6Ly9naXZlLm1hcmNob2ZkaW1lcy5vcmc6NDQz&hl=de&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&cb=lf5n8t2yg8vh

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d965ec7a5f8f5ec6d4790ba72cff6405a11ec9bbeb34f44df43948a5be072fc8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hIKMa7u7ZHRQZfu350bg5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://give.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 26101
content-security-policy: script-src 'report-sample' 'nonce-hIKMa7u7ZHRQZfu350bg5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 30 Mar 2023 15:16:15 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

OPTIONS
H2 200 graphql
payments.braintree-api.com/ Frame 0
0 176ms
47ms Preflight 76.223.13.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.223.13.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,braintree-version,content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-headers: authorization,braintree-version,content-type
access-control-allow-methods: GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://give.marchofdimes.org
access-control-max-age: 1800
date: Thu, 30 Mar 2023 15:16:15 GMT
paypal-debug-id: a14f0cd363744
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-frame-options: DENY

POST
H2 200 graphql Show response
payments.braintree-api.com/ Frame 0BAA 2 KB
1 KB 474ms
461ms XHR
application/json 76.223.13.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.223.13.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

0aed1fef5b58e8072dfe4226d14008e81a7752e5359c448c1beb537547d8ad13

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE2ODAyNzU3NzUsImp0aSI6ImU4NmEwM2U4LTNkYTEtNDcwYi04ZTMyLTQ3Yjk5MDAyYzM1MyIsInN1YiI6InNoY3g1OHNwMjhuYnhrbjUiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6InNoY3g1OHNwMjhuYnhrbjUiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0Ijp0cnVlfSwicmlnaHRzIjpbIm1hbmFnZV92YXVsdCJdLCJzY29wZSI6WyJCcmFpbnRyZWU6VmF1bHQiXSwib3B0aW9ucyI6e319.8uVwL6-S_dCQ7EiBQ4SyKO5Kf_ARsb08b5gDeKhQHjOtmbKeR0YK5vVb2KjW0tVzolGifQRKdUqnL7rQnlbpZw
Braintree-Version: 2018-05-10
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
server: nginx
vary: Braintree-Version, Accept-Encoding
braintree-version: 2016-10-07
content-type: application/json
access-control-allow-origin: https://give.marchofdimes.org
paypal-debug-id: 3a0c4cf128df4
cache-control: no-cache, no-store
x-frame-options: DENY
content-length: 1085

GET
H2 200 1.js Show response
cdn.ywxi.net/js/ Frame 0BAA 19 KB
5 KB 198ms
41ms Script
text/javascript 2600:9000:225e:d400:14:6bfc:5740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ywxi.net/js/1.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/app.c44d9fa4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:d400:14:6bfc:5740:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ee01d40bfdd77aba5652b3ff93095712b618a6a2cc2637828bd875979cfe9cb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:05:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 629
content-security-policy-report-only: report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
x-cache: Hit from cloudfront
content-length: 4567
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-trace: 2B144A4E531C5D0018F124487A13B691579EE7A2C3000000000000000000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-cf-id: AUeW3bhLHaMqjGtV1-VOer5U-dF4IME2P1Yvgvj_mW0mHiIpcZ4LMg==
expires: Thu, 30 Mar 2023 16:05:45 GMT

GET
H2 200 btn-cc.png
give.marchofdimes.org/images/ Frame 0BAA 2 KB
2 KB 152ms
149ms Image
image/webp 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.marchofdimes.org/images/btn-cc.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8ab6178ed23ee18aa7ea5b16f2114096645d98ab305ba16d290cb80e5dc9760a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=4748
x-powered-by: ASP.NET
content-disposition: inline; filename="btn-cc.webp"
content-length: 2396
cf-bgj: imgq:100,h2pri
last-modified: Thu, 23 Sep 2021 10:57:16 GMT
server: cloudflare
etag: "594b8fc569b0d71:0"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 7b01500dab402bc6-FRA

GET
H2 200 btn-paypal.png
give.marchofdimes.org/images/ Frame 0BAA 2 KB
2 KB 149ms
147ms Image
image/webp 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.marchofdimes.org/images/btn-paypal.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9ec3bd6685fcfcc08d6ea574d16db5da8622d5a713ce934ef443dc742330ab89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=4393
x-powered-by: ASP.NET
content-disposition: inline; filename="btn-paypal.webp"
content-length: 1800
cf-bgj: imgq:100,h2pri
last-modified: Thu, 23 Sep 2021 10:57:16 GMT
server: cloudflare
etag: "594b8fc569b0d71:0"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 7b01500dab452bc6-FRA

GET
H2 200 btn-amazon.png
give.marchofdimes.org/images/ Frame 0BAA 2 KB
2 KB 153ms
151ms Image
image/webp 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.marchofdimes.org/images/btn-amazon.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e739a94ded503457c8474ba4f648ecf57407f6d97638e67adabe221d1b761cd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=4754
x-powered-by: ASP.NET
content-disposition: inline; filename="btn-amazon.webp"
content-length: 1690
cf-bgj: imgq:100,h2pri
last-modified: Thu, 23 Sep 2021 10:57:16 GMT
server: cloudflare
etag: "67248fc569b0d71:0"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 7b01500dab462bc6-FRA

GET
H2 200 gximage2
widgets.guidestar.org/ Frame 0BAA 11 KB
4 KB 567ms
412ms Image
image/svg+xml 172.67.23.169
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.guidestar.org/gximage2?o=6906404&l=v4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.23.169 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 60545e054ec3ed32276ff337a4775973165502a5d7420dcbe0c7c3c1e3136d6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:16 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/svg+xml
cache-control: no-cache
cf-ray: 7b01500e9bfa9b51-FRA
expires: -1

GET
H2 200 bbb.png
give.marchofdimes.org/images/ Frame 0BAA 5 KB
5 KB 151ms
150ms Image
image/webp 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.marchofdimes.org/images/bbb.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 4388358f8e4ced0256b18ac97d008fee4081daa03fe7dd685a3104ee936706d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&DonationFormId=270&urlReferer=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=6993
x-powered-by: ASP.NET
content-disposition: inline; filename="bbb.webp"
content-length: 5082
cf-bgj: imgq:100,h2pri
last-modified: Thu, 23 Sep 2021 10:57:16 GMT
server: cloudflare
etag: "67248fc569b0d71:0"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 7b01500dab492bc6-FRA

GET
H/1.1 200
OK accountStatus Show response
payments.amazon.com/merchantAccount/A24SJ7EJ7ID1HK/ Frame 0BAA 34 B
407 B 513ms
146ms XHR
application/json 54.239.28.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.amazon.com/merchantAccount/A24SJ7EJ7ID1HK/accountStatus?countryOfEstablishment=US&ledgerCurrency=USD&originDomain=https://give.marchofdimes.org&storeId=amzn1.application-oa2-client.e1ff19fc46434acbbc47678d3a8496e3

Requested by

Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.239.28.235 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

6daf092c820d6323f36c5ddad13658cf42a525808c69025cc3e7a36d76ab5508

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: PMRNFG5CH6PG0RB1T9EB
x-amzn-RequestId: PMRNFG5CH6PG0RB1T9EB
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 34

GET
H2 200 Graphik-Bold.ttf
give.marchofdimes.org/fonts/ Frame 0BAA 148 KB
148 KB 188ms
187ms Font
application/octet-stream 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/fonts/Graphik-Bold.ttf
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/css/app.6d5de37d.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f2f5cb21c545b0010b10a9bc7762a5376f5df10cd53aeb2db765d28afb109e9f

Request headers

Referer: https://give.marchofdimes.org/css/app.6d5de37d.css
Origin: https://give.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 19:08:50 GMT
server: cloudflare
etag: "889615296489d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 7b01500dbb732bc6-FRA
content-length: 151108

GET
H2 200 Graphik-Regular.ttf
give.marchofdimes.org/fonts/ Frame 0BAA 145 KB
146 KB 160ms
159ms Font
application/octet-stream 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/fonts/Graphik-Regular.ttf
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/css/app.6d5de37d.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8fc17a517bcaafe39e7c2106483762f877897aa0c22ab9dd472c1cde12188626

Request headers

Referer: https://give.marchofdimes.org/css/app.6d5de37d.css
Origin: https://give.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 19:08:50 GMT
server: cloudflare
etag: "7fbd15296489d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 7b01500dbb762bc6-FRA
content-length: 148868

GET
H2 204 unip Show response
trc-events.taboola.com/1335104/log/3/ 0
247 B 297ms
41ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1335104/log/3/unip?en=pre_d_eng_tb&tos=1750&scd=0&ssd=1&est=1680189373878&ver=36&isls=true&src=i&invt=1500&msa=362&rv=1&tim=1680189375630&vi=1680189373875&ri=671a4c06179bc54cc2acf48548bc773d&ref=null&cv=20230326-2-RELEASE&item-url=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&ler=other
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-origin: https://marchofdimes.org
pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 pixel;r=584160178;source=gtm;rf=0;a=p-4LjrHyeV3QUW4;url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023mar...
pixel.quantserve.com/ Frame 0BAA 35 B
210 B 45ms
44ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=584160178;source=gtm;rf=0;a=p-4LjrHyeV3QUW4;url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002;ref=https%3A%2F%2Fmarchofdimes.org%2F;uht=2;fpan=0;fpa=P0-1839879569-1680189373857;pbc=;ns=1;ce=1;qjs=1;qv=93f4cf8b-20230329153214;cm=;gdpr=0;d=marchofdimes.org;dst=0;et=1680189375642;tzo=0;ogl=;ses=50b73398-87cb-4673-b82a-2b272bd751d6

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/ Frame B097 55 KB
24 KB 181ms
81ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf_Xq4UAAAAAHd1hKHMAy-iydWdiqmt5E-IKeak&co=aHR0cHM6Ly9naXZlLm1hcmNob2ZkaW1lcy5vcmc6NDQz&hl=de&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&cb=lf5n8t2yg8vh

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 14:22:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3244
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 04:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 29 Mar 2024 14:22:11 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/ Frame B097 409 KB
164 KB 212ms
112ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6d3f75dcb2320ed386f2dcb0ef91e545558ded6c268cda18015869cb59658d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:04:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 721
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 167834
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 04:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 29 Mar 2024 15:04:14 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 0BAA 0
18 B 79ms
78ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1621384747882069&ev=PageView&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&rl=https%3A%2F%2Fmarchofdimes.org%2F&if=true&ts=1680189375670&sw=1600&sh=1200&v=2.9.100&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1680189374411.1122426364&it=1680189375262&coo=false&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 30 Mar 2023 15:16:15 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2

200

sync
x.bidswitch.net/ul_cb/ Frame 11A5
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-fX_grrHtrRYuXguIBhMNMkxE44PbKKpoWajHnA&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-fX_grrHtrRYuXguIBhMNMkxE44PbKKpoWajHnA&expires=30

43 B
345 B

61ms
41ms

Image
image/gif

3.122.123.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-fX_grrHtrRYuXguIBhMNMkxE44PbKKpoWajHnA&expires=30
Protocol: H2
Server: 3.122.123.120 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-123-120.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-fX_grrHtrRYuXguIBhMNMkxE44PbKKpoWajHnA&expires=30
date: Thu, 30 Mar 2023 15:16:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 11A5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_cm&google_hm=ay1GbzRvWkxIdHJSWXVYZ3VJQmhNTk1reEU0NE5DaklMW...
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_gid=CAESEGm1CeVgs0KpvZGC0xrXvjc&google_cver=1&google_ula=913071,0

43 B
369 B

45ms
44ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_gid=CAESEGm1CeVgs0KpvZGC0xrXvjc&google_cver=1&google_ula=913071,0

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 626370
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_gid=CAESEGm1CeVgs0KpvZGC0xrXvjc&google_cver=1&google_ula=913071,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 11A5
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=8797879658784963421

43 B
370 B

48ms
44ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=8797879658784963421

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1027853
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 30 Mar 2023 15:16:15 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.103; 80.255.7.103; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 4dcb8ae8-16e8-4a7f-ad7e-20fa849e0a73
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=8797879658784963421
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce
secure.adnxs.com/ Frame 11A5
Redirect Chain

https://secure.adnxs.com/setuid?entity=52&code=k-InofSbHtrRYuXguIBhMNMkxE44PTZBJf7F0fiA
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-InofSbHtrRYuXguIBhMNMkxE44PTZBJf7F0fiA

43 B
1 KB

49ms
45ms

Image
image/gif

185.89.211.12
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-InofSbHtrRYuXguIBhMNMkxE44PTZBJf7F0fiA

Protocol

HTTP/1.1

Server

185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Mar 2023 15:16:16 GMT
AN-X-Request-Uuid: 491a9f22-dddd-4453-9552-f4cbc3d81ad4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 80.255.7.103; 80.255.7.103; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Mar 2023 15:16:15 GMT
AN-X-Request-Uuid: c1ab3859-1d73-4e9b-93e4-2b3736216e0f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-InofSbHtrRYuXguIBhMNMkxE44PTZBJf7F0fiA
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.103; 80.255.7.103; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cksync.php
contextual.media.net/ Frame 11A5 61 B
802 B 276ms
70ms Image
image/gif 88.221.168.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-1aVPcbHtrRYuXguIBhMNMkxE44PcUk5TiKjXDw

