www.nytimes.com Open in urlscan Pro
151.101.129.164 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Submission: On September 27 via manual (September 27th 2023, 6:13:11 pm UTC) from US — Scanned from US

Summary HTTP 207 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 66 IPs in 2 countries across 51 domains to perform 207 HTTP transactions. The main IP is 151.101.129.164, located in United States and belongs to FASTLY, US. The main domain is www.nytimes.com. The Cisco Umbrella rank of the primary domain is 5106.
TLS certificate: Issued by Thawte RSA CA 2018 on March 22nd 2023. Valid for: a year.

This is the only time www.nytimes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
28	151.101.129.164 151.101.129.164	54113 (FASTLY) (FASTLY)
2	2607:f8b0:400... 2607:f8b0:4004:c0b::61	15169 (GOOGLE) (GOOGLE)
11	52.3.42.214 52.3.42.214	14618 (AMAZON-AES) (AMAZON-AES)
1	52.54.49.121 52.54.49.121	14618 (AMAZON-AES) (AMAZON-AES)
3	2600:9000:200... 2600:9000:2009:8a00:4:b37b:9440:93a1	16509 (AMAZON-02) (AMAZON-02)
3	18.67.67.228 18.67.67.228	16509 (AMAZON-02) (AMAZON-02)
8	151.101.65.164 151.101.65.164	54113 (FASTLY) (FASTLY)
1 6	2607:f8b0:400... 2607:f8b0:4004:c09::9c	15169 (GOOGLE) (GOOGLE)
7	151.101.193.164 151.101.193.164	54113 (FASTLY) (FASTLY)
8	2602:803:c002... 2602:803:c002:200::62	26667 (RUBICONPR...) (RUBICONPROJECT)
4 5	68.67.160.76 68.67.160.76	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1	34.107.148.139 34.107.148.139	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.84.235.220 54.84.235.220	14618 (AMAZON-AES) (AMAZON-AES)
1	18.160.10.80 18.160.10.80	16509 (AMAZON-02) (AMAZON-02)
2	18.67.64.51 18.67.64.51	16509 (AMAZON-02) (AMAZON-02)
4	18.67.65.34 18.67.65.34	16509 (AMAZON-02) (AMAZON-02)
2 4	18.165.83.3 18.165.83.3	16509 (AMAZON-02) (AMAZON-02)
1	44.211.112.71 44.211.112.71	14618 (AMAZON-AES) (AMAZON-AES)
2 17	52.46.128.147 52.46.128.147	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4004:c07::84	15169 (GOOGLE) (GOOGLE)
1 2	142.251.167.148 142.251.167.148	15169 (GOOGLE) (GOOGLE)
1	2600:9000:24f... 2600:9000:24f3:d600:18:1fcd:353:c61	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::ac43:4842	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9 10	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
11 16	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
2 9	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.227.29.23 54.227.29.23	14618 (AMAZON-AES) (AMAZON-AES)
1	2607:f8b0:400... 2607:f8b0:4004:c1b::9c	15169 (GOOGLE) (GOOGLE)
1 4	23.195.92.23 23.195.92.23	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.72.184.231 23.72.184.231	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.55.205.215 23.55.205.215	16625 (AKAMAI-AS) (AKAMAI-AS)
7 7	3.225.218.10 3.225.218.10	14618 (AMAZON-AES) (AMAZON-AES)
1 5	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3 5	35.71.139.29 35.71.139.29	16509 (AMAZON-02) (AMAZON-02)
1	20.40.202.2 20.40.202.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:1408:c40... 2600:1408:c400:1886::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	2600:1f18:4e9... 2600:1f18:4e9:5a07:3d74:ec94:292f:f7b9	14618 (AMAZON-AES) (AMAZON-AES)
10 14	172.253.63.154 172.253.63.154	15169 (GOOGLE) (GOOGLE)
2	104.36.113.112 104.36.113.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	23.15.9.49 23.15.9.49	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 4	2606:ae80:147... 2606:ae80:1471:17::1050	25751 (VALUECLICK) (VALUECLICK)
1	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
2 2	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1	2600:9000:250... 2600:9000:250a:1200:10:43f:4352:ad61	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4004:c17::65	15169 (GOOGLE) (GOOGLE)
8	2607:f8b0:400... 2607:f8b0:4004:c17::84	15169 (GOOGLE) (GOOGLE)
1	2600:1408:c40... 2600:1408:c400:784::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	40.76.134.238 40.76.134.238	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	162.248.18.37 162.248.18.37	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	35.194.66.159 35.194.66.159	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	104.36.113.107 104.36.113.107	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	162.248.18.34 162.248.18.34	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	2607:f8b0:400... 2607:f8b0:4004:c17::8b	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c07::71	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1d::66	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c07::9c	15169 (GOOGLE) (GOOGLE)
1	67.220.228.203 67.220.228.203	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7 7	54.159.168.32 54.159.168.32	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2600:9000:24f... 2600:9000:24f5:9000:1a:5235:f980:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2600:9000:207... 2600:9000:2073:ee00:1b:6b7d:2300:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.85.132.46 52.85.132.46	16509 (AMAZON-02) (AMAZON-02)
1 2	2607:f8b0:400... 2607:f8b0:4004:c17::93	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4004:c1d::9d	15169 (GOOGLE) (GOOGLE)
6	2606:4700:20:... 2606:4700:20::681a:7e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.251.16.157 142.251.16.157	15169 (GOOGLE) (GOOGLE)
3 3	35.211.178.172 35.211.178.172	19527 (GOOGLE-2) (GOOGLE-2)
2 2	3.135.132.32 3.135.132.32	16509 (AMAZON-02) (AMAZON-02)
2	23.55.204.22 23.55.204.22	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	52.71.201.57 52.71.201.57	14618 (AMAZON-AES) (AMAZON-AES)
1 1	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
1 1	2603:c020:400... 2603:c020:400d:3000:7130:bb0b:d7e:bee2	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1 1	198.148.27.131 198.148.27.131	19189 (PULSEPOINT) (PULSEPOINT)
1 1	216.22.16.8 216.22.16.8	() ()
2 2	173.231.178.116 173.231.178.116	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 2	3.231.182.141 3.231.182.141	14618 (AMAZON-AES) (AMAZON-AES)
1	3.91.167.182 3.91.167.182	14618 (AMAZON-AES) (AMAZON-AES)
1	44.215.82.85 44.215.82.85	14618 (AMAZON-AES) (AMAZON-AES)
1 1	52.87.113.81 52.87.113.81	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2620:112:f002... 2620:112:f002:bbbb::21	6336 (TURN-US-ASN) (TURN-US-ASN)
207	66

28 151.101.129.164 (United States)

ASN54113 (FASTLY, US)

www.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static01.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
myaccount.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwcm.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c0b::61 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.3.42.214 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-42-214.compute-1.amazonaws.com

a.et.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.54.49.121 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-49-121.compute-1.amazonaws.com

als-svc.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2009:8a00:4:b37b:9440:93a1 (United States)

ASN16509 (AMAZON-02, US)

rumcdn.geoedge.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.67.67.228 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-67-228.iad89.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.65.164 (United States)

ASN54113 (FASTLY, US)

g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
csp.dev.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4004:c09::9c (United States) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.193.164 (United States)

ASN54113 (FASTLY, US)

samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
typeface.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2602:803:c002:200::62 (None, )

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 68.67.160.76 (United States) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.84.235.220 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-235-220.compute-1.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.10.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-80.iad12.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.67.64.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-64-51.iad89.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.67.65.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-65-34.iad89.r.cloudfront.net

dd.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.165.83.3 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-165-83-3.iad55.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.211.112.71 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-211-112-71.compute-1.amazonaws.com

purr.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 52.46.128.147 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c07::84 (United States)

ASN15169 (GOOGLE, US)

8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.167.148 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: ww-in-f148.1e100.net

5290727.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24f3:d600:18:1fcd:353:c61 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4842 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 35.71.131.137 (Seattle, United States) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 69.173.151.100 (United States) 11 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.18.27.193 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.227.29.23 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-227-29-23.compute-1.amazonaws.com

pnytimes.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1b::9c (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.195.92.23 (United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-195-92-23.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.72.184.231 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-72-184-231.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.55.205.215 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-55-205-215.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.225.218.10 (Ashburn, United States) 7 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.244.159.8 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nytimes-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.71.139.29 (Seattle, United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.40.202.2 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

collector.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:1886::11a6 (United States)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:4e9:5a07:3d74:ec94:292f:f7b9 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 172.253.63.154 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: bi-in-f154.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.36.113.112 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.15.9.49 (United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-15-9-49.deploy.static.akamaitechnologies.com

hb.yahoo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:ae80:1471:17::1050 (Lombard, United States) 4 redirects

ASN25751 (VALUECLICK, US)

casale-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
medianet-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:250a:1200:10:43f:4352:ad61 (United States)

ASN16509 (AMAZON-02, US)

gw.geoedge.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::65 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4004:c17::84 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:784::11a6 (United States)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.111.113.62 (United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.76.134.238 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

us01.z.antigena.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 162.248.18.37 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.194.66.159 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 159.66.194.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.36.113.107 (United States)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.248.18.34 (United States)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c17::8b (United States)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c07::71 (United States)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1d::66 (United States)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c07::9c (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.220.228.203 (Washington, United States)

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 54.159.168.32 (Ashburn, United States) 7 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-168-32.compute-1.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24f5:9000:1a:5235:f980:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

live.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2073:ee00:1b:6b7d:2300:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.132.46 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-132-46.iad50.r.cloudfront.net

sync1.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c17::93 (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4004:c1d::9d (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:7e5 (United States)

ASN13335 (CLOUDFLARENET, US)

platform.iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.16.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f157.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.211.178.172 (Mountain View, United States) 3 redirects

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.135.132.32 (Seattle, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-135-132-32.us-east-2.compute.amazonaws.com

sync-dmp.mobtrakk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.55.204.22 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-55-204-22.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.71.201.57 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-201-57.compute-1.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.150 (United States) 1 redirects

ASN19750 (AS-CRITEO, US)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:c020:400d:3000:7130:bb0b:d7e:bee2 (United States) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.131 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.22.16.8 (None, ) 1 redirects

ASN- ()

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.231.178.116 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)
PTR: lga-delivery-8.sys.adgear.com

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.231.182.141 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-231-182-141.compute-1.amazonaws.com

thrtle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.91.167.182 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-91-167-182.compute-1.amazonaws.com

crb.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.215.82.85 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-215-82-85.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.87.113.81 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-113-81.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:112:f002:bbbb::21 (United States) 1 redirects