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

88.221.168.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a88-221-168-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 30 Mar 2023 15:16:15 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Thu, 30 Mar 2023 15:16:15 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 11A5 0
239 B 251ms
43ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-ht-V47HtrRYuXguIBhMNMkxE44PvODHGBdJIHQ&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 v1
match.sharethrough.com/sync/ Frame 11A5 0
35 B 500ms
38ms Image
text/plain 3.127.20.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-Xr4aWbHtrRYuXguIBhMNMkxE44P6cF1awg602w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.20.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-20-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 11A5 43 B
163 B 253ms
54ms Image
image/gif 185.86.138.153
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-mglJMrHtrRYuXguIBhMNMkxE44P_YAxFXReqhg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.153 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 11A5 0
99 B 248ms
42ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-sFf8NbHtrRYuXguIBhMNMkxE44NecZNNkbvfZA
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:15 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 42812

GET
H2 200 um
criteo-sync.teads.tv/ Frame 11A5 23 B
172 B 277ms
72ms Image
image/gif 2.23.197.36
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-cz4FDbHtrRYuXguIBhMNMkxE44NTYZSmzaYMwA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.197.36 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-197-36.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

expires: Thu, 30 Mar 2023 15:16:15 GMT
pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2 200 xuid
eb2.3lift.com/ Frame 11A5 37 B
140 B 157ms
42ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-OsU2QLHtrRYuXguIBhMNMkxE44P-sw1H7M8VIQ&dongle=013b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58301/ Frame 11A5
Redirect Chain

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-ALzEQbHtrRYuXguIBhMNMkxE44NDAB0lAQO1ag
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-ALzEQbHtrRYuXguIBhMNMkxE44NDAB0lAQO1ag&verify=true

0
121 B

48ms
47ms

Image
text/plain

3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-ALzEQbHtrRYuXguIBhMNMkxE44NDAB0lAQO1ag&verify=true

Protocol

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-ALzEQbHtrRYuXguIBhMNMkxE44NDAB0lAQO1ag&verify=true
date: Thu, 30 Mar 2023 15:16:16 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 pixel
cm.adform.net/ Frame 11A5 43 B
163 B 144ms
39ms Image
image/gif 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-MevFZLHtrRYuXguIBhMNMkxE44PjBSHpr_o2lg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
last-modified: Fri, 18 Nov 2022 14:41:46 GMT
server: nginx
accept-ranges: bytes
etag: "637799aa-2b"
content-length: 43
content-type: image/gif

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame 11A5 49 B
235 B 177ms
51ms Image
image/gif 185.255.84.153
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-PKtU2rHtrRYuXguIBhMNMkxE44PLQ-W_3NrqOA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.153 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 2
content-length: 49
expires: 0

GET
H/1.1

200
OK

rum
r.casalemedia.com/ Frame 11A5
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-nw1MIbHtrRYuXguIBhMNMkxE44NJ5Cqmad6SRw
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-nw1MIbHtrRYuXguIBhMNMkxE44NJ5Cqmad6SRw&C=1

43 B
766 B

58ms
42ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-nw1MIbHtrRYuXguIBhMNMkxE44NJ5Cqmad6SRw&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=20&external_user_id=k-nw1MIbHtrRYuXguIBhMNMkxE44NJ5Cqmad6SRw&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 11A5
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=rYc7DiApsnVq4v0w87MILutSs6aeWEoM
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=rYc7DiApsnVq4v0w87MILutSs6aeWEoM

42 B
942 B

61ms
60ms

Image
image/gif

52.209.140.203
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=rYc7DiApsnVq4v0w87MILutSs6aeWEoM

Protocol

HTTP/1.1

Server

52.209.140.203 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-209-140-203.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v046-0f71a5189.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: LDRHqv4JQuc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v046-0b284ccfd.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: SDbPvbynRT4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=rYc7DiApsnVq4v0w87MILutSs6aeWEoM
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200 9.gif
id5-sync.com/s/966/ Frame 11A5 43 B
1 KB 160ms
49ms Image
image/gif 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/966/9.gif?puid=k-cJgpqrHtrRYuXguIBhMNMkxE44NQScuoAlfYxw

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Thu, 30 Mar 2023 15:16:15 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H2

200

match
ad.360yield.com/ul_cb/ Frame 11A5
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-DJjlNLHtrRYuXguIBhMNMkxE44NTONaOCH92Lg
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-DJjlNLHtrRYuXguIBhMNMkxE44NTONaOCH92Lg

43 B
448 B

57ms
56ms

Image
image/gif

54.72.214.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-DJjlNLHtrRYuXguIBhMNMkxE44NTONaOCH92Lg
Protocol: H2
Server: 54.72.214.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-214-60.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 30 Mar 2023 15:16:16 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-DJjlNLHtrRYuXguIBhMNMkxE44NTONaOCH92Lg
date: Thu, 30 Mar 2023 15:16:16 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 sync
matching.ivitrack.com/ Frame 11A5 42 B
274 B 165ms
46ms Image
image/gif 34.117.157.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-AI6-G7HtrRYuXguIBhMNMkxE44Ntg4Bl5PdSyg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.157.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 push
exchange.mediavine.com/usersync/ Frame 11A5 0
885 B 174ms
59ms Image
text/html 18.192.109.166
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-UJnr9bHtrRYuXguIBhMNMkxE44MJ2hnM2C8M0w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.109.166 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-109-166.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
cache-control: private, no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame 11A5 0
145 B 523ms
129ms Image
text/plain 70.42.32.63
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-IPy0W7HtrRYuXguIBhMNMkxE44MnpxHaRhygJw&initiator=partner
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.63 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Cache-Control: no-cache
X-TraceId: aeae7e6f8808e4060dd1c8106b45b088
Content-Length: 0

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 11A5 42 B
580 B 190ms
42ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-z12wV7HtrRYuXguIBhMNMkxE44NPlm6GgVMitg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 30 Mar 2023 15:16:16 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame 11A5 43 B
408 B 387ms
129ms Image
image/gif 2600:1f18:612b:4200:56a9:a863:35fa:3ae3
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-aHdSfrHtrRYuXguIBhMNMkxE44NXQhyJtMPo4w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:56a9:a863:35fa:3ae3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Thu, 30 Mar 2023 15:16:16 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H2 200 getusermatch.php
a.twiago.com/rtb/ Frame 11A5 43 B
153 B 138ms
33ms Image
image/gif 85.215.5.31
CRONON-BERLIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-_3go9rHtrRYuXguIBhMNMkxE44Peup7mWZuq0Q
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.215.5.31 Berlin, Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software: Apache / PHP/7.3.30
Resource Hash: 5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 30 Mar 2023 15:16:16 GMT
server: Apache
x-powered-by: PHP/7.3.30
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame 11A5 0
400 B 185ms
64ms Image
text/plain 2.22.155.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-noeP1bHtrRYuXguIBhMNMkxE44P7hvFGIhMNXA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.22.155.103 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-22-155-103.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Mar 2023 15:16:16 GMT
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
Expires: Wed, 29 Mar 2023 15:16:16 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame 11A5 0
38 B 212ms
60ms Image
text/plain 63.32.242.157
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-TqTwlLHtrRYuXguIBhMNMkxE44OVmWm5aM2-Kw&pn_id=criteo&ext=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.242.157 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-242-157.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
content-length: 0

GET
H2

200

event Show response
widget.us.criteo.com/ Frame 8EB1
Redirect Chain

https://sslwidget.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFm...
https://widget.us.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFm...

8 KB
4 KB

213ms
131ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.us.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFmS09Zd2ljUjZONGwxbWJTUDVoM3gwQ1pUa3lrMVlzYWxKSzBRWTZLMHh1SEg1Y0ZnWE5uOWNuVWxGa1hDaHFiWUw0ME9tOFBkaCUyQlZ2S1JBdFdHVEslMkZhR09ZazkyWk4lMkZwRHh2eXNRTGk1VkdqTjU1MlZkUXU2MVhMVFR6M0wlMkJ3b0p5MWRkS0Q4YzF6ekNGVGxVYyUzRA&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fmarchofdimes.org&pu=https%253A%252F%252Fmarchofdimes.org&dtycbr=29702

Requested by

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

9bcf1193b342ee5bbc99039eb01d044f70464d8e3b1fe1b2a0f47fec121fcebe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
content-type: application/x-javascript
access-control-allow-origin: *
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 9220816
timing-allow-origin: *
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://widget.us.criteo.com/event?a=81237&v=5.14.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFmS09Zd2ljUjZONGwxbWJTUDVoM3gwQ1pUa3lrMVlzYWxKSzBRWTZLMHh1SEg1Y0ZnWE5uOWNuVWxGa1hDaHFiWUw0ME9tOFBkaCUyQlZ2S1JBdFdHVEslMkZhR09ZazkyWk4lMkZwRHh2eXNRTGk1VkdqTjU1MlZkUXU2MVhMVFR6M0wlMkJ3b0p5MWRkS0Q4YzF6ekNGVGxVYyUzRA&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fmarchofdimes.org&pu=https%253A%252F%252Fmarchofdimes.org&dtycbr=29702
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 7265001
timing-allow-origin: *
content-length: 0
expires: 0

GET
H3 200 812396462484872 Show response
connect.facebook.net/signals/config/ Frame 8EB1 378 KB
108 KB 88ms
47ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/812396462484872?v=2.9.100&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f283fcbda7992093172d1d5d1a3ecc85437378723d6d1b1cc5d3f7a18a9e54cd

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 30 Mar 2023 15:16:15 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110663
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: dCHt8h1DUK6oLXC3GxqVX8woujki+CaDJDeXfYF3g1oS/7HUU3yxS4yprfGTeZkhlvM/bTPzcCCGllHRLdqHWg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 459B 15 KB
6 KB 79ms
50ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=marchofdimes.org&origin=onetag

Requested by

Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=81237

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3014acc16bf3744b41bb869785bf686290d9834a5e6f69d4583c4e39fca26bff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://8832015.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 30 Mar 2023 15:16:15 GMT
server: Kestrel
server-processing-duration-in-ticks: 862503
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 /
www.google.com/pagead/1p-user-list/1071894384/ Frame 0BAA 42 B
64 B 139ms
117ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1071894384/?random=1680189375455&cv=11&fst=1680188400000&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023m&ref=https%3A%2F%2Fmarchofdimes.org%2F&frm=2&tiba=March%20of%20Dimes%20Donation&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1879040434&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1071894384/ Frame 0BAA 42 B
108 B 78ms
53ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1071894384/?random=1680189375455&cv=11&fst=1680188400000&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023m&ref=https%3A%2F%2Fmarchofdimes.org%2F&frm=2&tiba=March%20of%20Dimes%20Donation&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1879040434&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/794610601/ Frame 0BAA 42 B
64 B 126ms
109ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/794610601/?random=1680189375483&cv=11&fst=1680188400000&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023m&ref=https%3A%2F%2Fmarchofdimes.org%2F&frm=2&tiba=March%20of%20Dimes%20Donation&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3693983523&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/794610601/ Frame 0BAA 42 B
108 B 76ms
52ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/794610601/?random=1680189375483&cv=11&fst=1680188400000&bg=ffffff&guid=ON&async=1&gtm=45be33r0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023m&ref=https%3A%2F%2Fmarchofdimes.org%2F&frm=2&tiba=March%20of%20Dimes%20Donation&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3693983523&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pj Show response
e.acuityplatform.com/ Frame 8EB1 1 KB
2 KB 337ms
47ms Script
text/javascript 154.59.122.94
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://e.acuityplatform.com/pj?pk=8367128157478054027&pu=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCLLz8Zb5g_4CFdZHHgIdGjEOxg%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Dgen%3Bord%3D4882697559540%3Bgtm%3D45He33r0%3Bauiddc%3D212508955.1680189373%3B~oref%3Dhttps%253A%252F%252Fgive.marchofdimes.org%252F%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%2526DonationFormId%253D270%2526urlReferer%253Dhttps%25253A%25252F%25252Fmarchofdimes.org%25252Fdonate-now%25253FsrcCode%25253DGGGGENEM2303CMR00131002%252526utm_medium%25253Demail%252526utm_source%25253Dmandr%252526utm_campaign%25253D2023march%252526utm_content%25253Dem-nat-mandr-2023march-2023-03-29-email-4%252526mkto%25253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%3F&pixelKey=8367128157478054027
Requested by: Host: origin.acuityplatform.com
URL: https://origin.acuityplatform.com/event/v2/pixel.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.59.122.94 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: 75e97846addb18b03d27c2569a76ecbecf3f1729b701b4c708145e1d9d602a8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Content-Length: 1152
Content-Type: text/javascript

GET
H2 204 25042596.js Show response
bat.bing.com/p/action/ Frame 8EB1 0
119 B 164ms
143ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25042596.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 30 Mar 2023 15:16:15 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7270C904E75C49AAB4B0B167AC74A26B Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:15Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ Frame 8EB1 0
122 B 77ms
64ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25042596&Ver=2&mid=5148c460-06fd-4905-ac10-d61e799e5a1e&sid=cf745cb0cf0d11edb731271a54f9b0d6&vid=cf752930cf0d11ed9d1cbb436de4ba09&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fgive.marchofdimes.org%2F&r=&lt=398&evt=pageLoad&ifm=1&sv=1&rn=858165