ASN6336 (TURN-US-ASN, US)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	nytimes.com www.nytimes.com — Cisco Umbrella Rank: 5106 a.et.nytimes.com — Cisco Umbrella Rank: 8745 samizdat-graphql.nytimes.com — Cisco Umbrella Rank: 7157 als-svc.nytimes.com — Cisco Umbrella Rank: 11144 myaccount.nytimes.com — Cisco Umbrella Rank: 14953 dd.nytimes.com — Cisco Umbrella Rank: 10077 purr.nytimes.com — Cisco Umbrella Rank: 12505 a.nytimes.com — Cisco Umbrella Rank: 8043 mwcm.nytimes.com — Cisco Umbrella Rank: 18179 csp.dev.nytimes.com — Cisco Umbrella Rank: 51829	2 MB
26	rubiconproject.com 11 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 784 pixel.rubiconproject.com — Cisco Umbrella Rank: 649 eus.rubiconproject.com — Cisco Umbrella Rank: 916 token.rubiconproject.com — Cisco Umbrella Rank: 764 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1711	37 KB
24	amazon-adsystem.com 2 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 404 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 945 aax.amazon-adsystem.com — Cisco Umbrella Rank: 541 s.amazon-adsystem.com — Cisco Umbrella Rank: 429 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1066	81 KB
23	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 235 5290727.fls.doubleclick.net — Cisco Umbrella Rank: 11701 cm.g.doubleclick.net — Cisco Umbrella Rank: 329 googleads.g.doubleclick.net — Cisco Umbrella Rank: 66	202 KB
16	googlesyndication.com 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 169 pagead2.googlesyndication.com — Cisco Umbrella Rank: 122	113 KB
15	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 837 image6.pubmatic.com — Cisco Umbrella Rank: 1171 image2.pubmatic.com — Cisco Umbrella Rank: 1547 simage2.pubmatic.com — Cisco Umbrella Rank: 1265 image4.pubmatic.com — Cisco Umbrella Rank: 1978 simage4.pubmatic.com — Cisco Umbrella Rank: 1746	28 KB
14	nyt.com g1.nyt.com — Cisco Umbrella Rank: 8185 static01.nyt.com — Cisco Umbrella Rank: 5122 a1.nyt.com — Cisco Umbrella Rank: 8080 typeface.nyt.com — Cisco Umbrella Rank: 44220	347 KB
10	yahoo.com 8 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 509 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 783	4 KB
10	adsrvr.org 9 redirects insight.adsrvr.org — Cisco Umbrella Rank: 964 match.adsrvr.org — Cisco Umbrella Rank: 637	5 KB
9	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1026 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 781 dsum.casalemedia.com — Cisco Umbrella Rank: 2664	6 KB
7	bidr.io 7 redirects match.prod.bidr.io — Cisco Umbrella Rank: 950	4 KB
7	media.net 1 redirects prebid.media.net — Cisco Umbrella Rank: 1975 cs.media.net — Cisco Umbrella Rank: 2422 contextual.media.net — Cisco Umbrella Rank: 1062	4 KB
6	iteratehq.com platform.iteratehq.com — Cisco Umbrella Rank: 8737 iteratehq.com — Cisco Umbrella Rank: 7505	32 KB
6	3lift.com 3 redirects tlx.3lift.com — Cisco Umbrella Rank: 970 eb2.3lift.com — Cisco Umbrella Rank: 713	2 KB
6	openx.net 1 redirects rtb.openx.net — Cisco Umbrella Rank: 1029 u.openx.net — Cisco Umbrella Rank: 1024 us-u.openx.net — Cisco Umbrella Rank: 863 nytimes-d.openx.net — Cisco Umbrella Rank: 31046	6 KB
5	gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn1.gstatic.com	142 KB
5	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 360	12 KB
4	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 802	1 KB
4	dotomi.com 4 redirects casale-match.dotomi.com — Cisco Umbrella Rank: 5639 medianet-match.dotomi.com — Cisco Umbrella Rank: 17858	1 KB
4	scorecardresearch.com 2 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 239	1 KB
4	geoedge.be rumcdn.geoedge.be — Cisco Umbrella Rank: 2688 gw.geoedge.be — Cisco Umbrella Rank: 3264	140 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 614	2 KB
3	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 182 www.google.com — Cisco Umbrella Rank: 11	2 KB
3	brandmetrics.com cdn.brandmetrics.com — Cisco Umbrella Rank: 3746 collector.brandmetrics.com — Cisco Umbrella Rank: 4828	23 KB
2	thrtle.com 1 redirects thrtle.com — Cisco Umbrella Rank: 2192	684 B
2	adgrx.com 2 redirects cm.adgrx.com — Cisco Umbrella Rank: 2200	1011 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1562	1 KB
2	mobtrakk.com 2 redirects sync-dmp.mobtrakk.com — Cisco Umbrella Rank: 4221	695 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 178
2	intentiq.com 1 redirects sync.intentiq.com — Cisco Umbrella Rank: 1438 sync1.intentiq.com — Cisco Umbrella Rank: 2789	2 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 1237	644 B
2	yahoo.net hb.yahoo.net — Cisco Umbrella Rank: 2263	1 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1904 c.go-mpulse.net — Cisco Umbrella Rank: 861	51 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	182 KB
1	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 1432	518 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 1542	554 B
1	bfmio.com sync.bfmio.com — Cisco Umbrella Rank: 2870	425 B
1	kargo.com crb.kargo.com — Cisco Umbrella Rank: 2259	359 B
1	smartadserver.com 1 redirects rtb-csync.smartadserver.com	792 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 957	960 B
1	technoratimedia.com 1 redirects sync.technoratimedia.com — Cisco Umbrella Rank: 2443	4 KB
1	criteo.com 1 redirects dis.criteo.com — Cisco Umbrella Rank: 910	585 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 254	57 KB
1	primis.tech 1 redirects live.primis.tech — Cisco Umbrella Rank: 2560	531 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 830	515 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 1332	659 B
1	antigena.com us01.z.antigena.com — Cisco Umbrella Rank: 8827
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 96	21 KB
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 1624
1	chartbeat.net pnytimes.chartbeat.net — Cisco Umbrella Rank: 10576	201 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 2129	24 KB
207	51

	Domain	Requested by
17	s.amazon-adsystem.com	2 redirects rumcdn.geoedge.be s.amazon-adsystem.com u.openx.net ssum-sec.casalemedia.com ads.pubmatic.com
13	cm.g.doubleclick.net	10 redirects u.openx.net s.amazon-adsystem.com www.nytimes.com
11	www.nytimes.com	www.nytimes.com rumcdn.geoedge.be
10	samizdat-graphql.nytimes.com	www.nytimes.com
9	match.adsrvr.org	8 redirects u.openx.net
9	a.et.nytimes.com	www.nytimes.com myaccount.nytimes.com
8	tpc.googlesyndication.com	rumcdn.geoedge.be 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
8	pixel.rubiconproject.com	4 redirects s.amazon-adsystem.com www.nytimes.com
8	fastlane.rubiconproject.com	www.nytimes.com
8	g1.nyt.com	www.nytimes.com g1.nyt.com
7	match.prod.bidr.io	7 redirects
7	token.rubiconproject.com	6 redirects eus.rubiconproject.com
7	ups.analytics.yahoo.com	7 redirects
6	pagead2.googlesyndication.com	securepubads.g.doubleclick.net rumcdn.geoedge.be tpc.googlesyndication.com
6	myaccount.nytimes.com	www.nytimes.com myaccount.nytimes.com rumcdn.geoedge.be
6	securepubads.g.doubleclick.net	1 redirects www.nytimes.com rumcdn.geoedge.be securepubads.g.doubleclick.net
5	simage2.pubmatic.com	ads.pubmatic.com
5	eb2.3lift.com	3 redirects ads.pubmatic.com
5	ib.adnxs.com	4 redirects www.nytimes.com
4	iteratehq.com	platform.iteratehq.com
4	image2.pubmatic.com	ads.pubmatic.com
4	pixel.tapad.com	2 redirects ads.pubmatic.com s.amazon-adsystem.com
4	cs.media.net	1 redirects
4	dsum-sec.casalemedia.com	1 redirects www.nytimes.com ssum-sec.casalemedia.com
4	sb.scorecardresearch.com	2 redirects www.nytimes.com
4	dd.nytimes.com	www.nytimes.com dd.nytimes.com myaccount.nytimes.com
3	x.bidswitch.net	3 redirects
3	encrypted-tbn0.gstatic.com	8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
3	pr-bh.ybp.yahoo.com	1 redirects u.openx.net ads.pubmatic.com
3	ssum-sec.casalemedia.com	1 redirects s.amazon-adsystem.com ssum-sec.casalemedia.com
3	c.amazon-adsystem.com	www.nytimes.com c.amazon-adsystem.com
3	rumcdn.geoedge.be	www.nytimes.com rumcdn.geoedge.be
2	thrtle.com	1 redirects
2	cm.adgrx.com	2 redirects
2	pm.w55c.net	2 redirects
2	contextual.media.net
2	sync-dmp.mobtrakk.com	2 redirects
2	medianet-match.dotomi.com	2 redirects
2	www.googleadservices.com	8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
2	platform.iteratehq.com	www.nytimes.com platform.iteratehq.com
2	www.google.com	1 redirects rumcdn.geoedge.be
2	googleads.g.doubleclick.net	8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
2	sync-tm.everesttech.net	2 redirects
2	dsum.casalemedia.com	ssum-sec.casalemedia.com
2	casale-match.dotomi.com	2 redirects
2	hb.yahoo.net	ssum-sec.casalemedia.com www.nytimes.com
2	image6.pubmatic.com	ads.pubmatic.com
2	typeface.nyt.com	myaccount.nytimes.com
2	us-u.openx.net	u.openx.net
2	u.openx.net	1 redirects s.amazon-adsystem.com
2	eus.rubiconproject.com	s.amazon-adsystem.com eus.rubiconproject.com
2	ads.pubmatic.com	s.amazon-adsystem.com ads.pubmatic.com
2	cdn.brandmetrics.com	www.googletagmanager.com rumcdn.geoedge.be
2	a1.nyt.com	www.nytimes.com www.googletagmanager.com
2	5290727.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com	securepubads.g.doubleclick.net rumcdn.geoedge.be
2	a.nytimes.com	www.nytimes.com myaccount.nytimes.com
2	aax.amazon-adsystem.com	c.amazon-adsystem.com
2	www.googletagmanager.com	www.nytimes.com www.googletagmanager.com
2	static01.nyt.com	www.nytimes.com
1	ad.turn.com	1 redirects
1	sync.ipredictive.com	1 redirects
1	sync.bfmio.com
1	crb.kargo.com
1	rtb-csync.smartadserver.com	1 redirects
1	bh.contextweb.com	1 redirects
1	sync.technoratimedia.com	1 redirects
1	simage4.pubmatic.com	ads.pubmatic.com
1	dis.criteo.com	1 redirects
1	nytimes-d.openx.net
1	www.googletagservices.com	8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
1	sync1.intentiq.com
1	sync.intentiq.com	1 redirects
1	live.primis.tech	1 redirects
1	px.ads.linkedin.com	s.amazon-adsystem.com
1	aax-eu.amazon-adsystem.com	s.amazon-adsystem.com
1	csp.dev.nytimes.com	s.go-mpulse.net
1	encrypted-tbn1.gstatic.com	8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
1	encrypted-tbn3.gstatic.com	8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
1	image4.pubmatic.com	ads.pubmatic.com
1	um.simpli.fi	1 redirects
1	us01.z.antigena.com	ads.pubmatic.com
1	pixel-us-east.rubiconproject.com	1 redirects
1	c.go-mpulse.net	myaccount.nytimes.com
1	www.google-analytics.com	rumcdn.geoedge.be
1	gw.geoedge.be	rumcdn.geoedge.be
1	sync.taboola.com	ssum-sec.casalemedia.com
1	s.go-mpulse.net	myaccount.nytimes.com
1	collector.brandmetrics.com	cdn.brandmetrics.com
1	adservice.google.com	5290727.fls.doubleclick.net
1	pnytimes.chartbeat.net	www.nytimes.com
1	insight.adsrvr.org	1 redirects
1	static.chartbeat.com	www.nytimes.com
1	mwcm.nytimes.com	www.nytimes.com
1	purr.nytimes.com	www.nytimes.com
1	config.aps.amazon-adsystem.com	rumcdn.geoedge.be
1	tlx.3lift.com	www.nytimes.com
1	prebid.media.net	www.nytimes.com
1	rtb.openx.net	www.nytimes.com
1	als-svc.nytimes.com	www.nytimes.com
207	100

This site contains links to these domains. Also see Links.

Domain
myaccount.nytimes.com
courts.mt.gov
montanafreepress.org
dailymontanan.com
www.aclu.org
help.nytimes.com
www.nytco.com
nytmediakit.com
www.tbrandstudio.com

Subject Issuer	Validity	Valid
nytimes.com Thawte RSA CA 2018	`2023-03-22` - `2024-04-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
a.et.nytimes.com R3	`2023-09-13` - `2023-12-12`	3 months	crt.sh
als-svc.nytimes.com R3	`2023-08-04` - `2023-11-02`	3 months	crt.sh
gw.geoedge.be Amazon RSA 2048 M01	`2023-08-12` - `2024-09-09`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
prebid.media.net GTS CA 1D4	`2023-08-31` - `2023-11-29`	3 months	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
dd.nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-08` - `2024-04-06`	a year	crt.sh
purr.nytimes.com R3	`2023-09-05` - `2023-12-04`	3 months	crt.sh
a.nytimes.com R3	`2023-08-15` - `2023-11-13`	3 months	crt.sh
s.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-03` - `2024-02-19`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.chartbeat.com Thawte TLS RSA CA G1	`2023-05-16` - `2024-06-06`	a year	crt.sh
brandmetrics.com GTS CA 1P5	`2023-09-05` - `2023-12-04`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2022-12-19` - `2023-12-30`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
casalemedia.com Cloudflare Inc ECC CA-3	`2023-05-21` - `2024-05-20`	a year	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
*.brandmetrics.com Go Daddy Secure Certificate Authority - G2	`2023-05-10` - `2024-06-10`	a year	crt.sh
akstat.io DigiCert TLS RSA SHA256 2020 CA1	`2023-04-05` - `2024-04-04`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-29` - `2024-02-21`	6 months	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.z.antigena.com Sectigo ECC Domain Validation Secure Server CA	`2023-04-03` - `2024-04-02`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon RSA 2048 M01	`2023-06-21` - `2024-03-02`	8 months	crt.sh
iteratehq.com E1	`2023-09-24` - `2023-12-23`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
*.prod.use1.green.ops.kargo.com Amazon RSA 2048 M01	`2022-11-10` - `2023-12-09`	a year	crt.sh
*.bfmio.com Amazon RSA 2048 M02	`2023-03-17` - `2024-04-14`	a year	crt.sh

This page contains 25 frames:

Primary Page: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Frame ID: EC24214BA0C1C4D543848DB90D1C3934
Requests: 88 HTTP requests in this frame

Frame: https://myaccount.nytimes.com/auth/prefetch-assets
Frame ID: 1D6CDDE0C2D79F348F2AB9B0A0FC1BD4
Requests: 2 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t
Frame ID: 6E389E2BDB60E2CAF9C459EFF265A344
Requests: 1 HTTP requests in this frame

Frame: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D44EF38F5E6A785F2B3A5A9E80434277
Requests: 1 HTTP requests in this frame

Frame: https://5290727.fls.doubleclick.net/activityi;dc_pre=CMD5gqWyy4EDFWMPaAgdt2sAgQ;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=1637536371.1695838386;u17=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html;u5=;u18=anon;gtm=45He39p0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html
Frame ID: D20A5B7FD0AAF2CA980C306912C15D41
Requests: 2 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Frame ID: 0302942ED9EBC178865AED47793A0213
Requests: 2 HTTP requests in this frame

Frame: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&display=newsletter_morning_test&asset=RegiWall&application=Free_Experience&preloaded=true
Frame ID: 6C9EEEB776B32B59DEB06785919D5E9D
Requests: 15 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Frame ID: 8879FD53B5B6B2CD2897748C5557171B
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Frame ID: F3A7D0F893749EAEAD1123D7F9C88174
Requests: 20 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Frame ID: 7BE173C9CF3B38281C2AABE4FA6943E8
Requests: 16 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS1fNDdKM19oRTJ1THhOMk9GUDN5N2VvOVNnYlJ2TVFGdH5B
Frame ID: CCAA237CE3687FF216669F6AC59922ED
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Frame ID: 11B1357AF493FA81A2C540D0639C7310
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=4312465876001392131&ex=appnexus.com
Frame ID: 4CEF0133BC0EAC3B823C040DF69054A3
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=1449237798462052953525
Frame ID: B62B5B5A05334303E788B8369F39F272
Requests: 1 HTTP requests in this frame

Frame: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 491588CAC143AB5966EA82990BFDDF93
Requests: 18 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UID66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8
Frame ID: 05F8AD2847C36E19F4C665885167AE2C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: A16DBDD9D739CE7EB85E07875F1207F8
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1oOvdJ-Zd8iyZzymJJP8dpJcIY19edQL40-8Fy2m33E.js
Frame ID: B4CD257A1216E57867DB8E39192D479C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 36905E7E1C6DFD95F4A5FFE9B4122117
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 321B3C465A62E3E0A13945DCA50A1F5A
Requests: 2 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&redir=true&gdpr=0&gdpr_consent=
Frame ID: 30C7744F4A8A97E40656FBC3A2A6C90B
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAETbk7KKOEAABhYSu3RjA&gdpr=0&gdpr_consent=
Frame ID: 53C131EE0CED6840202E3D2F0C2206F3
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4312465876001392131&gdpr=0&gdpr_consent=
Frame ID: 0643CD2B873369832FA675A151F5B40C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=841704ac-5d61-11ee-93b1-2a795dd41d4d
Frame ID: 9D3A2FE32B043C0694A375255A607FD8
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UID66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8
Frame ID: 2D52E9B33C61B7FAFCAED7F1F41FDB77
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Montana’s Ban on Transition Care for Minors Is Blocked - The New York Times

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Datadome (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

207
Requests

81 %
HTTPS

33 %
IPv6

51
Domains

100
Subdomains

66
IPs

2
Countries

3226 kB
Transfer

9640 kB
Size

134
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://myaccount.nytimes.com/auth/login?response_type=cookie&client_id=vi&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&asset=masthead
Title: Log in

Search URL Search Domain Scan URL

URL: https://courts.mt.gov/external/library/docs/judgesbio2.pdf
Title: was appointed

Search URL Search Domain Scan URL

URL: https://montanafreepress.org/2022/06/09/montana-poised-to-elect-first-openly-transgender-lawmakers/
Title: first openly transgender woman

Search URL Search Domain Scan URL

URL: https://dailymontanan.com/wp-content/uploads/2023/04/Senate-Bill-99-Amendatory-Veto-Letter.pdf
Title: saying it

Search URL Search Domain Scan URL

URL: https://www.aclu.org/cases/van-garderen-et-al-v-state-of-montana?document=First-Amended-Complaint
Title: filed a lawsuit

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014792127-Copyright-notice
Title: © 2023 The New York Times Company

Search URL Search Domain Scan URL

URL: https://www.nytco.com/
Title: NYTCo

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015727108-Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.nytco.com/careers/
Title: Work with us

Search URL Search Domain Scan URL

URL: https://nytmediakit.com/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://www.tbrandstudio.com/
Title: T Brand Studio

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893428-Terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-sale
Title: Terms of Sale

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-Sale
Title: Terms of Sale

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893428-Terms-of-Service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/10940941449492-The-New-York-Times-Company-Privacy-Policy-
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://sb.scorecardresearch.com/b?c1=2&c2=3005403&ns__t=1695838384894&ns_c=UTF-8&c8=Montana%E2%80%99s%20Ban%20on%20Transition%20Care%20for%20Minors%20Is%20Blocked%20-%20The%20New%20York%20Times&c7=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1695838384894&ns_c=UTF-8&c8=Montana%E2%80%99s%20Ban%20on%20Transition%20Care%20for%20Minors%20Is%20Blocked%20-%20The%20New%20York%20Times&c7=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&c9=

Request Chain 58

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t

Request Chain 68

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=1637536371.1695838386;u17=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html;u5=;u18=anon;gtm=45He39p0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html HTTP 302
https://5290727.fls.doubleclick.net/activityi;dc_pre=CMD5gqWyy4EDFWMPaAgdt2sAgQ;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=1637536371.1695838386;u17=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html;u5=;u18=anon;gtm=45He39p0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html

Request Chain 73

https://insight.adsrvr.org/track/pxl/?adv=bomn82o&ct=0:s2f54xh&fmt=3&ttl=43200&gtmcb=1917813809 HTTP 302
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=5590d811-dc9a-4fb5-af35-dad0b675eae8 HTTP 302
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4312465876001392131&ttd_tdid=5590d811-dc9a-4fb5-af35-dad0b675eae8 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=5590d811-dc9a-4fb5-af35-dad0b675eae8&expiration=1698430387&gdpr=0&gdpr_consent=

Request Chain 81

https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3388399861524506000V10

Request Chain 82

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Request Chain 85

https://ups.analytics.yahoo.com/ups/58251/sync?redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58251/sync?redir=true&verify=true HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS1fNDdKM19oRTJ1THhOMk9GUDN5N2VvOVNnYlJ2TVFGdH5B

Request Chain 86

https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D HTTP 302
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D

Request Chain 87

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 302
https://s.amazon-adsystem.com/ecm3?id=4312465876001392131&ex=appnexus.com

Request Chain 88

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=1449237798462052953525

Request Chain 102

https://match.adsrvr.org/track/cmf/openx?oxid=bead7d77-7d63-337f-4431-cbc6c147e3d6&gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NTU5MGQ4MTEtZGM5YS00ZmI1LWFmMzUtZGFkMGI2NzVlYWU4&gdpr=0&gdpr_consent=&ttd_tdid=5590d811-dc9a-4fb5-af35-dad0b675eae8 HTTP 302
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=5590d811-dc9a-4fb5-af35-dad0b675eae8&google_gid=CAESEK3m9V_qxrXelSfc8OCM74U&google_cver=1

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL99U_5oCYvW-A-jBB88Sjw&google_cver=1

Request Chain 112

https://match.adsrvr.org/track/cmf/casale HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=5590d811-dc9a-4fb5-af35-dad0b675eae8&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&redir=true HTTP 302
https://hb.yahoo.net/cksync?cs=63&axid_e=eS00NGhWOEFoRTJ1RXhNUGI4bHkwSzkwX0pXT0hFMzNxa35B&gdpr=0&ovsid=5590d811-dc9a-4fb5-af35-dad0b675eae8&dpid=55953

Request Chain 113

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZRRwsr3Ny2RAs4hX-gddIAAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGDivy2F3b128nJp1X-Z5DE&google_cver=1