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 30 Mar 2023 15:16:15 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 505379B66B2041B5BA35AABEB39DAD7A Ref B: FRA31EDGE0805 Ref C: 2023-03-30T15:16:15Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-uyn8UnTsRXguL.js Show response
rules.quantcount.com/ Frame 8EB1 5 KB
2 KB 43ms
32ms Script
application/javascript 2600:9000:225f:b000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-uyn8UnTsRXguL.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225f:b000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d375fb8f67575a449606683fc8be339674f03ff2fee1c42e632564d0b207c3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:05:21 GMT
content-encoding: gzip
via: 1.1 0cd2c3fbaf7659321a893cd5ab933aa4.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P2
age: 655
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Thu, 13 Oct 2022 15:08:42 GMT
server: AmazonS3
etag: W/"b4a376a3ece8af98e7567e60db986dc9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-id: KFuPJGI4qKaOsSvuO_apbFGV3hC1tOCCMzitlukkcgFkUzY3TVD5IA==

POST
H/1.1 200
OK uedata Show response
apay-us.amazon.com/cs/ Frame 0BAA 0
440 B 522ms
134ms XHR
application/json 52.46.131.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://apay-us.amazon.com/cs/uedata

Requested by

Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.131.6 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 8YRPGNCH6FX55762E3JR
x-amzn-RequestId: 8YRPGNCH6FX55762E3JR
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK abTestV2 Show response
payments.amazon.com/ Frame 0BAA 327 B
769 B 129ms
129ms XHR
application/json 54.239.28.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.amazon.com/abTestV2?countryOfEstablishment=US&ledgerCurrency=USD&isSandbox=false&encryptedSessionId=Wt%252BwaPdTJKqARrGU47uXvd1KsIIE7eMaxBe38rOtlkFJFX0ySv%252FcDnhnNJvHuOU%253D&merchantId=A24SJ7EJ7ID1HK

Requested by

Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.239.28.235 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

ef783ddf3214504338e74ae68ad1cb5229f3e8519eb4a539bb964deb38864ca9

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 15:16:15 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: Z85PQFCNH27P5FZRCWM4
x-amzn-RequestId: Z85PQFCNH27P5FZRCWM4
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 327

GET
H2 200 pixel;r=238729371;labels=_fp.channel.marchofdimes;rf=0;a=p-uyn8UnTsRXguL;url=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCLLz8Zb5g_4CFdZHHgIdGjEOxg%3Bsrc%3D8832015%3Btype%3Drt%...
pixel.quantserve.com/ Frame 8EB1 35 B
210 B 105ms
40ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=238729371;labels=_fp.channel.marchofdimes;rf=0;a=p-uyn8UnTsRXguL;url=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCLLz8Zb5g_4CFdZHHgIdGjEOxg%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Dgen%3Bord%3D4882697559540%3Bgtm%3D45He33r0%3Bauiddc%3D212508955.1680189373%3B~oref%3Dhttps%253A%252F%252Fgive.marchofdimes.org%252F%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%2526DonationFormId%253D270%2526urlReferer%253Dhttps%25253A%25252F%25252Fmarchofdimes.org%25252Fdonate-now%25253FsrcCode%25253DGGGGENEM2303CMR00131002%252526utm_medium%25253Demail%252526utm_source%25253Dmandr%252526utm_campaign%25253D2023march%252526utm_content%25253Dem-nat-mandr-2023march-2023-03-29-email-4%252526mkto%25253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%3F;ref=https%3A%2F%2Fgive.marchofdimes.org%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=0;fpa=P0-166004688-1680189374049;pbc=;ns=1;ce=1;qjs=1;qv=93f4cf8b-20230329153214;cm=;gdpr=0;d=8832015.fls.doubleclick.net;dst=0;et=1680189375812;tzo=0;ogl=;ses=6cdc630d-74da-4cf5-af4c-ce432b22df1c

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK client.json Show response
s3-us-west-2.amazonaws.com/mfesecure-public/host/give.marchofdimes.org/ Frame 0BAA 213 B
1 KB 738ms
248ms XHR
application/json 3.5.86.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/mfesecure-public/host/give.marchofdimes.org/client.json?source=jsmain
Requested by: Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.86.140 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: f14ca32c21c673573818ed971e2ed1b7add0aa959d839ed0c80743649829659c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 15:16:17 GMT
Content-Encoding: gzip
x-amz-version-id: SMAeEAMr55oARpuIcyCEnclqDHxCe7JU
x-amz-request-id: 2G670QTK9KCNVWQZ
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
Content-Length: 176
x-amz-id-2: cW4BJM3eYqcnMyy47HmAWYMqYV+ePR9ZEKpWfCskmbqcR/0+yQpccOUm7ujsNSHTsKki5KcuS8e4EQhEU6Secw==
Last-Modified: Mon, 27 Mar 2023 16:41:25 GMT
Server: AmazonS3
ETag: "a95252beb4a4ae8ef39271edd4605b16"
Access-Control-Max-Age: 60
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Credentials: true
Cache-Control: public, max-age=60
Accept-Ranges: bytes

GET
H/1.1 200
OK client.json Show response
s3-us-west-2.amazonaws.com/mfesecure-public/host/give.marchofdimes.org/ Frame 0BAA 213 B
1 KB 726ms
236ms XHR
application/json 3.5.86.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/mfesecure-public/host/give.marchofdimes.org/client.json?source=jsinline
Requested by: Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.86.140 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: f14ca32c21c673573818ed971e2ed1b7add0aa959d839ed0c80743649829659c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 15:16:17 GMT
Content-Encoding: gzip
x-amz-version-id: SMAeEAMr55oARpuIcyCEnclqDHxCe7JU
x-amz-request-id: 2G696TPGCE0VQD41
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
Content-Length: 176
x-amz-id-2: 2NUa3qXF/dQAtz8wPlJAFpsjBKYdIij7KlA/C582Uq4jACCi+c/w2lvNQLbaXZ5i8wexMEdo0HsFlmprhD2JbQ==
Last-Modified: Mon, 27 Mar 2023 16:41:25 GMT
Server: AmazonS3
ETag: "a95252beb4a4ae8ef39271edd4605b16"
Access-Control-Max-Age: 60
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Credentials: true
Cache-Control: public, max-age=60
Accept-Ranges: bytes

GET
H2

200

sid Show response
mug.criteo.com/ Frame 459B
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=8832015.fls.doubleclick.net&sn=ChromeSyncframe&so=2&topUrl=marchofdimes.org&bundle=jKnHOl9YTEJ1ODBmRm9wSnFiNG9GWEVUR0l1VEFmS09Zd2ljUjZONGwxbWJTU...
https://mug.criteo.com/sid?cpp=1nRBxXx1T0VKcG5HRm9pc1lOSWthNVBlVlpFSmFPS1pCV1NtTlF0L3VNTkNNNU9BNEFPMVpkN1BvMG1ZQXJpYVpLU3FPSDFBTVgxQkg3WjZuNW5YNXZTVkk5UXUzSzBRTzRyVHA4NG1zay9CMlcvU01kTDZ3WDZteVI2cG...

457 B
673 B

55ms
54ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=1nRBxXx1T0VKcG5HRm9pc1lOSWthNVBlVlpFSmFPS1pCV1NtTlF0L3VNTkNNNU9BNEFPMVpkN1BvMG1ZQXJpYVpLU3FPSDFBTVgxQkg3WjZuNW5YNXZTVkk5UXUzSzBRTzRyVHA4NG1zay9CMlcvU01kTDZ3WDZteVI2cGxkVklOYkl2Q0NWem5naHFCR2xqcjYzakF3bG9jRnpuVWwzK3BPNmVQMEFCTFNzRWFPRzlqWjNvaFV4TmtYQ2ltcGxPVytrcVEyOFA3TFdtamVnZ3pDZ2c4dmloWk1VWE15RS9xSG0xa0dyYlZxcWw5WmRPYitNMkVEUzR5ZXVlejVzcXpFeHprRks0dXB3ckRiQy9yc0xKZktsOEFRZFJ1MVV2RU5ESU9CeVQ5citaMERJWEFuTVJaVXl3SXJVa2ZFUjRWa3oyUXw&cppv=2

Requested by

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9e4f020278de40fec67c8437230d15efc4252b65e99e18eb399432022c9bc528

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1947612
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:15 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=1nRBxXx1T0VKcG5HRm9pc1lOSWthNVBlVlpFSmFPS1pCV1NtTlF0L3VNTkNNNU9BNEFPMVpkN1BvMG1ZQXJpYVpLU3FPSDFBTVgxQkg3WjZuNW5YNXZTVkk5UXUzSzBRTzRyVHA4NG1zay9CMlcvU01kTDZ3WDZteVI2cGxkVklOYkl2Q0NWem5naHFCR2xqcjYzakF3bG9jRnpuVWwzK3BPNmVQMEFCTFNzRWFPRzlqWjNvaFV4TmtYQ2ltcGxPVytrcVEyOFA3TFdtamVnZ3pDZ2c4dmloWk1VWE15RS9xSG0xa0dyYlZxcWw5WmRPYitNMkVEUzR5ZXVlejVzcXpFeHprRks0dXB3ckRiQy9yc0xKZktsOEFRZFJ1MVV2RU5ESU9CeVQ5citaMERJWEFuTVJaVXl3SXJVa2ZFUjRWa3oyUXw&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 427812
content-length: 0
expires: 0

GET
H3 200 /
www.facebook.com/tr/ Frame 8EB1 0
15 B 41ms
41ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=812396462484872&ev=PageView&dl=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCLLz8Zb5g_4CFdZHHgIdGjEOxg%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Dgen%3Bord%3D4882697559540%3Bgtm%3D45He33r0%3Bauiddc%3D212508955.1680189373%3B~oref%3Dhttps%253A%252F%252Fgive.marchofdimes.org%252F%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%2526DonationFormId%253D270%2526urlReferer%253Dhttps%25253A%25252F%25252Fmarchofdimes.org%25252Fdonate-now%25253FsrcCode%25253DGGGGENEM2303CMR00131002%252526utm_medium%25253Demail%252526utm_source%25253Dmandr%252526utm_campaign%25253D2023march%252526utm_content%25253Dem-nat-mandr-2023march-2023-03-29-email-4%252526mkto%25253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%3F&rl=https%3A%2F%2Fgive.marchofdimes.org%2F&if=true&ts=1680189375900&sw=1600&sh=1200&v=2.9.100&r=stable&ec=0&o=30&cs_est=true&it=1680189375707&coo=false&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 30 Mar 2023 15:16:15 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 200 button_T6.png
d2ldlvi1yef00y.cloudfront.net/us/live/en_us/amazonpay/gold/medium/ Frame 0BAA 3 KB
4 KB 166ms
40ms Image
image/png 2600:9000:223e:5200:14:4f74:f880:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2ldlvi1yef00y.cloudfront.net/us/live/en_us/amazonpay/gold/medium/button_T6.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:5200:14:4f74:f880:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdf44a7473d1aa23ccedf8d377d7d4c2b549de4c0df53d2ba4cfe0b022f0ba68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:14:00 GMT
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
last-modified: Wed, 20 Jun 2018 16:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 137
etag: "a06d383d676e4682cdf81b57dd9a13d3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=43200
accept-ranges: bytes
content-length: 3228
x-amz-cf-id: 2Y00j3UgN4AzOzg0sJGSMpieiViqjda-I0-mvG0z10Eb8PQOcdxGew==

GET
H3 200 /
www.facebook.com/tr/ Frame D4BA 0
15 B 48ms
47ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=812396462484872&ev=Microdata&dl=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOWDk5b5g_4CFWRUwgodNnAOxQ%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Ddonforms%3Bord%3D837105368787%3Bgtm%3D45He33r0%3Bauiddc%3D212508955.1680189373%3B~oref%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%3F&rl=https%3A%2F%2Fmarchofdimes.org%2F&if=true&ts=1680189375947&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.100&r=stable&ec=1&o=30&it=1680189374053&coo=false&es=automatic&tm=3&exp=c1&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 30 Mar 2023 15:16:15 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame B097 2 KB
2 KB 42ms
41ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 18:05:11 GMT
x-content-type-options: nosniff
age: 76264
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Wed, 05 Apr 2023 18:05:11 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B097 15 KB
16 KB 139ms
41ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 08:37:39 GMT
x-content-type-options: nosniff
age: 23917
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Mar 2024 08:37:39 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B097 15 KB
15 KB 211ms
112ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 08:37:39 GMT
x-content-type-options: nosniff
age: 23917
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Mar 2024 08:37:39 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame B097 102 B
134 B 52ms
51ms Other
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=vpEprwpCoBMgy-fvZET0Mz6L

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

18fcc06e8e158f0b20df57e5966474ba5ee428da943b5e27417d7e2bdde6058f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf_Xq4UAAAAAHd1hKHMAy-iydWdiqmt5E-IKeak&co=aHR0cHM6Ly9naXZlLm1hcmNob2ZkaW1lcy5vcmc6NDQz&hl=de&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&cb=lf5n8t2yg8vh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 30 Mar 2023 15:16:16 GMT

POST
H/1.1 200
OK uedata Show response
apay-us.amazon.com/cs/ Frame 0BAA 0
523 B 302ms
129ms XHR
application/json 52.46.131.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://apay-us.amazon.com/cs/uedata