Request Chain 114

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZRRwsr3Ny2RAs4hX_gddIAAACvgAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEHoaRTyjNqx8StTPkq78VIM&google_cver=1

Request Chain 115

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
https://casale-match.dotomi.com/match/bounce/current?DotomiTest=42aab27685f30549&is_secure=true&networkId=19998&version=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAABwt12XT5MbwNEryl5AAAAAAA&expiration=1695924787&is_secure=true

Request Chain 116

https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID HTTP 302
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=4312465876001392131

Request Chain 118

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=ZRRwswATh1d4PQA_ HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZRRwswATh1d4PQA_&_test=ZRRwswATh1d4PQA_

Request Chain 127

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LN22E08X-15-5418 HTTP 302
https://s.amazon-adsystem.com/ecm3?id=LN22E08X-15-5418&ex=d-rubiconproject.com&status=ok

Request Chain 129

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZtwXp5FTTGWC4Y_Pu8Pe6A%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 130

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=30e929b1-07b2-4261-b055-9b064f08800a%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5590d811-dc9a-4fb5-af35-dad0b675eae8&ttd_puid=30e929b1-07b2-4261-b055-9b064f08800a%2C%2C

Request Chain 133

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjZEQzE3QTctOTE1My00QzY1LTgyRTEtOEZDRkJCQzNERUU4&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 134

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJQyz2pvsDH8WAW020XGewM&google_cver=1

Request Chain 135

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:5469571E4C844DE788E049DF39F33D3A

Request Chain 136

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&gdpr_consent=

Request Chain 137

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-wOKt_q9E2uVUikjEDgRYtoqYyPUUAkA-~A&gdpr=0

Request Chain 150

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OWZiYzEyNGJhYzUxYjc0N2U5NzJlYmMyYmM2YTAzMzk2NzkxOWVlMw

Request Chain 152

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LN22E08X-15-5418

Request Chain 153

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPBE9cJh1H_dPEsNTOlWEIw&google_cver=1

Request Chain 154

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TE4yMkUwOFgtMTUtNTQxOA== HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKfzipFnQvnrzph2tex7UcU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE4yMkUwOFgtMTUtNTQxOA==&google_push=

Request Chain 155

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&gdpr_consent=&expires=30

Request Chain 156

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/yT_y-pAXdJ6PM71uKVLopsn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-GbDPUm9E2oJdNLNDoj194s0XgnEyHohoYDhOmQ--~A

Request Chain 157

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=hLKiB5VqSpeKf8tLZ8Tfsg&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=hLKiB5VqSpeKf8tLZ8Tfsg

Request Chain 158

https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp HTTP 303
https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&_bee_ppp=1 HTTP 303
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAETbk7KKOEAABhYSu3RjA&expires=30

Request Chain 159

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LN22E08X-15-5418&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LN22E08X-15-5418&redir=true HTTP 302
https://hb.yahoo.net/cksync?cs=63&axid_e=eS00NGhWOEFoRTJ1RXhNUGI4bHkwSzkwX0pXT0hFMzNxa35B&ovsid=LN22E08X-15-5418&dpid=58160

Request Chain 160

https://token.rubiconproject.com/token?pid=37556&a=1 HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LN22E08X-15-5418

Request Chain 161

https://pixel.rubiconproject.com/exchange/sync.php?p=primis HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LN22E08X-15-5418 HTTP 301
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LN22E08X-15-5418 HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LN22E08X-15-5418&ckls=true&ci=HcwDsHcRHW&nc=false&trid=253238734

Request Chain 164

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 168

https://sb.scorecardresearch.com/c2/3005403/cs.js HTTP 302
https://sb.scorecardresearch.com/internal-c2/3005403/cs.js

Request Chain 169

https://securepubads.g.doubleclick.net/pagead/adview?ai=CMiZWsnAUZfq4C_-YoPMPosabkAiclujscY-FsZmGCNWTlpjeOhABIMjW9RlgyYaAgNyjxBCgAarOtusDyAEJ4AIAqAMByANKqgTHAk_QiV75F0xmHkr7vAsC2FuXPZIuzZ0kN61WgmDM1mFcKLGOCu5jROicoSu6FP6FavBBSddp63Ze7-nJFog4MSAgNsbDcbrKld2dxLzGRMlE_HLFMF4OSNZikRE548f5wqoxTXKmm2hTqVQYZYK6thsOE_NQjWMouQzpzkFe8Md8GQTI4uYNrIu8wN2jFilvF3-2r_XBJiyQP2025zu18kaIXMcxXvSPjZ8SKNCrtYNB0Kac-uRECqSWjwFKy5PiuBGidakuN30QcAOZou2KCtdPQgJrf_zl8cMOfsG0N4P_WZwgedhU8JvaFUPtLhxeifUumF52hBBNFwkMWocawmXpufL9USgZsejNask3UgsfFC0uZ0yWwwLBMpEIa_ArClTpn2a69rRZ_xEEclez5_nIaDYWJEY9AmyR-Q9yE_jIiMKEu2JMG8AE-vTE3uoB4AQBiAWwk56_A5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe-sckUqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcFELukiQHSCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJH2h0dHBzOi8vd3d3Lnh0ZXJyYXdldHN1aXRzLmNvbS-ACgPICwHaDBAKChDwkOf1yL-aoiISAgED4g0TCNjh56Syy4EDFX8MaAgdIuMGgtgTAtAVAZgWAYAXAbIXHgocCAASFHB1Yi05NTQyMTI2NDI2OTkzNzE0GJ7nFQ&sigh=A5v7ZpGD2y0&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaNAy_dEuIFrGxXDTY97f-66XNQ9jLJP3T1laS0nGQUu0SEueUql617uYvsuPY-CaVUU9bWIhCPuiSAexiWUbBJeH4nW0g2DgUYAQ&template_id=311&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb5ca95bcb9556cfd0000000000000000%22,%222%22:%220x435e9115f3d183f50000000000000000%22,%223%22:%220x501026d7de66160c0000000000000000%22,%224%22:%220xd4c99ba7a3ad1e260000000000000000%22,%225%22:%220xe6402ca1954049480000000000000000%22},%22debug_key%22:%229429011883512680841%22,%22debug_reporting%22:true,%22destination%22:%22https://xterrawetsuits.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221030596394%22],%224%22:[%2209-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210764847291238189553%22}&andc=true

Request Chain 185

https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&redir=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Dcon%26ovsid%3D%24UID HTTP 302
https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=78fda0d9649e0530&is_secure=true&version=1&networkId=57734&gdpr=%24%7BGDPR%7D&gdpr_consent=%24%7BGDPR_CONSENT%7D&redir=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Dcon%26ovsid%3D%24UID HTTP 302
https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAAB4LU3wRS-HQN5VLtkAAAAAAA&expiration=1695924789&is_secure=true&gdpr_consent=${GDPR_CONSENT}&gdpr=${GDPR}

Request Chain 186

https://x.bidswitch.net/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1 HTTP 302
https://sync-dmp.mobtrakk.com/match/bidswitch?id=${user_id}&gdpr=&consent=&usp=&ssp=medianet&bsw=6feb8dde-d916-4ff0-bd55-dc3157bce6a2 HTTP 302
https://sync-dmp.mobtrakk.com/match/bidswitch?id=%24%7Buser_id%7D&gdpr=&consent=&usp=&ssp=medianet&bsw=6feb8dde-d916-4ff0-bd55-dc3157bce6a2&chk=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=457&user_id=NjA3MDlkZDgzZGY4YTI0Ng&gdpr=&gdpr_consent=&us_privacy=&ssp=medianet&bsw_param=6feb8dde-d916-4ff0-bd55-dc3157bce6a2 HTTP 302
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=6feb8dde-d916-4ff0-bd55-dc3157bce6a2&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 187

https://eb2.3lift.com/sync?px=1&src=prebid& HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3658&xuid=5590d811-dc9a-4fb5-af35-dad0b675eae8&dongle=0cfd&gdpr=0&gdpr_consent=

Request Chain 188

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_ HTTP 302
https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=fce3gcAb1QLz255

Request Chain 190

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=&gpp=${GPP_STRING_142}&gpp_sid=${GPP_SID}&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=e39f9f5f-4cb9-4dd4-8d92-dded18717a30&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=

Request Chain 196

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFVGJrN0tLT0VBQUJoWVN1M1JqQQ&gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://sync.technoratimedia.com/services?uid=AAETbk7KKOEAABhYSu3RjA&srv=cs&pid=73&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0 HTTP 307
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://bh.contextweb.com/bh/rtset?ev=AAETbk7KKOEAABhYSu3RjA&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAETbk7KKOEAABhYSu3RjA&pid=558502&do=add&gdpr=0 HTTP 303
https://rtb-csync.smartadserver.com/redir?partneruserid=AAETbk7KKOEAABhYSu3RjA&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=4&userid=2823099493271102769&gdpr=0&gdpr_consent= HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAETbk7KKOEAABhYSu3RjA&gdpr=0&gdpr_consent=

Request Chain 197

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4312465876001392131&gdpr=0&gdpr_consent=

Request Chain 198

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=841704ac-5d61-11ee-93b1-2a795dd41d4d

Request Chain 200

https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&gdpr=0&gdpr_consent= HTTP 302
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&vxii_pid=12&vxii_pid1=10067&vxii_rcid=8ce735ce-5e4c-4d4f-8174-d516cbd3cd56

Request Chain 204

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=c80ba617-56b0-497f-ae9d-b39620034ec8&gdpr=0&gdpr_consent=

Request Chain 205

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3050744800502580243&gdpr=0&gdpr_consent=&us_privacy=

207 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request montana-transgender-ban.html Show response
www.nytimes.com/2023/09/27/us/ 198 KB
64 KB 116ms
45ms Document
text/html 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

85086520b731460950de6282474a6180b8c5fbee169ccce9d1a44a939d2e0cca

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 641
cache-control: s-maxage=300,no-cache
content-encoding: gzip
content-length: 63865
content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-type: text/html; charset=utf-8
date: Wed, 27 Sep 2023 18:13:04 GMT
fastly-restarts: 1
last-modified: Wed, 27 Sep 2023 17:58:22 GMT
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/2023/09/27/us/montana-transgender-ban.html
server: nginx
strict-transport-security: max-age=63072000; preload; includeSubdomains
vary: Accept-Encoding, Fastly-SSL
x-api-version: F-F-VI
x-b3-traceid: 1fd56e0617cd47debd6f7c93a6c333a1
x-cache: HIT, HIT
x-cache-hits: 20, 1
x-content-type-options: nosniff
x-datadome: protected
x-datadome-timer: S1695837989.289662,VS0,VE9
x-frame-options: DENY
x-gdpr: 0
x-nyt-app-webview: 0
x-nyt-data-last-modified: Wed, 27 Sep 2023 17:58:22 GMT
x-nyt-edge-cache: HIT-HIT
x-nyt-route: vi-story
x-origin-time: 2023-09-27 18:06:29 UTC
x-pagetype: vi-story
x-scoop-last-modified: 2023-09-27T17:01:29.198Z
x-served-by: cache-lga21983-LGA, cache-mia-kmia1760079-MIA
x-timer: S1695838384.207077,VS0,VE13
x-xss-protection: 1; mode=block