Requested by

Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.131.6 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: PHA54WFZQVXQFNX9Q8B0
x-amzn-RequestId: PHA54WFZQVXQFNX9Q8B0
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/ Frame 0BAA 270 KB
67 KB 61ms
40ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46b9bf5e74f6b2a500a14b0818145a75b9e0b8d76d7b33b114efed4028ab21e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 00:49:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 224795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68640
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 21:47:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Mar 2024 00:49:41 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/ Frame 0BAA 162 KB
56 KB 72ms
51ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b268e5ee1a3ab52d9e62454b75cd857135841032c4bfab584c8b351bee1af103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 20:37:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67143
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57394
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 21:47:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Mar 2024 20:37:13 GMT

GET
H2 200 controls.js Show response
maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/ Frame 0BAA 90 KB
26 KB 119ms
98ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/controls.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

007deb8f7a0bca0a0d9ed8b8e711e9be9f34531b2b77cf06b0dc69ba5165d5fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 00:49:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 224783
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26657
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 21:47:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Mar 2024 00:49:53 GMT

GET
H2 200 places_impl.js Show response
maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/ Frame 0BAA 47 KB
17 KB 136ms
115ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/places_impl.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fd4713747a176f34fc584629bc259ae60b4a5190cb81f0371dc7700d31cc690

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 20:37:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 67141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16981
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 21:47:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Mar 2024 20:37:15 GMT

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55950/ Frame 8EB1
Redirect Chain

https://pixel.advertising.com/ups/55950/sync?uid=761406324687&_origin=1
https://ups.analytics.yahoo.com/ups/55950/sync?uid=761406324687&_origin=1

0
121 B

46ms
45ms

Image
text/plain

3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55950/sync?uid=761406324687&_origin=1

Requested by

Protocol

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55950/sync?uid=761406324687&_origin=1
date: Thu, 30 Mar 2023 15:16:16 GMT
cache-control: no-store
content-type: text/html
server: ATS/9.1.10.25
content-length: 355
content-language: en

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/ Frame 8EB1
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D10%26auid%3D761406324687%26uid%3D%24UID
https://ums.acuityplatform.com/sum?umid=10&auid=761406324687&uid=9049886179572028954

0
906 B

161ms
48ms

Image
text/plain

154.59.122.79
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=10&auid=761406324687&uid=9049886179572028954
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?
Protocol: HTTP/1.1
Server: 154.59.122.79 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-origin: *
access-control-expose-headers: X-Acuity-UserID
x-acuity-userid: 761425739661

Redirect headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.103; 80.255.7.103; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 13a6553f-4f73-40c5-b6e1-2afa19a8d120
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://ums.acuityplatform.com/sum?umid=10&auid=761406324687&uid=9049886179572028954
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

52164
i6.liadm.com/s/ Frame 8EB1
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=236&user_id=761406324687&expires=30&user_group=1
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=3c96feba-7ccd-44d7-aa3c-b9c2c09923a6
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=3c96feba-7ccd-44d7-aa3c-b9c2c09923a6&_li_chk=true&previous_uuid=f9aab96527324fd0bd63a6d3c827761e
https://i6.liadm.com/s/52164?licd=&bidder_id=5298&bidder_uuid=3c96feba-7ccd-44d7-aa3c-b9c2c09923a6

43 B
436 B

498ms
121ms

Image
image/gif

2600:1f18:ed:550f:d48:f65d:a04a:3bfb
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/52164?licd=&bidder_id=5298&bidder_uuid=3c96feba-7ccd-44d7-aa3c-b9c2c09923a6

Requested by

Protocol

HTTP/1.1

Server

2600:1f18:ed:550f:d48:f65d:a04a:3bfb Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 15:16:17 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 1
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/52164?licd=&bidder_id=5298&bidder_uuid=3c96feba-7ccd-44d7-aa3c-b9c2c09923a6
Date: Thu, 30 Mar 2023 15:16:16 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 1

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/ Frame 8EB1
Redirect Chain

https://tags.bluekai.com/site/37592?id=123456&limit=0&redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D49%26auid%3D761406324687%26uid%3D%24_BK_UUID
https://ums.acuityplatform.com/sum?umid=49&auid=761406324687&uid=$_BK_UUID

0
27 B

45ms
45ms

Image
text/plain

154.59.122.79
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=49&auid=761406324687&uid=$_BK_UUID
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?
Protocol: HTTP/1.1
Server: 154.59.122.79 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

location: https://ums.acuityplatform.com/sum?umid=49&auid=761406324687&uid=$_BK_UUID
date: Thu, 30 Mar 2023 15:16:16 GMT
content-length: 0
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/ Frame 8EB1
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3150&partner_device_id=761406324687&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D761406324687%26uid%3D%24%7BTA_DE...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3150&partner_device_id=761406324687&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D761406324687%26uid%3D%24%7...
https://ums.acuityplatform.com/sum?umid=64&auid=761406324687&uid=f890bcde-af83-42d6-80db-292d2c050c52

0
962 B

60ms
54ms

Image
text/plain

154.59.122.79
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=64&auid=761406324687&uid=f890bcde-af83-42d6-80db-292d2c050c52
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLLz8Zb5g_4CFdZHHgIdGjEOxg;src=8832015;type=rt;cat=gen;ord=4882697559540;gtm=45He33r0;auiddc=212508955.1680189373;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002?
Protocol: HTTP/1.1
Server: 154.59.122.79 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-origin: *
access-control-expose-headers: X-Acuity-UserID
x-acuity-userid: 761425961825

Redirect headers

date: Thu, 30 Mar 2023 15:16:16 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://ums.acuityplatform.com/sum?umid=64&auid=761406324687&uid=f890bcde-af83-42d6-80db-292d2c050c52
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 11A5
Redirect Chain

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=4xhkktPH_4NN2D0vC-L4a14kQYT6Oerv

0
338 B

280ms
68ms

Image
text/plain

52.213.74.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=4xhkktPH_4NN2D0vC-L4a14kQYT6Oerv
Protocol: H2
Server: 52.213.74.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-74-200.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-served-by: beacon-n003-dub-prod.krxd.net
date: Thu, 30 Mar 2023 15:16:16 GMT
cache-control: private, no-cache, no-store
x-request-time: D=25 t=1680189376
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=4xhkktPH_4NN2D0vC-L4a14kQYT6Oerv
date: Thu, 30 Mar 2023 15:16:15 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 832840
content-length: 0

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 0BAA 0
286 B 50ms
48ms XHR
text/plain 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 0BAA 0
286 B 59ms
55ms XHR
text/plain 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 207ms
41ms Preflight 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 209ms
41ms Preflight 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 185ms
41ms Preflight 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx

OPTIONS
H2 200 graphql
payments.braintree-api.com/ Frame 0
0 70ms
38ms Preflight 76.223.13.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.223.13.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,braintree-version,content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-headers: authorization,braintree-version,content-type
access-control-allow-methods: GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://give.marchofdimes.org
access-control-max-age: 1800
date: Thu, 30 Mar 2023 15:16:16 GMT
paypal-debug-id: 9552cab504404
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-frame-options: DENY

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 184ms
40ms Preflight 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 0BAA 0
286 B 60ms
55ms XHR
text/plain 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

POST
H2 200 graphql Show response
payments.braintree-api.com/ Frame 0BAA 382 B
651 B 149ms
146ms XHR
application/json 76.223.13.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.223.13.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

15fd0dfcd3e0ea18da27d4ac561915b6990dbb0abfe01dcd1f8ba8ccce9208fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE2ODAyNzU3NzUsImp0aSI6ImU4NmEwM2U4LTNkYTEtNDcwYi04ZTMyLTQ3Yjk5MDAyYzM1MyIsInN1YiI6InNoY3g1OHNwMjhuYnhrbjUiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6InNoY3g1OHNwMjhuYnhrbjUiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0Ijp0cnVlfSwicmlnaHRzIjpbIm1hbmFnZV92YXVsdCJdLCJzY29wZSI6WyJCcmFpbnRyZWU6VmF1bHQiXSwib3B0aW9ucyI6e319.8uVwL6-S_dCQ7EiBQ4SyKO5Kf_ARsb08b5gDeKhQHjOtmbKeR0YK5vVb2KjW0tVzolGifQRKdUqnL7rQnlbpZw
Braintree-Version: 2018-05-10
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
server: nginx
vary: Braintree-Version, Accept-Encoding
braintree-version: 2016-10-07
content-type: application/json
access-control-allow-origin: https://give.marchofdimes.org
paypal-debug-id: 9343d937ebde4
cache-control: no-cache, no-store
x-frame-options: DENY
content-length: 293

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 0BAA 0
286 B 59ms
54ms XHR
text/plain 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 0BAA 59 KB
21 KB 184ms
37ms Script
application/javascript 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dcc49c76e2faccba32a3f6c2c419e8f6724a46f2ccd16c822be0bae10268294b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-cache-hits: 9, 1, 4483235
date: Thu, 30 Mar 2023 15:16:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 4988902
x-cache: HIT, HIT, HIT
paypal-debug-id: 8d02b3197927f
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 20545
x-served-by: cache-sjc10074-SJC, cache-hhn-etou8220066-HHN, cache-hhn-etou8220033-HHN
last-modified: Tue, 31 Jan 2023 20:30:46 GMT
traceparent: 00-00000000000000000008d02b3197927f-a6cbabdc8c2b29e1-01
x-timer: S1680189376.417263,VS0,VE1
etag: W/"63d97a76-ecbf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=86400
access-control-allow-credentials: false
access-control-max-age: 86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Mar 2023 15:16:16 GMT

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 0BAA 0
286 B 59ms
54ms XHR
text/plain 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 181ms
41ms Preflight 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx

GET
H/1.1

200
OK

logo.htm Show response
ssl.kaptcha.com/ Frame 175B
Redirect Chain

https://assets.braintreegateway.com/data/logo.htm?m=null&s=e22c12fb77ce002c0efa0ce8c56c0442
https://ssl.kaptcha.com/logo.htm?m=null&s=e22c12fb77ce002c0efa0ce8c56c0442

41 B
366 B

635ms
205ms

Document
text/html

54.148.115.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.kaptcha.com/logo.htm?m=null&s=e22c12fb77ce002c0efa0ce8c56c0442
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.148.115.137 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-148-115-137.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a09179dd962df38a01440ce2e4748c37bd832fe1ac2f65ad974490a89d63d129

Request headers

Referer: https://give.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache no-store must-revalidate private
Content-Length: 41
Content-Type: text/html
Date: Thu, 30 Mar 2023 15:16:17 GMT
Expires: 0
Pragma: no-cache
X-Correlation-Id: 956ffaad-4f27-454e-a08d-d9c3a5a0a97a

Redirect headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public, max-age=3600
content-length: 138
content-type: text/html
date: Thu, 30 Mar 2023 15:16:16 GMT
dc: ccg11-origin-www-1.paypal.com
location: https://ssl.kaptcha.com/logo.htm?m=null&s=e22c12fb77ce002c0efa0ce8c56c0442
paypal-debug-id: eb5a3c490d06c
strict-transport-security: max-age=31557600
traceparent: 00-0000000000000000000eb5a3c490d06c-54dd138d26c09eda-01
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-sjc10033-SJC, cache-hhn-etou8220033-HHN
x-timer: S1680189376.333545,VS0,VE255

GET
H2 200 powered-by-google-on-white3.png
maps.gstatic.com/mapfiles/api-3/images/ Frame 0BAA 2 KB
2 KB 145ms
48ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maps.gstatic.com/mapfiles/api-3/images/powered-by-google-on-white3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd80d0dcb2a44bd30c11fcdf13d4c280f336dad9442ee7da79146f2bb77381a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/geo-tactile
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1616
x-xss-protection: 0
last-modified: Tue, 18 May 2021 19:15:00 GMT
server: sffe
report-to: {"group":"geo-tactile","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/geo-tactile"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: private, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="geo-tactile"
expires: Thu, 30 Mar 2023 15:16:16 GMT

GET
H2 200 autocomplete-icons.png
maps.gstatic.com/mapfiles/api-3/images/ Frame 0BAA 3 KB
3 KB 146ms
49ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maps.gstatic.com/mapfiles/api-3/images/autocomplete-icons.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db209390b90b70f4b1ef3540cb581e4ec8edbba21980971b68e4aef5c5d352fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/geo-tactile
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3351
x-xss-protection: 0
last-modified: Tue, 18 May 2021 19:15:00 GMT
server: sffe
report-to: {"group":"geo-tactile","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/geo-tactile"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: private, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="geo-tactile"
expires: Thu, 30 Mar 2023 15:16:16 GMT

GET
H2 200 i Show response
c.paypal.com/v1/r/d/ Frame F755 160 B
1 KB 201ms
196ms Document
text/html 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://give.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, Sec-CH-UA-Full
accept-ranges: none
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: f9f6144f68353
date: Thu, 30 Mar 2023 15:16:16 GMT
origin-trial: A+THamRrv1ypMR6JeaJx7Wmo8rytLELMAeCL0XGhTihfUtp+dVqcCNYiWxOzySlH2Xk7lzRrFY3mxv6viKT1qggAAACKeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
paypal-debug-id: f9f6144f68353
server-timing: "traceparent;desc="00-0000000000000000000f9f6144f68353-2206c018f8633b2b-01"";content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000f9f6144f68353-a3b8d623686f21bd-01
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-served-by: cache-hhn-etou8220033-HHN
x-timer: S1680189377.519275,VS0,VE156
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

counter2.cgi
dub.stats.paypal.com/ Frame BD0D
Redirect Chain

https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=d1971207fa5aa1a08f03d202c2fe620a&t=1680189376.253&a=14
https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=d1971207fa5aa1a08f03d202c2fe620a&t=1680189376.253&a=14