GET
H2 200 web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
g1.nyt.com/fonts/css/ 60 KB
10 KB 59ms
28ms Stylesheet
text/css 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

09bff184ea094a06e46d7f26512fd7b245304078a27f1ba8084488cbcf7704de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:13 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 20521613
x-guploader-uploadid: ADPycduGY6M3wNYHV6UpueyfnsXJLOxiOAQwp3106DL_EFazhtPLZl2SiGLw-MEdlW4L8uCNG3OcGvr0KYfUUjnOG146xEM6rVi6
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9868
x-served-by: cache-mia-kmia1760079-MIA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1695838384.292696,VS0,VE0
etag: "b79308aee772cf8921761a4fdb884fe5"
vary: X-Goog-Allowed-Resources, Accept-Encoding
x-goog-generation: 1673991774978541
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=ay5bmg==, md5=t5MIrudyz4khdhpP24hP5Q==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 9868
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 28166

GET
H2 200 global-f449cfd9976ad673ef2b7ab5098b85be.css
www.nytimes.com/vi-assets/static-assets/ 6 KB
3 KB 29ms
28ms Stylesheet
text/css 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176

Security Headers

Name

Value

Content-Security-Policy

upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 20521610
x-guploader-uploadid: ADPycdt8r4Sy5spKEF0AnU13DTGVA7nuX-jkD-SWiMRd8nUps-1K0IjGlNy6qIUMtsi1hT-qVPmTbQHnE2dgCEKlDwHaT8bItqwu
x-goog-stored-content-encoding: identity
x-origin-time: 2023-02-02 05:46:13 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1695838384.262894,VS0,VE1
etag: "e74f8b7c668251280cf3e52e20455a1c"
vary: X-Goog-Allowed-Resources, Accept-Encoding, Fastly-SSL
x-goog-generation: 1675282674119408
content-type: text/css; charset=utf-8
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 27798
expires: Fri, 02 Feb 2024 05:46:13 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 1968
last-modified: Thu, 02 Feb 2023 04:31:58 GMT
server: UploadServer
x-goog-hash: crc32c=jAKqfw==, md5=50+LfGaCUSgM8+UuIEVaHA==
x-gdpr: 0
x-goog-stored-content-length: 5656
accept-ranges: bytes

GET
H2 200 adslot-7deebbf17022df3b47c5.js Show response
www.nytimes.com/vi-assets/static-assets/ 23 KB
9 KB 29ms
29ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/adslot-7deebbf17022df3b47c5.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

d243c46f684dca0921a186cc19ca02e5abfaa97d4eb42489b91ecbd07a13f1cd

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 513620
x-guploader-uploadid: ADPycdtNTSdTGJHmQtO82RZ1LZhMbZw52kXjrfQprvv8muk5egemXR621SlyPRaUmXUr_0JZgpzuC_kaewooKRJHx7EJdAGRxUw_
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-21 19:32:44 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1695838384.293384,VS0,VE1
etag: "c1f38d027c1b26b7d4457550fad574d4"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1695324678594128
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-7deebbf17022df3b47c5.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 3687
expires: Fri, 20 Sep 2024 19:32:44 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 7956
last-modified: Thu, 21 Sep 2023 19:31:18 GMT
server: UploadServer
x-goog-hash: crc32c=8u5SMA==, md5=wfONAnwbJrfURXVQ+tV01A==
x-gdpr: 0
x-goog-stored-content-length: 23058
accept-ranges: bytes

GET
H2 200 author-ernesto-londono-thumbLarge.png
static01.nyt.com/images/2022/05/19/reader-center/author-ernesto-londono/ 23 KB
23 KB 38ms
29ms Image
image/png 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2022/05/19/reader-center/author-ernesto-londono/author-ernesto-londono-thumbLarge.png

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

c5ba5b401146479b013e52b3558548e56cd5a65018ad3c6aa691349d592b190e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Wed, 20 Sep 2023 13:28:57 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 17019
x-guploader-uploadid: ADPycdsVBFIh8jCdVg3BJ1X-nRxqW7ve4A83IQwTd4cN4IU95Ufo087Qk7QEP6KDtJufL6q7yPPpNi8quddKHFijQmGvd3v4AoBW
x-cache: HIT, HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 23254
x-served-by: cache-iad-kjyo7100086-IAD, cache-mia-kmia1760079-MIA
last-modified: Thu, 19 May 2022 20:52:14 GMT
server: UploadServer
x-timer: S1695838384.330462,VS0,VE1
etag: "300bd2aa0b05482c00740706d7758d21"
x-goog-generation: 1652993534388069
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=4f6hNA==, md5=MAvSqgsFSCwAdAcG13WNIQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 23254
x-amz-checksum-crc32c: 4f6hNA==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 9, 1

GET
H2 200 27nat-montana-trans-cmfk-jumbo.jpg
static01.nyt.com/images/2023/09/27/multimedia/27nat-montana-trans-cmfk/ 74 KB
75 KB 29ms
29ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/09/27/multimedia/27nat-montana-trans-cmfk/27nat-montana-trans-cmfk-jumbo.jpg?quality=75&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0664961298d6e93ad5d37647650bc8c0f33ded6e53ecffdca7a92a60cebb943c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Wed, 27 Sep 2023 16:13:00 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
fastly-io-served-by: vpop-mnz1300718
age: 7204
x-guploader-uploadid: ADPycdtqZ5BdL_1FzNcCWFYE7OT4GtGVpkpUO4YQreecHOGGQ3q5q7Fxx83uZwRuDE27GmnrrkQzWi2zNxDliC27QBatNw
x-cache: MISS, HIT
fastly-io-info: ifsz=164198 idim=1024x683 ifmt=jpeg ofsz=76116 odim=1024x683 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 76116
x-served-by: cache-iad-kiad7000133-IAD, cache-mia-kmia1760079-MIA
server: UploadServer
x-timer: S1695838384.335084,VS0,VE1
etag: "gRyFpAvmBd/ssvpKgZ2Oxj9ZsZoVJJ41+wEnIVXLasU"
vary: Accept
x-goog-generation: 1695831165530645
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=mu7QXw==, md5=Nf1PJBmfMZPGANCCfQwC1w==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 164198
x-amz-checksum-crc32c: mu7QXw==
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 1

GET
H2 200 vendor-0069f25bbffec4fd3fca.js Show response
www.nytimes.com/vi-assets/static-assets/ 183 KB
55 KB 61ms
59ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendor-0069f25bbffec4fd3fca.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

d57cdc47f635d0573f2ffd7afe1ef996c81373cddc10fa4ab69cbbad71903ed2

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 3100203
x-guploader-uploadid: ADPycduE6JJ2E1WQ7wrjr_xy1wfP2-ljx5QQ3Dn5MBpsWVHv3ChWD2gg0kMshtMlw7KvNOGB7TYWIo-jlIir3CqUUN3QhmA7o0xc
x-goog-stored-content-encoding: identity
x-origin-time: 2023-08-22 21:03:01 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1695838384.343813,VS0,VE1
etag: "bc5afe0bf5d5a9cb0fb1c46991c1a7dd"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1692738112756072
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-0069f25bbffec4fd3fca.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 38349
expires: Wed, 21 Aug 2024 21:03:01 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 55409
last-modified: Tue, 22 Aug 2023 21:01:52 GMT
server: UploadServer
x-goog-hash: crc32c=WqBOpw==, md5=vFr+C/XVqcsPscRpkcGn3Q==
x-gdpr: 0
x-goog-stored-content-length: 187763
accept-ranges: bytes

GET
H2 200 story-7c92bd0a2188de07a4f7.js Show response
www.nytimes.com/vi-assets/static-assets/ 2 MB
525 KB 30ms
28ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/story-7c92bd0a2188de07a4f7.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

da840c8ab4f7896c16197e475607c1d29492b3507864a8c3b537a1b679c67596

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 5822
x-guploader-uploadid: ADPycdtK89lDbPTG2I3Nhf8XZezZJpaAHIJqYIsQYaGF1rwawGEz0KwodFtuR1_MMBCs4a-6W0FXRptK7gSLqNTh9n-vFg
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-27 16:36:01 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1695838384.343914,VS0,VE1
etag: "929c833f3712e602a9db4070ef16f9b8"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1695832111749702
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/story-7c92bd0a2188de07a4f7.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 2
expires: Thu, 26 Sep 2024 16:36:01 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 535887
last-modified: Wed, 27 Sep 2023 16:28:31 GMT
server: UploadServer
x-goog-hash: crc32c=dN9F1Q==, md5=kpyDPzcS5gKp20Bw7xb5uA==
x-gdpr: 0
x-goog-stored-content-length: 1989353
accept-ranges: bytes

GET
H2 200 main-77649f976ae7b90cd555.js Show response
www.nytimes.com/vi-assets/static-assets/ 1 MB
409 KB 60ms
58ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/main-77649f976ae7b90cd555.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

f13f08a7d84a37aa43b063e88661aac5ebe09dfaba150099bcb6976428bc86c0

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 5824
x-guploader-uploadid: ADPycdv5magapnsQKZta2yKAHTUI2MlXNbZjnY-Gi-NbO4YYiCG6pj9Sq0ZzkVoidH2MEZLNXDg3WVnV2Gga1TrTx4xwl-u4ZSBv
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-27 16:36:01 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1695838384.344199,VS0,VE2
etag: "9fab26e92b42df3848f8820a58e410f2"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1695832111472542
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-77649f976ae7b90cd555.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1
expires: Thu, 26 Sep 2024 16:36:00 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 417672
last-modified: Wed, 27 Sep 2023 16:28:31 GMT
server: UploadServer
x-goog-hash: crc32c=J0W48g==, md5=n6sm6StC3zhI+IIKWOQQ8g==
x-gdpr: 0
x-goog-stored-content-length: 1454265
accept-ranges: bytes

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 445 KB
120 KB 280ms
67ms Script
application/javascript 2607:f8b0:4004:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::61 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

49c0ff12cc2fe44a7b4d44702dc2a61e7b3f92ead6cdc8be67deff8e68b6fe39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122856
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 304ms
76ms Ping
text/plain 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-42-214.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 149 B
982 B 38ms
38ms XHR
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

7837207f1197c426c0551dcbead6be815beff78431f5c45e84014a94cfde09d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
nyt-app-type: project-vi
Content-Type: application/json

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 0
age: 28
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: 609df8c20775d7d6
samizdat-x-canary: false
x-served-by: cache-mia-kmia1760079-MIA
x-graphiti-gateway: 44540f6d
x-nyt-country: US
x-timer: S1695838385.577027,VS0,VE1
x-nyt-continent: NA
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: NY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: NA:PM
x-nyt-edge-cache: HIT
x-cache-hits: 3
x-samizdat-query-sup-code
date: Wed, 27 Sep 2023 18:13:04 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: HIT
samizdat-x-instance: f61e077b
x-envoy-upstream-service-time: 32
content-length: 132
last-modified: Wed, 27 Sep 2023 18:12:36 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 als Show response
als-svc.nytimes.com/ 1 KB
1 KB 295ms
77ms XHR
application/json 52.54.49.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2F11e85d61-3217-5e43-a989-7679ba76d18d&typ=&prop=nyt&plat=web

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.54.49.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-54-49-121.compute-1.amazonaws.com