42 B
299 B

207ms
65ms

Image
image/jpeg

64.4.245.84
PAYPAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=d1971207fa5aa1a08f03d202c2fe620a&t=1680189376.253&a=14
Protocol: HTTP/1.1
Server: 64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 42
Content-Type: image/jpeg

Redirect headers

Location: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=d1971207fa5aa1a08f03d202c2fe620a&t=1680189376.253&a=14
Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 0
Content-Type: application/octet-stream

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 0BAA 0
286 B 68ms
67ms XHR
text/plain 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.e4bafff4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 47ms
47ms Preflight 35.157.254.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.254.245 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-254-245.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Thu, 30 Mar 2023 15:16:16 GMT
Server: nginx

GET
H2

200

cs
s.thebrighttag.com/ Frame 11A5
Redirect Chain

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=jXhRS-lFcrZ78Te0nsZQcYHEfqn6-Lf3

35 B
268 B

457ms
129ms

Image
image/gif

18.223.64.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=jXhRS-lFcrZ78Te0nsZQcYHEfqn6-Lf3
Protocol: H2
Server: 18.223.64.90 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-64-90.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:16 GMT
x-bt-requestid: d1317fc0-cf0d-11ed-a89d-0000ac170286
server: nginx
content-type: image/gif
access-control-allow-origin
p3p: CP=NOI DSP COR NID
cache-control: private, must-revalidate
content-length: 35
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=jXhRS-lFcrZ78Te0nsZQcYHEfqn6-Lf3
date: Thu, 30 Mar 2023 15:16:15 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 823461
content-length: 0

GET
H2 200 212.svg
cdn.ywxi.net/meter/give.marchofdimes.org/ Frame 0BAA 21 KB
9 KB 46ms
46ms Image
image/svg+xml 2600:9000:225e:d400:14:6bfc:5740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.ywxi.net/meter/give.marchofdimes.org/212.svg?ts=1679935284485&l=en-US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:d400:14:6bfc:5740:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6e8f6b76132f1b9dfe46847a40f6bda5a9eb11e889663b16e63dfd65ff0e6fb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:05:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 654
content-security-policy-report-only: report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
x-cache: Hit from cloudfront
content-length: 7871
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-trace: 2B382A2BB569F23905378156FC68347ECDCB99E95E000000000000000000
content-type: image/svg+xml
cache-control: public
x-amz-cf-id: uofzXO4jCF0H3gsi7uQWdFixN8GfW1Eej0AzJlPF2SlLmrIzkMX79g==
expires: Thu, 30 Mar 2023 16:05:21 GMT

GET
H2 200 ajax Show response
www.trustedsite.com/rpc/ Frame 0BAA 6 B
1003 B 645ms
203ms Script
text/javascript 54.185.153.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustedsite.com/rpc/ajax?do=tmjs-visit&host=give.marchofdimes.org&rand=1680189376567

Requested by

Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.185.153.95 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-185-153-95.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
server: Apache
x-trace: 2B9E8FA87F978E1664BB3E6ACC0795AF824C8838DF000000000000000000
content-security-policy-report-only: report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
content-type: text/javascript; charset=utf-8
content-length: 26

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame F755 59 KB
21 KB 41ms
41ms Script
application/javascript 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dcc49c76e2faccba32a3f6c2c419e8f6724a46f2ccd16c822be0bae10268294b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-cache-hits: 9, 1, 4483238
date: Thu, 30 Mar 2023 15:16:16 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 4988903
x-cache: HIT, HIT, HIT
paypal-debug-id: 8d02b3197927f
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 20545
x-served-by: cache-sjc10074-SJC, cache-hhn-etou8220066-HHN, cache-hhn-etou8220033-HHN
last-modified: Tue, 31 Jan 2023 20:30:46 GMT
traceparent: 00-00000000000000000008d02b3197927f-a6cbabdc8c2b29e1-01
x-timer: S1680189377.734373,VS0,VE1
etag: W/"63d97a76-ecbf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=86400
access-control-allow-credentials: false
access-control-max-age: 86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Mar 2023 15:16:16 GMT

POST
H2 200 p1 Show response
c.paypal.com/v1/r/d/b/ Frame F755 125 B
900 B 231ms
228ms XHR
application/json 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/p1

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dffec77eade20cb809f76c764bc5a8c560f85988fc3913f331fe40de2538b909

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: d6e6602b6674b
server-timing: "traceparent;desc="00-0000000000000000000d6e6602b6674b-6d074c39ea360229-01"";content-encoding;desc="",x-cdn;desc="fastly"
content-length: 125
x-served-by: cache-hhn-etou8220033-HHN
correlation-id: d6e6602b6674b
traceparent: 00-0000000000000000000d6e6602b6674b-fc5b40e025f9c1d2-01
content-type: application/json
access-control-allow-origin: https://www.paypal.com
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0

POST
H2 204 e Show response
c.paypal.com/v1/r/d/b/ Frame F755 0
352 B 215ms
212ms XHR
text/plain 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/e

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
paypal-debug-id: 3750e1e6e1d19
server-timing: "traceparent;desc="00-00000000000000000003750e1e6e1d19-7bab6befacd931b5-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by: cache-hhn-etou8220033-HHN
correlation-id: 3750e1e6e1d19
traceparent: 00-00000000000000000003750e1e6e1d19-458db5b313078a56-01
access-control-allow-origin: https://www.paypal.com
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0

GET
H2 200 p3
c6.paypal.com/v1/r/d/b/ Frame F755 0
216 B 215ms
198ms Image
text/plain 151.101.129.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c6.paypal.com/v1/r/d/b/p3?f=d1971207fa5aa1a08f03d202c2fe620a&s=BRAINTREE_SIGNIN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:16 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
paypal-debug-id: c0d4f624a1835
server-timing: "traceparent;desc="00-0000000000000000000c0d4f624a1835-f18eb529e0a4d183-01"";content-encoding;desc="",x-cdn;desc="fastly"
content-length: 0
x-served-by: cache-hhn-etou8220033-HHN
correlation-id: c0d4f624a1835
traceparent: 00-0000000000000000000c0d4f624a1835-2248ea4cd1008d7d-01
x-timer: S1680189377.819344,VS0,VE158
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0

GET
H3 200 /
www.facebook.com/tr/ Frame 0BAA 0
15 B 46ms
46ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1621384747882069&ev=Microdata&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&rl=https%3A%2F%2Fmarchofdimes.org%2F&if=true&ts=1680189377172&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22March%20of%20Dimes%20Donation%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.100&r=stable&ec=1&o=30&fbp=fb.1.1680189374411.1122426364&it=1680189375262&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 30 Mar 2023 15:16:17 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 200 sync
x.bidswitch.net/ Frame F1F5 43 B
145 B 63ms
47ms Image
image/gif 3.122.123.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-fX_grrHtrRYuXguIBhMNMkxE44PbKKpoWajHnA&expires=30
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.123.120 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-123-120.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame F1F5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_cm&google_hm=ay1GbzRvWkxIdHJSWXVYZ3VJQmhNTk1reEU0NE5DaklMW...
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_gid=CAESEGm1CeVgs0KpvZGC0xrXvjc&google_cver=1&google_ula=913071,0

43 B
369 B

45ms
43ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_gid=CAESEGm1CeVgs0KpvZGC0xrXvjc&google_cver=1&google_ula=913071,0

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:16 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 876330
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:17 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-Fo4oZLHtrRYuXguIBhMNMkxE44NCjILZJw9OdQ&google_gid=CAESEGm1CeVgs0KpvZGC0xrXvjc&google_cver=1&google_ula=913071,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame F1F5
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=9049886179572028954

43 B
370 B

44ms
43ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=9049886179572028954

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:16 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1101295
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 30 Mar 2023 15:16:17 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.103; 80.255.7.103; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e641fb95-acff-4f40-ba0f-831cb790c474
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=9049886179572028954
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK setuid
secure.adnxs.com/ Frame F1F5 43 B
1 KB 76ms
63ms Image
image/gif 185.89.211.12
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/setuid?entity=52&code=k-InofSbHtrRYuXguIBhMNMkxE44PTZBJf7F0fiA

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Mar 2023 15:16:17 GMT
AN-X-Request-Uuid: f2f5b34d-afbf-4974-b9b1-fceb2d165df2
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.103; 80.255.7.103; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cksync.php
contextual.media.net/ Frame F1F5 61 B
639 B 85ms
70ms Image
image/gif 88.221.168.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-1aVPcbHtrRYuXguIBhMNMkxE44PcUk5TiKjXDw

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

88.221.168.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a88-221-168-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 30 Mar 2023 15:16:17 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Thu, 30 Mar 2023 15:16:17 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame F1F5 43 B
163 B 81ms
68ms Image
image/gif 185.86.138.153
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-mglJMrHtrRYuXguIBhMNMkxE44P_YAxFXReqhg
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.153 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 um
criteo-sync.teads.tv/ Frame F1F5 23 B
172 B 88ms
70ms Image
image/gif 2.23.197.36
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-cz4FDbHtrRYuXguIBhMNMkxE44NTYZSmzaYMwA
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.197.36 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-197-36.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

expires: Thu, 30 Mar 2023 15:16:17 GMT
pragma: no-cache
date: Thu, 30 Mar 2023 15:16:17 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2 200 xuid
eb2.3lift.com/ Frame F1F5 37 B
139 B 70ms
52ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-OsU2QLHtrRYuXguIBhMNMkxE44P-sw1H7M8VIQ&dongle=013b
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 pixel
cm.adform.net/ Frame F1F5 43 B
162 B 60ms
43ms Image
image/gif 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-MevFZLHtrRYuXguIBhMNMkxE44PjBSHpr_o2lg
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT
last-modified: Fri, 18 Nov 2022 14:41:46 GMT
server: nginx
accept-ranges: bytes
etag: "637799aa-2b"
content-length: 43
content-type: image/gif

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame F1F5 49 B
118 B 106ms
89ms Image
image/gif 185.255.84.153
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-PKtU2rHtrRYuXguIBhMNMkxE44PLQ-W_3NrqOA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.153 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:17 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 43
content-length: 49
expires: 0

GET
H/1.1 200
OK rum
r.casalemedia.com/ Frame F1F5 43 B
632 B 140ms
41ms Image
image/gif 185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-nw1MIbHtrRYuXguIBhMNMkxE44NJ5Cqmad6SRw
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Mar 2023 15:16:17 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

GET
H/1.1

200
OK

ibs:dpid=28645&dpuuid=jqXApcO4iKF_vIbW4onIWO1WRh7kdaIJ
dpm.demdex.net/ Frame F1F5
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=jqXApcO4iKF_vIbW4onIWO1WRh7kdaIJ

42 B
942 B

65ms
63ms

Image
image/gif

52.209.140.203
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=28645&dpuuid=jqXApcO4iKF_vIbW4onIWO1WRh7kdaIJ

Protocol

HTTP/1.1

Server

52.209.140.203 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-209-140-203.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v046-0a5fb53d3.edge-irl1.demdex.com 7 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 3zXNCyZpRWg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=28645&dpuuid=jqXApcO4iKF_vIbW4onIWO1WRh7kdaIJ
date: Thu, 30 Mar 2023 15:16:16 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 1096866
content-length: 0

GET
H/1.1 200 9.gif
id5-sync.com/s/966/ Frame F1F5 43 B
1 KB 65ms
53ms Image
image/gif 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/966/9.gif?puid=k-cJgpqrHtrRYuXguIBhMNMkxE44NQScuoAlfYxw

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Thu, 30 Mar 2023 15:16:16 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H2 200 match
ad.360yield.com/ Frame F1F5 43 B
448 B 83ms
66ms Image
image/gif 54.72.214.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-DJjlNLHtrRYuXguIBhMNMkxE44NTONaOCH92Lg
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.214.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-214-60.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 30 Mar 2023 15:16:17 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 sync
matching.ivitrack.com/ Frame F1F5 42 B
103 B 81ms
65ms Image
image/gif 34.117.157.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-AI6-G7HtrRYuXguIBhMNMkxE44Ntg4Bl5PdSyg
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.157.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame F1F5 42 B
430 B 80ms
64ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-z12wV7HtrRYuXguIBhMNMkxE44NPlm6GgVMitg
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 30 Mar 2023 15:16:17 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame F1F5 43 B
301 B 132ms
116ms Image
image/gif 2600:1f18:612b:4200:56a9:a863:35fa:3ae3
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-aHdSfrHtrRYuXguIBhMNMkxE44NXQhyJtMPo4w
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:56a9:a863:35fa:3ae3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Thu, 30 Mar 2023 15:16:17 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H2 200 getusermatch.php
a.twiago.com/rtb/ Frame F1F5 43 B
153 B 45ms
29ms Image
image/gif 85.215.5.31
CRONON-BERLIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-_3go9rHtrRYuXguIBhMNMkxE44Peup7mWZuq0Q
Requested by: Host: marchofdimes.org
URL: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.215.5.31 Berlin, Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software: Apache / PHP/7.3.30
Resource Hash: 5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 30 Mar 2023 15:16:17 GMT
server: Apache
x-powered-by: PHP/7.3.30
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame F1F5 0
239 B 67ms
55ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-ht-V47HtrRYuXguIBhMNMkxE44PvODHGBdJIHQ&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 v1
match.sharethrough.com/sync/ Frame F1F5 0
34 B 67ms
52ms Image
text/plain 3.127.20.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-Xr4aWbHtrRYuXguIBhMNMkxE44P6cF1awg602w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.20.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-20-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame F1F5 0
98 B 68ms
53ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-sFf8NbHtrRYuXguIBhMNMkxE44NecZNNkbvfZA
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 42362

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58301/ Frame F1F5 0
321 B 73ms
58ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-ALzEQbHtrRYuXguIBhMNMkxE44NDAB0lAQO1ag

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 push
exchange.mediavine.com/usersync/ Frame F1F5 0
884 B 75ms
61ms Image
text/html 18.192.109.166
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-UJnr9bHtrRYuXguIBhMNMkxE44MJ2hnM2C8M0w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.109.166 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-109-166.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT
cache-control: private, no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame F1F5 0
145 B 122ms
112ms Image
text/plain 70.42.32.63
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-IPy0W7HtrRYuXguIBhMNMkxE44MnpxHaRhygJw&initiator=partner
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.63 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 30 Mar 2023 15:16:17 GMT
Cache-Control: no-cache
X-TraceId: d72ec6dd6b8a26f638599bd9b079e0a4
Content-Length: 0

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame F1F5 0
400 B 90ms
81ms Image
text/plain 2.22.155.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-noeP1bHtrRYuXguIBhMNMkxE44P7hvFGIhMNXA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.22.155.103 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-22-155-103.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Mar 2023 15:16:17 GMT
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
Expires: Wed, 29 Mar 2023 15:16:17 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame F1F5 0
37 B 79ms
66ms Image
text/plain 63.32.242.157
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-TqTwlLHtrRYuXguIBhMNMkxE44OVmWm5aM2-Kw&pn_id=criteo&ext=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.242.157 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-242-157.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 15:16:17 GMT
content-length: 0

GET
H3 200 /
www.facebook.com/tr/ Frame 8EB1 0
15 B 41ms
39ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=812396462484872&ev=Microdata&dl=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCLLz8Zb5g_4CFdZHHgIdGjEOxg%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Dgen%3Bord%3D4882697559540%3Bgtm%3D45He33r0%3Bauiddc%3D212508955.1680189373%3B~oref%3Dhttps%253A%252F%252Fgive.marchofdimes.org%252F%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%2526DonationFormId%253D270%2526urlReferer%253Dhttps%25253A%25252F%25252Fmarchofdimes.org%25252Fdonate-now%25253FsrcCode%25253DGGGGENEM2303CMR00131002%252526utm_medium%25253Demail%252526utm_source%25253Dmandr%252526utm_campaign%25253D2023march%252526utm_content%25253Dem-nat-mandr-2023march-2023-03-29-email-4%252526mkto%25253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%3F&rl=https%3A%2F%2Fgive.marchofdimes.org%2F&if=true&ts=1680189377417&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.100&r=stable&ec=1&o=30&it=1680189375707&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 30 Mar 2023 15:16:17 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame F1F5
Redirect Chain

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=bbI7EKN4guKYwscjrLnCgKRuvzgZlPch

0
337 B

58ms
57ms

Image
text/plain

52.213.74.200
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=bbI7EKN4guKYwscjrLnCgKRuvzgZlPch
Protocol: H2
Server: 52.213.74.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-74-200.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-served-by: beacon-n017-dub-prod.krxd.net
date: Thu, 30 Mar 2023 15:16:17 GMT
cache-control: private, no-cache, no-store
x-request-time: D=33 t=1680189377
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=bbI7EKN4guKYwscjrLnCgKRuvzgZlPch
date: Thu, 30 Mar 2023 15:16:16 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 1390250
content-length: 0

GET
H2

200

cs
s.thebrighttag.com/ Frame F1F5
Redirect Chain

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=aXQ7rJSexRB8hpkBQLRFET6JTuUt9uBc

35 B
267 B

129ms
129ms

Image
image/gif

18.223.64.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=aXQ7rJSexRB8hpkBQLRFET6JTuUt9uBc
Protocol: H2
Server: 18.223.64.90 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-64-90.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:17 GMT
x-bt-requestid: d1a37b72-cf0d-11ed-afe5-0000ac1702cb
server: nginx
content-type: image/gif
access-control-allow-origin
p3p: CP=NOI DSP COR NID
cache-control: private, must-revalidate
content-length: 35
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=aXQ7rJSexRB8hpkBQLRFET6JTuUt9uBc
date: Thu, 30 Mar 2023 15:16:17 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 747792
content-length: 0

GET
H2 204 unip Show response
trc-events.taboola.com/1335104/log/3/ 0
246 B 48ms
43ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1335104/log/3/unip?en=pre_d_eng_tb&tos=4752&scd=0&ssd=1&est=1680189373878&ver=36&isls=true&src=i&invt=3000&msa=362&rv=1&tim=1680189378632&vi=1680189373875&ri=671a4c06179bc54cc2acf48548bc773d&ref=null&cv=20230326-2-RELEASE&item-url=https%3A%2F%2Fmarchofdimes.org%2Fdonate-now%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&ler=other
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-origin: https://marchofdimes.org
pragma: no-cache
date: Thu, 30 Mar 2023 15:16:18 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

POST
H3 204 collect
region1.google-analytics.com/g/ Frame 0BAA 0
17 B 47ms
47ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-0DRBVSJJB1&gtm=45je33r0&_p=1377108416&cid=1440869162.1680189374&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1680189373&sct=1&seg=1&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGGGGENEM2303CMR00131002%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023march%26utm_content%3Dem-nat-mandr-2023march-2023-03-29-email-4%26mkto%3Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002%26DonationFormId%3D270%26urlReferer%3Dhttps%253A%252F%252Fmarchofdimes.org%252Fdonate-now%253FsrcCode%253DGGGGENEM2303CMR00131002%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023march%2526utm_content%253Dem-nat-mandr-2023march-2023-03-29-email-4%2526mkto%253Dem-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002&dr=https%3A%2F%2Fmarchofdimes.org%2F&dt=March%20of%20Dimes%20Donation&en=scroll&epn.percent_scrolled=90
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0DRBVSJJB1&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Mar 2023 15:16:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