Software

envoy /

Resource Hash

bf2e3faee701cc3b65cc1a66ad651738712733a85bb41be9cc4e4c484544da09

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:04 GMT
via: 1.1 google
content-encoding: gzip
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: als-svc.nytimes.com:443/*
server: envoy
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 25
access-control-allow-headers: DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Cookie, Accept, x-requested-by, x-api-key, nyt-a

GET
H2 200 grumi-ip.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ 15 KB
6 KB 276ms
63ms Script
application/javascript 2600:9000:2009:8a00:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2009:8a00:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c67b2c5a246898ee41fbb13a7aa993bd4f1f446248e10afdc609a3d2462ceacb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 17:29:41 GMT
x-amz-version-id: 529mGTWo4WgLpg_sMm_5VjDEh.tP6gvG
content-encoding: br
last-modified: Thu, 14 Sep 2023 09:38:00 GMT
server: AmazonS3
via: 1.1 8aad346c495a4d92f652a000a22d62fa.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
etag: W/"30a1d10e64cddb8e92a6c2a24a8de6a6"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=14400, stale-while-revalidate=14400, immutable
age: 2604
x-amz-cf-id: MbFZs6cEhl5svI84aepWxxatLUdNueG_vHCQz-P9lSXrBow89LjBSQ==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 255 KB
63 KB 271ms
58ms Script
application/javascript 18.67.67.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.67.228 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-67-228.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 79bc00b1ba3e228fe806d7ddfc0bd9a9b9eb904701a35d6dc435932c0b17c1e3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 17:46:24 GMT
content-encoding: gzip
via: 1.1 e0a78b49206aba2a7e76eb45b9688a8e.cloudfront.net (CloudFront), 1.1 d0f195624e615b103c40900f88cfd922.cloudfront.net (CloudFront)
last-modified: Thu, 21 Sep 2023 19:18:13 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-P2, IAD89-P1
age: 1601
x-amz-server-side-encryption: AES256
etag: W/"1e9fb8c04a3987274adf2a65103a9f65"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: _qwwxTuRWttt2H0q-8FC1JsNN0o0aMPA9HRF-5yiuLIq1hkIIDdwFg==

GET
H2 200 prebid8.1.0.js Show response
www.nytimes.com/ads/ 302 KB
96 KB 58ms
57ms Script
text/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/ads/prebid8.1.0.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

baabb01c05f5a7a83cf26233fcbb29790b584afb736caa63cb26ed1d051aa78d

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 437648
x-guploader-uploadid: ADPycdtbDDNbklkybrAJBmhEgxn64js4gqMNIE0erR2ALsE33K1xuJTtflg-wcj4MDU0uGTmpRI54yN1HiBqQ_22jfJjvxVHzPxO
x-goog-stored-content-encoding: identity
x-origin-time: 2023-07-07 16:38:50 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1695838384.344211,VS0,VE1
etag: "69d0b1569bbd0b87116d60db3a12cd34"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1687806692468937
content-type: text/javascript
access-control-allow-origin: *
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/ads/prebid8.1.0.js
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-nyt-app-webview: 0
x-nyt-route: ads-static-assets
x-nyt-edge-cache: HIT
x-cache-hits: 19295
expires: Fri, 07 Jul 2023 16:38:50 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 2
content-length: 97611
last-modified: Mon, 26 Jun 2023 19:11:32 GMT
server: UploadServer
x-goog-hash: crc32c=VcerCA==, md5=adCxVpu9C4cRbWDbOhLNNA==
x-gdpr: 0
x-goog-stored-content-length: 308841
accept-ranges: bytes

GET
H2 200 franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 226ms
28ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:14 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 20521608
x-guploader-uploadid: ADPycdvQ2tsmGwZia24nvWakIeZnee2wv1rzUt2BXERCh59TPYCEAO8j_YhUC7Tm9O6g4YhfpMMJc6RN-GAWsVjQQ9iUrw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20276
x-served-by: cache-mia-kmia1760081-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1695838385.556235,VS0,VE0
etag: "91eaf6b5642463af4091160b4bbfdfcb"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991776265363
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=teZvhg==, md5=ker2tWQkY69AkRYLS7/fyw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20276
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 43380

GET
H2 200 franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2
g1.nyt.com/fonts/family/franklin/ 19 KB
20 KB 225ms
27ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:14 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 20521610
x-guploader-uploadid: ADPycdu6oPoB1lrm4nrC4uTUUYNY-TofJyZlB9vtnbOiIBPE-fi_s2qGLKfRMBlk6qzPidfKWIlELGLSh8aAJjFiZPkf-A
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 19816
x-served-by: cache-mia-kmia1760081-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1695838385.556225,VS0,VE0
etag: "0f4aea3d462cdb64748629efcbbf36bc"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991776231570
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=bdL0Mw==, md5=D0rqPUYs22R0hinvy782vA==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 19816
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 44106

GET
H2 200 franklin-normal-300.a6479a5200f9a6352bdb71589c27c9c3.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 225ms
28ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-300.a6479a5200f9a6352bdb71589c27c9c3.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

284b0236a4042298beab7fbd92e85285533473c1316488a1fd2e0aa3522f607a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:14 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 20521609
x-guploader-uploadid: ADPycdtHZimkENI25xdU7BsitGrnxmI3oF8roZd4P3mZJCogcWNG6EaXi0kJ1EYl1EuE7n9dvw0dQxluf4c4x_aR4DdRPQ
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20136
x-served-by: cache-mia-kmia1760081-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1695838385.556225,VS0,VE0
etag: "a6479a5200f9a6352bdb71589c27c9c3"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991776222225
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=pRBawg==, md5=pkeaUgD5pjUr23FYnCfJww==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20136
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 39679

GET
H2 200 cheltenham-normal-700.530cfb72378419eedb60da7e266ad5f1.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
28 KB 258ms
61ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-700.530cfb72378419eedb60da7e266ad5f1.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

564385e5dd8a1058fd759445c33b2c554d409528496b9d91533eeb079f6415de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:53 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 20521571
x-guploader-uploadid: ADPycdtYKTELTTIh77YD3fVMYiGUBupyK_NkrG4lYnCw0wQqa4_H6rVJ7m3RLALvZPh-Yva1xXdGVfFVTfCTU4XxIQwFR_B0gEOD
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28276
x-served-by: cache-mia-kmia1760081-MIA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1695838385.556599,VS0,VE0
etag: "530cfb72378419eedb60da7e266ad5f1"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991775200429
x-goog-hash: crc32c=O9qQIA==, md5=Uwz7cjeEGe7bYNp+JmrV8Q==
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 28276
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 22502

GET
H2 200 imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
g1.nyt.com/fonts/family/imperial/ 26 KB
26 KB 259ms
62ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:14 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 20521609
x-guploader-uploadid: ADPycdsRwda_EOB5LpJhdwDZj2vpvKyH11TDWKhKDAem_9p0RfOsFUxnQkm3TV4Hwsv6-apktrq3fDaEj6u5WFfP3HOeppLc9Dco
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26504
x-served-by: cache-mia-kmia1760081-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1695838385.556588,VS0,VE0
etag: "6131cd77b6e216c7693ed925f4309ffc"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991776736810
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 26504
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 42523

GET
H2 200 imperial-normal-700.024693f96c8f2c457e4a6a8d02a636b7.woff2
g1.nyt.com/fonts/family/imperial/ 25 KB
25 KB 258ms
61ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/imperial/imperial-normal-700.024693f96c8f2c457e4a6a8d02a636b7.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a931fed0c94dffa9e7b8c2211bbef72da62d20b73cd718be5d515bd8962cf078

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Thu, 25 Jul 2024 09:02:36 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 5476229
x-guploader-uploadid: ADPycdtH5Xu6N3R22XpKSnEU3twlb-woTm7tghNWUpEa9xJqbdRJK4PBGwzhOuNSFqlzwIMFVHCHp_ZDXF2KnshjdcK51h71C73t
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 25680
x-served-by: cache-mia-kmia1760081-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1695838385.556594,VS0,VE0
etag: "024693f96c8f2c457e4a6a8d02a636b7"
x-goog-generation: 1673991776787974
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=VQvFEQ==, md5=AkaT+WyPLEV+SmqNAqY2tw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 25680
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 16019

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 106 KB
29 KB 248ms
88ms Script
text/javascript 2607:f8b0:4004:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/adslot-7deebbf17022df3b47c5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9c , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe959c9063db59f41dbf732c4e716e61725dcc7196fe89dc8f10656b0174e87c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29369
x-xss-protection: 0
server: cafe
etag: 243 / 19627 / m202309210101 / config-hash: 6931952053510451608
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 27 Sep 2023 18:13:04 GMT

GET
H2 200 prefetch-assets Show response
myaccount.nytimes.com/auth/ Frame 1D6C 332 B
1 KB 79ms
42ms Document
text/html 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/auth/prefetch-assets

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy / Express

Resource Hash

aada35f35104e66e80549712d9076243d16273e36cfc162cb599fc219c49631b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 538
cache-control: public, max-age=600
content-encoding: gzip
content-length: 256
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-type: text/html; charset=utf-8
date: Wed, 27 Sep 2023 18:13:04 GMT
etag: W/"14c-40SIrtvtTcC2IGF9DvY0jp/D4b4"
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
vary: Accept-Encoding
via: 1.1 google, 1.1 varnish
x-api-version: F-X
x-cache: HIT
x-cache-hits: 10
x-cloud-trace-context: 9ae60df10fb2d08fa15c163b3d7aa695
x-content-type-options: nosniff
x-datadog-parent-id: 1940779471755431294
x-datadog-sampled: 1
x-datadog-sampling-priority: 0
x-datadog-trace-id: 2221103291150755877
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 28
x-nyt-backend: lire-ui
x-nyt-edge-cache: HIT
x-powered-by: Express
x-served-by: cache-mia-kmia1760079-MIA

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 240ms
27ms Preflight 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 189
content-encoding: gzip
content-length: 20
date: Wed, 27 Sep 2023 18:13:04 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 19
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 17
x-nyt-audience-target-flat: NA:PM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: NY
x-samizdat-query-exe-id: b62c39fec32320e4
x-samizdat-query-field-errors: 0
x-served-by: cache-mia-kmia1760064-MIA
x-timer: S1695838385.547869,VS0,VE1

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
3 KB 330ms
148ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088370&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rf=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.invCode=nyt_us_top&tg_i.pbadslot=top&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=24a7b743c1acfc&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6557536269839344
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 -, , ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 1560274f4b427b35f9d02fc07a8591fac20de16c2b82c92e15a43bde026fc648

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 416 B
929 B 327ms
146ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.invCode=nyt_us_mid1&tg_i.pbadslot=story-ad-1&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=3583ebeec64cb2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8813792247481451
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 -, , ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 04e5a860e37154bab806061542590a21cfb00ba727f1ee25ef7200a6df38c9a2

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:04 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 416
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 416 B
754 B 372ms
191ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.invCode=nyt_us_mid2&tg_i.pbadslot=story-ad-2&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=4a5232f6ecdd91&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9940112494128919
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 -, , ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7b9447e90b1fa53aceff22719995122391fed5e9713a84d8d9988a65a29bec05