79 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
i.liadm.com/s	1970-01-20 11:26:21	Name: _li_ss Value: CgsKCQj_____BxDkFA
.marchofdimes.org/	1970-01-20 10:44:35	Name: df5remind Value: https://marchofdimes.org/donate-now?srcCode=GGGGENEM2303CMR00131002&utm_medium=email&utm_source=mandr&utm_campaign=2023march&utm_content=em-nat-mandr-2023march-2023-03-29-email-4&mkto=em-nat-mandr-2023march-2023-03-29-email-4-SRCGGGGENEM2303CMR00131002
.marchofdimes.org/	1970-01-20 12:52:45	Name: _gcl_au Value: 1.1.212508955.1680189373
.marchofdimes.org/	1970-01-20 10:44:35	Name: _gid Value: GA1.2.1237877152.1680189374
.doubleclick.net/	1970-01-20 20:04:45	Name: IDE Value: AHWqTUnKeAnHnWaPVzKS5R1RgdfuloEUADb4Sl_fhH9oNQbChdSSJKlfBcV4cS0w5po
.marchofdimes.org/	1970-01-20 10:43:09	Name: _gat_UA-219864-60 Value: 1
.marchofdimes.org/	1970-01-20 20:19:09	Name: wisepops Value: %7B%22csd%22%3A1%2C%22popups%22%3A%7B%7D%2C%22sub%22%3A1%2C%22ucrn%22%3A81%2C%22cid%22%3A%2273000%22%2C%22v%22%3A4%2C%22bandit%22%3A%7B%22recos%22%3A%7B%7D%7D%7D
.marchofdimes.org/	1970-01-20 20:19:09	Name: wisepops_visits Value: %5B%222023-03-30T15%3A16%3A13.462Z%22%5D
marchofdimes.org/	1969-12-31 23:59:59	Name: wisepops_activity_session Value: %7B%22id%22%3A%22d14cbf21-ba08-4adb-b687-8f83f9c37a5c%22%2C%22start%22%3A1680189373849%7D
.bing.com/	1970-01-20 20:04:45	Name: MUID Value: 212AF30D3AF06E4102E6E1E93B5C6FF6
.quantserve.com/	1970-01-20 20:13:23	Name: mc Value: 6425a7be-1f4be-d9872-66ce1
.marchofdimes.org/	1970-01-20 20:07:38	Name: __qca Value: P0-1839879569-1680189373857
.criteo.com/	1970-01-20 20:04:45	Name: uid Value: e3435549-c8d8-44b6-a377-dafb92089895
.marchofdimes.org/	1970-01-20 12:52:45	Name: _fbp Value: fb.1.1680189374411.1122426364
.marchofdimes.org/	1970-01-20 10:43:09	Name: _gat_gtag_UA_219864_1 Value: 1
.marchofdimes.org/	1970-01-20 20:19:09	Name: _ga Value: GA1.1.1440869162.1680189374
.marchofdimes.org/	1969-12-31 23:59:59	Name: wisepops_session Value: %7B%22arrivalOnSite%22%3A%222023-03-30T15%3A16%3A13.462Z%22%2C%22mtime%22%3A1680189375332%2C%22pageviews%22%3A1%2C%22popups%22%3A%7B%7D%2C%22bars%22%3A%7B%7D%2C%22countdowns%22%3A%7B%7D%2C%22src%22%3Anull%2C%22utm%22%3A%7B%22source%22%3A%22mandr%22%2C%22medium%22%3A%22email%22%2C%22campaign%22%3A%222023march%22%2C%22content%22%3A%22em-nat-mandr-2023march-2023-03-29-email-4%22%7D%2C%22testIp%22%3Anull%7D
give.marchofdimes.org/	1969-12-31 23:59:59	Name: wisepops_activity_session Value: %7B%22id%22%3A%22972c7d9b-4336-45e3-8d67-d378798f2c63%22%2C%22start%22%3A1680189375334%7D
.marchofdimes.org/	1970-01-20 20:19:09	Name: _ga_0DRBVSJJB1 Value: GS1.1.1680189373.1.1.1680189375.0.0.0
.marchofdimes.org/	1970-01-20 10:44:35	Name: _uetsid Value: cf5a6f20cf0d11ed8f76b17f68e9369d
.marchofdimes.org/	1970-01-20 20:04:45	Name: _uetvid Value: cf5a7ba0cf0d11ed8a3c47c740a5264b
give.marchofdimes.org/	1970-01-20 10:44:35	Name: language Value: en_US
give.marchofdimes.org/	1969-12-31 23:59:59	Name: amazon-pay-connectedAuth Value: connectedAuth_general
.amazon.com/	1970-01-20 19:28:45	Name: session-token Value: "/5mPym8SFmvR+S6Fqldi4MPQ5miSX+R4F3VNVddIWiUyXpAdRj7HDmaFUkVJF3sHdrGi/ytFcXUosj84pjkjDe0oWXvhJ8kGYklZ4LLgDSbyOpATzn8iVUtThbdThGJ3HsMtyJgX8JT7w2XMZR0333dwdvtZyjsitWDNXIT/UgNEEubGScj97cIvCvaGNlzrpxp18anorrq5dI+N4y094A=="
.amazon.com/	1970-01-20 19:28:45	Name: session-id Value: 140-1639719-9542136
.amazon.com/	1970-01-20 19:28:45	Name: session-id-time Value: 2082758400
.amazon.com/	1970-01-20 19:28:45	Name: session-id-apay Value: 140-1639719-9542136
give.marchofdimes.org/	1970-01-20 10:44:35	Name: apay-session-set Value: Wt%2BwaPdTJKqARrGU47uXvd1KsIIE7eMaxBe38rOtlkFJFX0ySv%2FcDnhnNJvHuOU%3D
.media.net/	1970-01-20 19:28:45	Name: visitor-id Value: 3231909759085510000V10
.media.net/	1970-01-20 11:26:21	Name: data-c Value: k-1aVPcbHtrRYuXguIBhMNMkxE44PcUk5TiKjXDw~~3
.demdex.net/	1970-01-20 15:02:21	Name: demdex Value: 90404518534708767503461990643014658491
.adnxs.com/	1970-01-20 12:52:45	Name: uuid2 Value: 9049886179572028954
.dpm.demdex.net/	1970-01-20 15:02:21	Name: dpm Value: 90404518534708767503461990643014658491
.bidswitch.net/	1970-01-20 19:28:45	Name: tuuid Value: 3c96feba-7ccd-44d7-aa3c-b9c2c09923a6
.bidswitch.net/	1970-01-20 19:28:45	Name: c Value: 1680189376
.bidswitch.net/	1970-01-20 19:28:45	Name: tuuid_lu Value: 1680189376
.id5-sync.com/	1970-01-20 10:43:09	Name: cf Value:
.id5-sync.com/	1970-01-20 10:43:09	Name: cip Value:
.id5-sync.com/	1970-01-20 10:43:09	Name: cnac Value:
.id5-sync.com/	1970-01-20 10:43:09	Name: car Value:
.id5-sync.com/	1970-01-20 10:43:09	Name: gdpr Value:
.id5-sync.com/	1970-01-20 10:43:09	Name: callback Value:
widgets.guidestar.org/	1970-01-20 10:53:14	Name: AWSALBCORS Value: HPrEiLwndgdNhXPQVRaF9MihxmuPyp7MfToh3EGZyiwdXzP0Ogo7/7aWYz+63yHq1ebfM4dxPlTmc7+kK9BuFSqvTbDCncvjckM5QWDLEsKwYI8GeK+kds87/Rms
.casalemedia.com/	1970-01-20 19:28:45	Name: CMID Value: ZCWnwPZzTORAcPI1TK2UDgAA
.casalemedia.com/	1970-01-20 12:52:45	Name: CMPS Value: 5214
.casalemedia.com/	1970-01-20 12:52:45	Name: CMPRO Value: 5214
exchange.mediavine.com/	1970-01-20 11:03:18	Name: mv_tokens Value: %7B%22mv_uuid%22%3A%22d0c5ecb0-cf0d-11ed-8625-895bfdacb73e%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 11:03:18	Name: mv_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22d0c5ecb0-cf0d-11ed-8625-895bfdacb73e%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 11:03:18	Name: am_tokens Value: %7B%22mv_uuid%22%3A%22d0c5ecb0-cf0d-11ed-8625-895bfdacb73e%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 11:03:18	Name: am_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22d0c5ecb0-cf0d-11ed-8625-895bfdacb73e%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 11:03:18	Name: criteo Value: %7B%22id%22%3A%22k-UJnr9bHtrRYuXguIBhMNMkxE44MJ2hnM2C8M0w%22%2C%22version%22%3A%22criteo%22%7D
.tapad.com/	1970-01-20 12:09:33	Name: TapAd_TS Value: 1680189376264
.tapad.com/	1970-01-20 12:09:33	Name: TapAd_DID Value: f890bcde-af83-42d6-80db-292d2c050c52
.yahoo.com/	1970-01-20 19:29:06	Name: A3 Value: d=AQABBMCnJWQCEAE6aAaTWG1CbxywC06mwtoFEgEBAQH5JmQvZAAAAAAA_eMAAA&S=AQAAAg2gEOegvk7w6ujPZ-meTmk
.advertising.com/	1970-01-20 19:29:06	Name: A3 Value: d=AQABBMCnJWQCEC1B6LN0yhdPAtkQjyT3vS8FEgEBAQH5JmQvZAAAAAAA_eMAAA&S=AQAAAvnbSnSoS3INr-ONaFfcVnU
.360yield.com/	1970-01-20 12:52:45	Name: tuuid Value: 126eeb74-9203-4fc7-ae98-8169aae852bb
.360yield.com/	1970-01-20 12:52:45	Name: tuuid_lu Value: 1680189376
.pubmatic.com/	1970-01-20 11:26:21	Name: KRTBCOOKIE_97 Value: 3385-uid:k-z12wV7HtrRYuXguIBhMNMkxE44NPlm6GgVMitg&KRTB&23144-uid:k-z12wV7HtrRYuXguIBhMNMkxE44NPlm6GgVMitg&KRTB&23286-uid:k-z12wV7HtrRYuXguIBhMNMkxE44NPlm6GgVMitg&KRTB&23287-uid:k-z12wV7HtrRYuXguIBhMNMkxE44NPlm6GgVMitg
.tapad.com/	1970-01-20 12:09:33	Name: TapAd_3WAY_SYNCS Value:
.acuityplatform.com/	1970-01-20 19:28:45	Name: auid Value: 761425961825
.acuityplatform.com/	1970-01-20 19:28:45	Name: aum Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqBNjT6jXVzZXJNYXRjaGluZ0lkJAKAkWxhc3REcm9wVGltZU1pbGxpcyUBQ0xidD2SmGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUNMYnQ9ko90aGlyZFBhcnR5VXNlcklkY2Y4OTBiY2RlLWFmODMtNDJkNi04MGRiLTI5MmQyYzA1MGM1MvuBNDn6QiQBokMlAUNMYnQxokQhRSH7gjExM/pCJAOiQyUBQ0xidDGiRCFFIfuBMTf6QiSiQyUBQ0xidDGiRCFFIfuCMTE2+kIkA6hDJQFDTGJ0MaJEIUUh+4IxMzX6QiQEjkMlAUNMYnQxokQhRSH7gTcy+kIkApBDJQFDTGJ0MaJEIUUh+4IxMjD6QiQDsEMlAUNMYnQxokQhRSH7gTEw+kLUQyUBQ0xidDm8RCUBQ0xidDm8RVI5MDQ5ODg2MTc5NTcyMDI4OTU0+4IxMjf6QiQDvkMlAUNMYnQxokQhRSH7+4Z2ZXJzaW9uwvs="
.krxd.net/	1970-01-20 15:02:21	Name: _kuid_ Value: PdzkncDs
.bluekai.com/	1970-01-20 15:08:06	Name: bku Value: tJ/991Y7JVEBOiAq
.bluekai.com/	1970-01-20 15:08:06	Name: bkpa Value: KJyA0n6vQ6919mY7iS1d0H7g/vPaeAo7jhcw6GOOrzLB44+YrlNXPHnqvrgSc3XuCQqJ+PpLGZJeUzx+uOpKjZzYrQabxJXNkzrShEf7F+Mgia3rCynbkOU/j8D9BnGKAJ4XzXKB387xXSDe8cXYrF7I7v4o1UTc9vjNJf1=
.tremorhub.com/	1970-01-20 19:29:06	Name: tvid Value: ba89a59cdc6f4b41b10ef016b99706b4
.tremorhub.com/	1970-01-20 11:26:21	Name: tv_UICR Value: k-aHdSfrHtrRYuXguIBhMNMkxE44NXQhyJtMPo4w
give.marchofdimes.org/	1970-01-20 10:44:35	Name: trustedsite_visit Value: 1
give.marchofdimes.org/	1970-01-20 10:43:09	Name: trustedsite_tm_float_seen Value: 1
.liadm.com/	1970-01-20 20:19:09	Name: lidid Value: f9aab965-2732-4fd0-bd63-a6d3c827761e
.c.paypal.com/	1970-01-20 20:19:09	Name: sc_f Value: 8CsM5DqvapRFo2GD_IL5o95sb8YeNAgK3ASr1Z4-BlEs-LsbS8QHoD6ONF7EyPg5dpKU3BkksBSawAJKOxSl8PW-3_vDm5EPIxr86W
.paypal.com/	1970-01-20 20:19:09	Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK Value: 4PB6KoKUaWQxUnWVfFDz8i2jHaNfRY2bZ4awWlWUHnH9DVtgzPf7R8y9Ov3LRvro9vsu6mf208_Wqhn4
.paypal.com/	1970-01-20 10:43:11	Name: l7_az Value: dcg15.slc
www.trustedsite.com/	1970-01-20 10:53:14	Name: AWSALBCORS Value: 1HkMHP1KxWJbYYhanIfz75hNUNwOodbTZ99NO14AhKCfrkGjgvXOhgDQUhrMT3p3PTN+llkqkxZRuk85VhrvWCsa93eE4bNzMO9Ndks+MwdZhmo1Yk5MvRV/ta+z
.adnxs.com/	1970-01-20 12:52:45	Name: anj Value: dTM7k!M4/rCxrEQF']wIg2H`bN-jG$!A#F0(<h!zS[j?WZ61sKVCxRbWI-SJ)KS`lScDB?Tn>wpVuJzkDQ37goqHaArYmULpuYRCw6Z2t(j#iP(Md+>)fy*KNNrQO
.analytics.yahoo.com/	1970-01-20 19:28:45	Name: IDSYNC Value: "1766~2at3:18zh~2at3"
.pubmatic.com/	1970-01-20 11:26:21	Name: PugT Value: 1680189377
.360yield.com/	1970-01-20 12:52:45	Name: um Value: !38,uLnecYA2ZVpotMuAC93zLX8pZ0BkjePMRAEHbHVn8UmEPebWJcpmMr9QRV.pnQw5cqQ9aRKz,1687965377
.360yield.com/	1970-01-20 12:52:45	Name: umeh Value: !38,0,1742397377,-1
.media.net/	1970-01-20 11:26:21	Name: data-c-ts Value: 1680189377

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=899413162896? Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=899413162896?(Line 142) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=961347434074? Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=961347434074?(Line 142) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8832015.fls.doubleclick.net
a.twiago.com
activity.wisepops.com
ad.360yield.com
ad.doubleclick.net
ad.yieldlab.net
adservice.google.com
apay-us.amazon.com
assets.braintreegateway.com
b.stats.paypal.com
bat.bing.com
beacon.krxd.net
c.paypal.com
c6.paypal.com
cdn.cookielaw.org
cdn.taboola.com
cdn.ywxi.net
client-analytics.braintreegateway.com
cm.adform.net
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
criteo-partners.tremorhub.com
criteo-sync.teads.tv
d2ldlvi1yef00y.cloudfront.net
dis.criteo.com
doublethedonation.com
dpm.demdex.net
dub.stats.paypal.com
dynamic.criteo.com
e.acuityplatform.com
eb2.3lift.com
exchange.mediavine.com
fonts.googleapis.com
fonts.gstatic.com
give.marchofdimes.org
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id5-sync.com
insight.adsrvr.org
js.adsrvr.org
js.braintreegateway.com
loader.wisepops.com
maps.googleapis.com
maps.gstatic.com
marchofdimes.org
match.sharethrough.com
matching.ivitrack.com
maxcdn.bootstrapcdn.com
mug.criteo.com
origin.acuityplatform.com
pagead2.googlesyndication.com
payments.amazon.com
payments.braintree-api.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
popup.wisepops.com
px.adentifi.com
r.casalemedia.com
region1.google-analytics.com
rtb-csync.smartadserver.com
rules.quantcount.com
s.thebrighttag.com
s3-us-west-2.amazonaws.com
secure.adnxs.com
secure.quantserve.com
simage2.pubmatic.com
ssl.kaptcha.com
sslwidget.criteo.com
static-na.payments-amazon.com
static.cloudflareinsights.com
stats.g.doubleclick.net
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.outbrain.com
tags.bluekai.com
trc-events.taboola.com
trc.taboola.com
ums.acuityplatform.com
ups.analytics.yahoo.com
visitor.omnitagjs.com
widget.us.criteo.com
widgets.guidestar.org
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.gstatic.com
www.trustedsite.com
x.bidswitch.net
104.111.217.14
108.138.15.119
141.226.228.48
142.250.185.102
142.250.185.226
142.250.186.134
142.250.186.162
151.101.129.35
151.101.130.133
151.101.193.44
154.59.122.79
154.59.122.94
162.19.138.117
172.67.23.169
178.250.0.157
178.250.1.9
18.192.109.166
18.223.64.90
18.66.112.41
185.255.84.153
185.64.190.80
185.80.39.216
185.86.138.153
185.89.210.90
185.89.211.12
2.22.155.103
2.23.197.36
2001:4860:4802:32::36
2001:4860:4802:38::178
23.206.116.8
23.96.109.67
2600:1f18:612b:4200:56a9:a863:35fa:3ae3
2600:1f18:ed:550f:d48:f65d:a04a:3bfb
2600:9000:223e:5200:14:4f74:f880:21
2600:9000:225e:d400:14:6bfc:5740:93a1
2600:9000:225f:b000:6:44e3:f8c0:93a1
2606:4700:10::6816:4345
2606:4700:20::681a:b13
2606:4700::6810:3865
2606:4700::6812:acf
2606:4700::6813:bb61
2620:116:800d:21:7eb1:3826:be7e:d981
2620:1ec:c11::200
2a00:1450:4001:806::2003
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2008
2a00:1450:4001:813::200e
2a00:1450:4001:827::2003
2a00:1450:4001:829::2003
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2004
2a00:1450:4001:831::2003
2a00:1450:400c:c0c::9b
2a02:2638:3::c
2a02:2638:3::e
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.122.123.120
3.127.20.54
3.33.220.150
3.5.86.140
3.75.62.37
34.111.113.62
34.117.157.22
34.201.238.83
34.225.94.4
35.157.254.245
37.157.3.20
52.209.140.203
52.213.74.200
52.46.131.6
54.148.115.137
54.185.153.95
54.239.28.235
54.72.214.60
63.32.242.157
64.4.245.84
69.173.144.165
70.42.32.63
74.119.119.150
76.223.111.18
76.223.13.31
85.215.5.31
88.221.168.23
007deb8f7a0bca0a0d9ed8b8e711e9be9f34531b2b77cf06b0dc69ba5165d5fc
019696b175f8558a9f629b596b30b4715bf1219fbee3e3588dbacfb1582df84c
02de37e6c05a29703da310424db1ec9d02962b05964458b0974903e066161b33
0aed1fef5b58e8072dfe4226d14008e81a7752e5359c448c1beb537547d8ad13
0c19c0adeab0b61fb69a6cf3e0357c8eb0f230d489ed2f4ed0cd97e1fde0b256
0cc1033bf8560f3163075c711d0ae90b5d01918c85bbd5a7f79badfd82a4cda7
0dc204ce8fb59a2c1864c0273ac638bdc6be6be4ef7c8d40a82ef9df00625e80
109cfb3475cf2124422ae10749c749f53d83010ad362cdd1457cbfd4e24d3b9c
1158286d0999457eb95a4a81008e3583444ab2140445e8792121a37fae4f0ceb
116448ff3191f74560d6d91c76cebc18ec741564aa62d5c6f8bdf8f611e8a2b7
1164ecb2f777a534c77f590ae87b156345764a2b65fda77c127d5fb3694d5ad2
15fd0dfcd3e0ea18da27d4ac561915b6990dbb0abfe01dcd1f8ba8ccce9208fd
18fcc06e8e158f0b20df57e5966474ba5ee428da943b5e27417d7e2bdde6058f
1ad44df389ce4b651d59bb2db6105bec849138d5f56df55e7a6de9ae50e81893
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1ba5287a919753a8fdb18929f1e3e7f6ccc31154169d254872080d11a9b1c4ee
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1fd0a6d8445524122307eb3228ed90648edd400b6881f1b909cb0d0d12df53cf
218b91569ad8f0a5cf1aba89f3957966ecffb7b5852ca25b709bd8f887a00c90
21f7167ab74ead6a6e3489d9b9fba5d85d81ccab4acc32c6903f46be4e0595df
22c9461d0475c88d6fc5621d52d396cfa99e2f270a7621726280d47c57dd6e40
24049fb41335d87d82a9faea10cf9aa2a0ef868037667b029d2953a940cdf67b
25a26a31ffe8b00b9f7b84305ebb06c50376ad33265161f71ccf908604988a92
2a551c6a84e41383c61251d498656509ca2609cf7e5d54a8ed4c8c6df97c3d00
2a79623b8606d1583bada494ecdaac61b10440ba7a0da23185892f9d86f172dc
2aa9b0ccf31fe34e187c3b09bec7e9d8fccdeb48a5b2223d9f80df2a8790a6af
2bd6c30a523ce8b33d96dc79b1d759b5d5634740ae76aa6557e2d3741082e067
2eee0761bf0536e5f4bc229317ca5f9969a78fbfee526ede845fb663a7ea9a16
3014acc16bf3744b41bb869785bf686290d9834a5e6f69d4583c4e39fca26bff
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
35f91a61fb778a5507d8527904d3bb532d0c8655e7a6c77af344df8015adc2c1
3a8aab71d13462db545e890bf14c27a210642f13a61174b20972b6d48536fe06
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e411821523f54d77a721b31f0db063d8dfb2f008c5a2b18e7d9c586dc05fe32
420a436e0e9e1c48a2f9ce50b59fdb2b805d0274cc20fa569fd1726c4dbf90e9
4388358f8e4ced0256b18ac97d008fee4081daa03fe7dd685a3104ee936706d2
4471ccb98d7627f19e1fd997e5562b4be936baf86b6597eb63330c6843fc59c1
46512df65d6f7a2a829b0658449f14bc878fc921288323382f837e9da9c23b84
46b9bf5e74f6b2a500a14b0818145a75b9e0b8d76d7b33b114efed4028ab21e1
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4aa2fdddfcb25552a1713673a954bc864de1a7b22dc0ebe664fe8ddb6bcb21ee
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c73ae3eda72c7eef8b13c75031180df1d81626dec2a68a846094d697fec3546
4d663da5e7f6fe773fda5fe642d04a71cd988f1132b343edb5be914d44a1f534
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e7a91542ec268faeb02be83be87bc0bd37ead5af197eb34afd78d477f4c4326
50729fc01ddcbb59b0af0d2ea959ba56251d5158d45ba32ae05c48bcb23473bb
50afc1962e4dc0407de9a4a19fe336d29ef2743f2cc8993dd423e24fd5b8b0b6
52142e0671ba7294da28434e2a92636b8848c1fe284fe09543c4e8f7e4716d11
52e86f5586819f24342659ff63cc353f4350f806a44d8ac57d21672d1eb9107b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5cc76e7f5b027b2566d97e2701af7b605a376c4a0487302d2634bbceb67eb349
5e3bbafe726c7315d7ede88bfc9f78b6c5a75fa9579a2a75c68185e8e417b358
5fbdec47eb761902c4f7d14ccd5a3b97bbaca6a18d485482157fff7f97684d3d
60545e054ec3ed32276ff337a4775973165502a5d7420dcbe0c7c3c1e3136d6b
675f06d08b68f81fd284510ff1a625dd5edb9382ebcc3dbee78a322fb6e1f723
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2
6da677b1bb2132071aca775218b2b5c6e866265548c07212bbab1f1a0931fc77
6daf092c820d6323f36c5ddad13658cf42a525808c69025cc3e7a36d76ab5508
6e715867b765ec2e09cc3d038600ae8ee3bfba3a51fa6354b5d47863ae6c5108
6e8f6b76132f1b9dfe46847a40f6bda5a9eb11e889663b16e63dfd65ff0e6fb8
6fd4713747a176f34fc584629bc259ae60b4a5190cb81f0371dc7700d31cc690
7176a2935514018f4c12a99dccc108407f9f4bdd7c1be1a097cbec7a90fb7542
71a43dc553fa4925b60196b2fda0cada19776eebb337e8575ca375ca982b3aa4
759cbd9881e14214af52dfb585ccf70ea59037598b67cc9cf6df7d3fea7abfd0
75c911d121bdba9548b91e8a057bfae7edbebe988a7423821fc7d4c090c64b92
75e97846addb18b03d27c2569a76ecbecf3f1729b701b4c708145e1d9d602a8c
7a4c507f02947a44a9e459a37c9f703b2219530f0c68815bcc5f3fd37f991e42
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83c5ffb81eec09aa94d013db8389c24a964285c865f6089edac03fece58ff26d
857b5f687408604ae560898819ad94a3d43931ca7dabfc87e84b5e82d8e2c554
86cb375873208e19ef9ed2e513be7132f9464c148aa954e23fa76d1fea49be4f
89cf66cb9de8da20fc15e9953845dd4d1de2c0fb465c827a09d818449222c533
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8ab6178ed23ee18aa7ea5b16f2114096645d98ab305ba16d290cb80e5dc9760a
8baad8c872e6151f0eebedff088050aa8570d12e30c5ba3e28c4b2cf0a104ebd
8d375fb8f67575a449606683fc8be339674f03ff2fee1c42e632564d0b207c3b
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8e758310065d56c81731fadefacd48f77fe962456070bcd42b4fab78e044a69d
8fc17a517bcaafe39e7c2106483762f877897aa0c22ab9dd472c1cde12188626
929c21db5bf95ecf20f6f913ee57c214a4983e17d8fba30e0f2f830c40e88858
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
947fec2f9330916ea55fd8601137f793dedd0fd8c59db7dd0e28e92872e14c90
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
95a80c620c52ee45cabc3012b7c565993bbe9c448f7a903c687ed19ca2ea182d
982d7ffdc626ce6cdd5acf310b6bc7a71ba48ae70bb6fb52661b29f18be67cf0
984bb82d2cf023307edfe42a24567ab4008b4318090f843ef2b0f095995d49d4
9bcf1193b342ee5bbc99039eb01d044f70464d8e3b1fe1b2a0f47fec121fcebe
9c56f97c002513e5266bed356153984b1612bac56582f71f519180dac3c712d1
9e4f020278de40fec67c8437230d15efc4252b65e99e18eb399432022c9bc528
9ec3bd6685fcfcc08d6ea574d16db5da8622d5a713ce934ef443dc742330ab89
9fa26061bf69aa2713dc46fd1919c2677d8e74c5bf859e3acfaf7cea66367f40
a03c785037ad1b5e421dd7d4335f1f697c0ab24f71aa14e49e632679b4112299
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a066d6c942526152af579203cd19d9e9c9bf270786bf1cee1149ea94b3bf29b3
a09179dd962df38a01440ce2e4748c37bd832fe1ac2f65ad974490a89d63d129
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253
a2925ebc9df04ccd6394511af90bc09bf370d19e6797a2434459574d89a6797e
a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1
a4ef73601a6552d55503bcbd9b6cd23fc0c33fa075f8efe724cddd4e3ee55542
a6d5535eebc025b0ec950d3c1afbf12f0de0f37cdfd7b871caa667b5f62f0f6b
a773ebaa09f389183f3d78fcfb810a1d4b81315ffe01c0027550237aa50f3534
a860f4cc89edb16c78de7469f9f0fa77eaa319a6cdaa73c64a581eba4ab203ca
a8885dda1f5115b78e1b418482712f90f30a9d7e94257c037365d82e7f850534
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b268e5ee1a3ab52d9e62454b75cd857135841032c4bfab584c8b351bee1af103
b2ee3ecd6868f4a2740b36025b04c7b992ca3a02c69985f75d076a2a5dedaba3
b410913850321efd333e39ddf1a5d49a433b29721126ec6d785f8f039e98bc32
b5bc7ed953506310e11e30be374ff8c3f4f4e57d4cf5a9265ee213156d70439f
b6d3f75dcb2320ed386f2dcb0ef91e545558ded6c268cda18015869cb59658d9
b73c2239b5b0ae6e051cb135734dc2101aeaf9032dd6b2c29ce9679330fc0bd0
b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0
b81f50d6d819dd6d6aaf0cb6402329f0479c734ad2f0918eb9f8366b66f78c83
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bdf44a7473d1aa23ccedf8d377d7d4c2b549de4c0df53d2ba4cfe0b022f0ba68
c27d52f5a0d4ebd16e8367a3831dd51566bf87bfec6f48678f6c836ec2cf81fe
c540fb6c113d965f842e6205921df5e238d36780c249e0794962ac5069c5d5f3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb4009a87c060e8cd986760bc62821454c55ff6539a78887df48a43cd0b5d0bb
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd80d0dcb2a44bd30c11fcdf13d4c280f336dad9442ee7da79146f2bb77381a4
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d1802297dea21b3e6a860ccb64dac092312598f1743b8b6b9dd6c30adb4bfe45
d5ba54ef3f43fbe858f0c0fc90f58ac64df5cdc014f3f6155afa96da07407caa
d5e5b7fbd17aad861afd718298e3d533c442395f1d847630c9cc9739a45672df
d965ec7a5f8f5ec6d4790ba72cff6405a11ec9bbeb34f44df43948a5be072fc8
db209390b90b70f4b1ef3540cb581e4ec8edbba21980971b68e4aef5c5d352fb
dbf060c555e91a539d9cb849f4aa0c656db9b0a1da32c99aafb12d7c508c6849
dcc003d373fc9e1c1963e7bfe4bf3eaee9ae2cac7404e5ce3bd5b2f3bbbd14c2
dcc49c76e2faccba32a3f6c2c419e8f6724a46f2ccd16c822be0bae10268294b
dd99424797974da18966bcf847bfd700383ad4d7e5f9fcaa0e50b4b7832e99b7
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dffec77eade20cb809f76c764bc5a8c560f85988fc3913f331fe40de2538b909
e2717d806962fe1e4c9810ca869fb82c8bbd86638ca6787d01ff8c947c20df3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4eaadc2def43bb3f805070c6b7bf4361c6501b710c71188469666c12a8ae37c
e739a94ded503457c8474ba4f648ecf57407f6d97638e67adabe221d1b761cd1
e85a649094d881201f7a886c94cd19e72196c761da5017c9269b03b35ca9c5c4
e944de09b6e048d89b1dff57baf718b2ac1dc0d273e55560decb4c82cc828c8f
eaae9ceef499dbafc3f8082c0e7b44759dd447a561c99a1df70a2f820efecc7e
ebd6d32400095fb406e63e748a6a8451eb6cdefc0f57d5f3217de10fdc57b416
ee01d40bfdd77aba5652b3ff93095712b618a6a2cc2637828bd875979cfe9cb8
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef783ddf3214504338e74ae68ad1cb5229f3e8519eb4a539bb964deb38864ca9
f14ca32c21c673573818ed971e2ed1b7add0aa959d839ed0c80743649829659c
f283fcbda7992093172d1d5d1a3ecc85437378723d6d1b1cc5d3f7a18a9e54cd
f2f5cb21c545b0010b10a9bc7762a5376f5df10cd53aeb2db765d28afb109e9f
f2f66724875ef0f8c7439487ea313065bbc5c523edcd26be97fffe78f2f62c44
f312af48d9dcc5d90470fab6410aabb3b5dcb4c8aaf6e5bc4cdef61f614b9dcb
f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e
f52e4e999a441c151183d77efd6dad3915e650409ea65b94b7e0fc067dcd0abd
f5c5f67296f64062fb152366aae1130efa959945dab66485ff50e63db11b15cd
f6b0708b553a766ec424cc2608fc4687261a22bf981929e1ee5391e41dbae11a
f6cfb0d3d7be77e19468d1f315e892963adf4975af43084e66d25d5b6a7edce1
fb81694d1349900105001b23643fb19aee0afaaa11840b923981e91da0ea8129
fe63a0bc548ebb27d59fe1a01b00dc7dde7c5c108182c65c4ab62a4b0640797d
ffb2b6296499399e97425a808cac659e62b109ec67c335c90438feecdd24ca24

marchofdimes.org Open in urlscan Pro 2606:4700:10::6816:4345 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

296 Requests

91 %HTTPS

35 %IPv6

65 Domains

98 Subdomains

82 IPs

10 Countries

4198 kBTransfer

12292 kBSize

79 Cookies

13 Outgoing links

Redirected requests

296 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

marchofdimes.org Open in urlscan Pro
2606:4700:10::6816:4345 Public Scan

Screenshot
Live screenshot

Full Image

296
Requests

91 %
HTTPS

35 %
IPv6

65
Domains

98
Subdomains

82
IPs

10
Countries

4198 kB
Transfer

12292 kB
Size

79
Cookies

296 HTTP transactions
17 data transactions