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:04 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 416
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
3 KB 329ms
147ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.invCode=nyt_us_mid3&tg_i.pbadslot=story-ad-3&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=5b50f8a9024cb6&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6831017364936143
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 -, , ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: fe438925933c385a5b2853dc023ac3721f6ab4bacb7bdbae6b1f4d0eb5e5b8b9

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 416 B
755 B 381ms
201ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.invCode=nyt_us_mid4&tg_i.pbadslot=story-ad-4&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=67be524d793122&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.029309909399151124
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 -, , ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 8c1947652b650658b7573122c3e836ab794dedf89c922a43e0abf777eeebe1d2

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:04 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 416
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 416 B
754 B 326ms
147ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.invCode=nyt_us_mid5&tg_i.pbadslot=story-ad-5&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=7c368ca1b04066&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6265506787366308
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 -, , ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 23b95c1b7b3b2b5e95951fea1e41615b6370c8b022f833e5faed2fc00b9ce8d2

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:04 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 416
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
3 KB 346ms
167ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088372&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.invCode=nyt_us_mid6&tg_i.pbadslot=story-ad-6&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=804580f79ab7b8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.09925636581820707
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 -, , ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7853f075e37608b0c15951998a703809e643aa9db53ee12f4431d1043a80cdea

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
3 KB 328ms
149ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12330&site_id=378266&zone_id=2088374&size_id=2&alt_size_ids=55%2C57&p_pos=btf&rf=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.domain=nytimes.com&tg_i.page=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tg_i.invCode=nyt_us_bottom&tg_i.pbadslot=bottom&tk_flint=pbjs_lite_v8.1.0&l_pb_bid_id=94a17e71a4e83c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8454987264699068
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c002:200::62 -, , ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: a0f48f37377e5f14b05f2560e82bbfe408c1e10fcbeb97d6696754287e753b67

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 26 KB
9 KB 488ms
354ms XHR
application/json 68.67.160.76
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.76 , United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

aa65623efddc8ae214640d70385acd5186b75edf4649c1802acf508c2a0e1cce

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:05 GMT
content-encoding: gzip
an-x-request-uuid: 3a625649-24fe-48f3-831d-834175343166
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 38.132.118.77; 38.132.118.77; 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebidjs Show response
rtb.openx.net/openrtbb/ 8 KB
5 KB 363ms
300ms XHR
text/plain 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.openx.net/openrtbb/prebidjs
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 39c3bbf56d0dcbf6d0a6fe627102e417b923cf50a8821f9cb0a55956c57f9413

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: gzip
via: 1.1 google
vary: Origin
content-type: text/plain
access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
1004 B 207ms
131ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU4WQK98
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: ac769485aa4a02f63378b356613b150f8a1f3ce4ef9cd8adbe33bd0bdbca02b7

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Wed, 27 Sep 2023 18:13:04 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
527 B 259ms
148ms XHR
application/json 54.84.235.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.1.0&referrer=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&tmax=10000

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/ads/prebid8.1.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.84.235.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-84-235-220.compute-1.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:04 GMT
accept-ch: sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 vendors~bestsellers~card~collections~explainer~home~liveAsset~markets~paidpost~privacy~reviews~searc~c3cac964-d1211a7d4434b0014275.js Show response
www.nytimes.com/vi-assets/static-assets/ 43 KB
10 KB 29ms
28ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~bestsellers~card~collections~explainer~home~liveAsset~markets~paidpost~privacy~reviews~searc~c3cac964-d1211a7d4434b0014275.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

c93370ec287d636bf91e692eecdb45d3e3696cabfd2dcb7c728303d88d39a9be

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 86742
x-guploader-uploadid: ADPycdtpird-D3wWHFtTiWD54UZhMUPWp54ux1H1OQ2ApjC00tg5RqlrTrp6ahUQHOoLfOluhrsl_jp3-1wgGl9R1u4hIIGqlI3A
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-26 18:07:22 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1695838385.774806,VS0,VE1
etag: "f3325db4ed530885d3795e7c3c03fb58"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1695751536839927
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~bestsellers~card~collections~explainer~home~liveAsset~markets~paidpost~privacy~reviews~searc~c3cac964-d1211a7d4434b0014275.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 4159
expires: Wed, 25 Sep 2024 18:07:22 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 9089
last-modified: Tue, 26 Sep 2023 18:05:37 GMT
server: UploadServer
x-goog-hash: crc32c=TbvV/A==, md5=8zJdtO1TCIXTeV58PAP7WA==
x-gdpr: 0
x-goog-stored-content-length: 44279
accept-ranges: bytes

GET
H2 200 vendors~audio~bestsellers~byline~collections~explainer~home~liveAsset~markets~paidpost~reviews~searc~40d3959e-4d38ebde0ce049bbfdd5.js Show response
www.nytimes.com/vi-assets/static-assets/ 45 KB
14 KB 30ms
29ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~audio~bestsellers~byline~collections~explainer~home~liveAsset~markets~paidpost~reviews~searc~40d3959e-4d38ebde0ce049bbfdd5.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

958b929efda1605da550c969b90450a5a2604c9e5ca92f537e52a6f7f677555d

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 1111295
x-guploader-uploadid: ADPycdvVgY-oRjzJU7Vxut97t9IOOlcHqWAnD9uWTd5wbaL2F3j8lnf6c6FHxgmSAG3MiVWHoIYhAiALdomoMgMoyjJSDA
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-14 21:31:47 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1695838385.775420,VS0,VE1
etag: "2bf32c59cd1aca260220d8f7123330c2"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1694726632691275
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~bestsellers~byline~collections~explainer~home~liveAsset~markets~paidpost~reviews~searc~40d3959e-4d38ebde0ce049bbfdd5.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 32469
expires: Fri, 13 Sep 2024 21:31:29 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 14191
last-modified: Thu, 14 Sep 2023 21:23:52 GMT
server: UploadServer
x-goog-hash: crc32c=4mjtbQ==, md5=K/MsWc0ayiYCINj3EjMwwg==
x-gdpr: 0
x-goog-stored-content-length: 46354
accept-ranges: bytes

GET
H2 200 vendors~bestsellers~card~collections~explainer~liveAsset~markets~paidpost~privacy~reviews~search~sli~69d4e00a-d7e1b610c5f6a348748c.js Show response
www.nytimes.com/vi-assets/static-assets/ 20 KB
5 KB 31ms
30ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~bestsellers~card~collections~explainer~liveAsset~markets~paidpost~privacy~reviews~search~sli~69d4e00a-d7e1b610c5f6a348748c.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

290ddb5c02c9d8679b52653c0c424af207d68907449b430874df091a22fcc74f

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 5824
x-guploader-uploadid: ADPycdvjDanWGmFYHAYXsQ5mC4CIbGjYVMgTjmKxbj-0KVZPV5LPIEAj0H-Js1XVvF-lgCyVsmTj7wc_pbEkTtgY4DvSyg
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-27 16:36:02 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1695838385.775318,VS0,VE1
etag: "fa65b361eb6570b96d18bc78bf84cc6e"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1695832111350117
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~bestsellers~card~collections~explainer~liveAsset~markets~paidpost~privacy~reviews~search~sli~69d4e00a-d7e1b610c5f6a348748c.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 306
expires: Thu, 26 Sep 2024 16:36:01 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 4441
last-modified: Wed, 27 Sep 2023 16:28:31 GMT
server: UploadServer
x-goog-hash: crc32c=ROYLXg==, md5=+mWzYetlcLltGLx4v4TMbg==
x-gdpr: 0
x-goog-stored-content-length: 20721
accept-ranges: bytes

GET
H2 200 unified-lire.bundle.js Show response
myaccount.nytimes.com/lire_ui/js/ Frame 1D6C 485 KB
160 KB 28ms
27ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=984b955

Requested by

Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

8a0f1628ae40f1c65f58ee1b1de14ad64bc40f8e391e516e8196115b5631ea8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Wed, 27 Sep 2023 14:40:59 GMT
date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: gzip
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-api-version: F-X
age: 112
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache: HIT
x-envoy-upstream-service-time: 43
content-length: 162879
x-served-by: cache-mia-kmia1760079-MIA
x-nyt-backend: lire-ui
server: envoy
etag: "PdmPmw"
content-type: application/javascript
x-cloud-trace-context: 4a2ef9da24603b85da03c3b6f71ac2e1
cache-control: public, max-age=600
x-nyt-edge-cache: HIT
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 grumi.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ 197 KB
67 KB 66ms
65ms Script
text/javascript 2600:9000:2009:8a00:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2009:8a00:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1c205a67e110a122f2d950dc0b68a8491b4ea2f24a1480ff88582d4246a6d647

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 17:29:41 GMT
x-amz-version-id: 9UVO7azPGfNEWgrxIOokbiIbNhiA9F6W
content-encoding: br
last-modified: Wed, 27 Sep 2023 16:59:58 GMT
server: AmazonS3
via: 1.1 8aad346c495a4d92f652a000a22d62fa.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
etag: W/"ab9f11ac2df57ea4ca0986e513542ce6"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
age: 2604
x-amz-cf-id: oQWkDF43fdvmlre0JVmYi0zpEEXhL-AHSZBblhO0XA-mVLlJlzJjEA==

GET
H2 200 3030 Show response
config.aps.amazon-adsystem.com/configs/ 505 B
772 B 166ms
50ms Script
application/javascript 18.160.10.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/3030
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-80.iad12.r.cloudfront.net
Software: CloudFront /
Resource Hash: f4c8c10c577f10d982568bd0e5128cb974cc1b3a889dc41a7712734d161de050

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 17:18:21 GMT
via: 1.1 736ad67f05a9a5a8fd5ed8cba30196f4.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: IAD12-P3
age: 3283
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 505
x-amz-cf-id: G2hGLcZzMl7Xq6TlCC27ynqKFfhPDi_NW_rsmxdkA_-FSiexYdxVnA==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
309 B 48ms
48ms XHR
text/plain 18.67.67.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3030&u=https%3A%2F%2Fwww.nytimes.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.67.228 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-67-228.iad89.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 17:34:44 GMT
via: 1.1 d0f195624e615b103c40900f88cfd922.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: IAD89-P1
age: 2299
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.nytimes.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: c0IsKFxDI31Eh50S4P_zLtsxwn3-rzHpxoFDyyjVMA_iDFauWdeR4A==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 191 B
631 B 333ms
226ms XHR
text/javascript 18.67.64.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&pid=r662QhP28V63C&cb=0&ws=1600x1200&v=23.919.1525&t=2000&slots=%5B%7B%22sd%22%3A%22top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22top_art_web%22%7D%5D&pj=%7B%22si_section%22%3A%22us%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.64.51 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-64-51.iad89.r.cloudfront.net

Software

Server /

Resource Hash

4dce82188087b5a879afaed84f7c41579a9ccd759994d30d908879edc355ca62

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:05 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 b9d1b307966c2273bf97ed7c681603da.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: IAD89-P1
x-amz-rid: EHH57P9CMR3XH341M7G1
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 191
x-amz-cf-id: RdzXISz2m3EYJalNlgPe-hIrl3r-kda4s55h09wZVgQ8W_raFmxiBw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 155ms
49ms XHR
application/javascript 18.67.67.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.67.228 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-67-228.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 126bc2e5c4c1b9ac0ffa004edc6f02c4.cloudfront.net (CloudFront)
date: Wed, 27 Sep 2023 11:44:36 GMT
x-amz-cf-pop: IAD89-P1
age: 23309
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: OVJsMb00uvec2rr8ky1Ey-99TN_l7uf44Vb3dB6UfLtzLZ5CQydSaw==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210101/ 409 KB
129 KB 53ms
53ms Script
text/javascript 2607:f8b0:4004:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210101/pubads_impl.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9c , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

17a60971acd82c65cd57863f07cbc2fc9124483c6fb6f9bfa270019c058a479c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 22:00:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72749
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 132106
x-xss-protection: 0
server: cafe
etag: 17184539905708832606
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 25 Sep 2024 22:00:35 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 178 KB
61 KB 62ms
61ms Script
application/javascript 2607:f8b0:4004:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N5P6T9S&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::61 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

25a27c7b16c376c14f690d119b2ac48f54974d3fb107aec2bce59b49c56fb694

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 62585
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 27 Sep 2023 18:13:04 GMT

GET
H2 200 tags.js Show response
dd.nytimes.com/ 298 KB
61 KB 217ms
56ms Script
text/javascript 18.67.65.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/tags.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-34.iad89.r.cloudfront.net

Software

Apache /

Resource Hash

887f1e249e870d52cd78628117b0286a77a68cf092ca501c17c839606e6d3e54

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
via: 1.1 4a050b98a443ca2d3af477f9b4dc39ae.cloudfront.net (CloudFront)
date: Wed, 27 Sep 2023 17:22:13 GMT
x-amz-cf-pop: IAD89-P1
age: 3052
x-cache: Hit from cloudfront
last-modified: Tue, 19 Sep 2023 14:50:58 GMT
server: Apache
etag: "4a77c-605b762febfe2-gzip"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: XAl8YMPTKj-pZeh6GID_eXc_zkoxeLp-fVntJzKzOXrIFQBCfECZJA==
expires: Wed, 27 Sep 2023 18:22:13 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=3005403&ns__t=1695838384894&ns_c=UTF-8&c8=Montana%E2%80%99s%20Ban%20on%20Transition%20Care%20for%20Minors%20Is%20Blocked%20-%20The%20New%20York%20Times&c7...
https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1695838384894&ns_c=UTF-8&c8=Montana%E2%80%99s%20Ban%20on%20Transition%20Care%20for%20Minors%20Is%20Blocked%20-%20The%20New%20York%20Times&c...

0
225 B

50ms
50ms

Image
text/plain

18.165.83.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=3005403&ns__t=1695838384894&ns_c=UTF-8&c8=Montana%E2%80%99s%20Ban%20on%20Transition%20Care%20for%20Minors%20Is%20Blocked%20-%20The%20New%20York%20Times&c7=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&c9=
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Server: 18.165.83.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-83-3.iad55.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:05 GMT
via: 1.1 d6b2e9bf1f40c8fcec509faeb60f8c54.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: IAD55-P3
x-amz-cf-id: celIOPFf_fxVJA59WbNDZSTJN33rAqrcy3jOn_nE01okrTsH392k2w==
x-cache: Miss from cloudfront

Redirect headers

date: Wed, 27 Sep 2023 18:13:05 GMT
via: 1.1 d6b2e9bf1f40c8fcec509faeb60f8c54.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: IAD55-P3
x-cache: Miss from cloudfront
location: /b2?c1=2&c2=3005403&ns__t=1695838384894&ns_c=UTF-8&c8=Montana%E2%80%99s%20Ban%20on%20Transition%20Care%20for%20Minors%20Is%20Blocked%20-%20The%20New%20York%20Times&c7=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&c9=
content-length: 0
x-amz-cf-id: KMRdE3AJnZGQa61fezN_s5W9xyUqSc3u-7ELmhZecaD-BpSBivqJAA==

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 28ms
27ms Preflight 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-internal-meter-override
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-internal-meter-override
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 780
content-encoding: gzip
content-length: 20
date: Wed, 27 Sep 2023 18:13:05 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 24
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 20
x-nyt-audience-target-flat: NA:PM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: NY
x-samizdat-query-exe-id: a50073bb43ba6642
x-samizdat-query-field-errors: 0
x-served-by: cache-mia-kmia1760064-MIA
x-timer: S1695838385.319646,VS0,VE1

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 28ms
28ms Preflight 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-entitlements,x-nyt-internal-meter-override,x-nyt-news-tenure,x-nyt-programming-abtest
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 616
content-encoding: gzip
content-length: 20
date: Wed, 27 Sep 2023 18:13:05 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 29
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 20
x-nyt-audience-target-flat: NA:PM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: NY
x-samizdat-query-exe-id: bb9c4304231994e5
x-samizdat-query-field-errors: 0
x-served-by: cache-mia-kmia1760064-MIA
x-timer: S1695838385.358568,VS0,VE1

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 63 B
937 B 90ms
90ms Fetch
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-77649f976ae7b90cd555.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

de2fb7fd3a533c10e58a8054b788190cfd242b5b95be9db2a5d7882f5112abd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
x-nyt-internal-meter-override: undefined

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 0
age: 0
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: eb4f73b1962740a9
samizdat-x-canary: false
x-served-by: cache-mia-kmia1760079-MIA
x-graphiti-gateway: 44540f6d
x-nyt-country: US
x-timer: S1695838385.347911,VS0,VE63
x-nyt-continent: NA
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: NY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: NA:PM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Wed, 27 Sep 2023 18:13:05 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: 4dda7262
x-envoy-upstream-service-time: 32
content-length: 85
last-modified: Wed, 27 Sep 2023 18:13:05 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 comments-72ab978006b0771d4181.js Show response
www.nytimes.com/vi-assets/static-assets/ 43 KB
14 KB 28ms
28ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/comments-72ab978006b0771d4181.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

4b4341349ed8ff84441d5435d1c80b2f5efd6affef721470f793bb5e2656f854

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 86740
x-guploader-uploadid: ADPycdvflWuZV-Qkh9MeKvHcyNKszwMkehzJhYoiFNA-aq6AmhKfHk0pRyL92WJkiDW0-8YZA1w1KvLiCorGhnawpU3GGQ
x-goog-stored-content-encoding: identity
x-origin-time: 2023-09-26 18:07:25 UTC
x-served-by: cache-mia-kmia1760079-MIA
x-timer: S1695838385.341178,VS0,VE1
etag: "7356c12dc6c0dd8c103499525dd5c458"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1695751535423595
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/comments-72ab978006b0771d4181.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 3787
expires: Wed, 25 Sep 2024 18:07:25 GMT
date: Wed, 27 Sep 2023 18:13:05 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 12807
last-modified: Tue, 26 Sep 2023 18:05:35 GMT
server: UploadServer
x-goog-hash: crc32c=NoQOmQ==, md5=c1bBLcbA3YwQNJlSXdXEWA==
x-gdpr: 0
x-goog-stored-content-length: 44202
accept-ranges: bytes

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 9 KB
3 KB 344ms
343ms Fetch
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-77649f976ae7b90cd555.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

7ea9e799d3d6012d616632e36cfc9298ffe3cda681d40541f8b061fcb89e6609

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: en-US,en;q=0.9
x-nyt-entitlements
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
x-nyt-programming-abtest
nyt-app-type: project-vi
Content-Type: application/json
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
x-nyt-news-tenure
x-nyt-internal-meter-override

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 0
x-nyt-pass-reason: PRVT
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: e7334f83152cf25c
samizdat-x-canary: false
x-served-by: cache-mia-kmia1760079-MIA
x-graphiti-gateway: 44540f6d
x-nyt-country: US
x-timer: S1695838385.387479,VS0,VE316
x-nyt-continent: NA
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: NY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: private, no-store
x-nyt-audience-target-flat: NA:PM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Wed, 27 Sep 2023 18:13:05 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: 4dda7262
x-envoy-upstream-service-time: 286
last-modified: Wed, 27 Sep 2023 18:13:05 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 purr-cache
purr.nytimes.com/v1/ 0
0 628ms
85ms Fetch
text/html 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://purr.nytimes.com/v1/purr-cache

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-77649f976ae7b90cd555.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-211-112-71.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:05 GMT
via: 1.1 google
x-envoy-decorator-operation: purr.nytimes.com:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
server: envoy
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: 5059d5d780b7337c3cb000cb085c69c5
access-control-allow-credentials: true
x-envoy-upstream-service-time: 32
content-length: 0

GET
H2 200 data-layer Show response
a.nytimes.com/svc/nyt/ 2 KB
2 KB 628ms
86ms Fetch
application/json 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://a.nytimes.com/svc/nyt/data-layer?assetUrl=http%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&caller_id=nyt-vi&jkcb=1695838385353&referrer=&sourceApp=nyt-vi

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-77649f976ae7b90cd555.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-3-42-214.compute-1.amazonaws.com

Software

envoy /

Resource Hash

6a94146f8607f839721ec77ab025a51250a273cfa4f9d025a9b1b7cf7b1afd5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-nyti-upstream: gke
date: Wed, 27 Sep 2023 18:13:05 GMT
x-envoy-decorator-operation: a.nytimes.com:443/*
via: 1.1 google
strict-transport-security: max-age=63072000; preload; includeSubdomains
content-encoding: gzip
server: envoy
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 31
access-control-allow-headers: Content-Type, x-requested-by

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 63 B
959 B 91ms
91ms Fetch
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-77649f976ae7b90cd555.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

b2064442f57238d5e04d61bacad93794e723f91204f928f6980801c400b7bea6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
x-nyt-internal-meter-override: undefined

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 0
age: 0
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: f6e2a08a32aa0e48
samizdat-x-canary: false
x-served-by: cache-mia-kmia1760079-MIA
x-graphiti-gateway: 44540f6d
x-nyt-country: US
x-timer: S1695838386.781248,VS0,VE64
x-nyt-continent: NA
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: NY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: NA:PM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Wed, 27 Sep 2023 18:13:05 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: b1edeb0e
x-envoy-upstream-service-time: 33
content-length: 81
last-modified: Wed, 27 Sep 2023 18:08:55 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 28ms
27ms Preflight 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-internal-meter-override
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token,x-nyt-internal-meter-override
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 781
content-encoding: gzip
content-length: 20
date: Wed, 27 Sep 2023 18:13:05 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 25
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 20
x-nyt-audience-target-flat: NA:PM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: NY
x-samizdat-query-exe-id: 8ea579d0c2769778
x-samizdat-query-field-errors: 0
x-served-by: cache-mia-kmia1760064-MIA
x-timer: S1695838386.753080,VS0,VE0

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame 6E38
Redirect Chain

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t

320 B
1 KB

95ms
95ms

Document
text/html

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

9863e497691733db74131fb61099b6d3aad4198f442b261fd589ab6a96ab13d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 320
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 27 Sep 2023 18:13:06 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: TV8MXWWZ4Y6R6C2PEDMP

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Wed, 27 Sep 2023 18:13:06 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 63NCPZFMHBH6QPTF8AM2

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 150 B
589 B 270ms
270ms XHR
text/javascript 18.67.64.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=3030&u=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&pid=r662QhP28V63C&cb=1&ws=1600x1200&v=23.919.1525&t=2000&slots=%5B%7B%22sd%22%3A%22bottom%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22bottom_art_web%22%7D%5D&pj=%7B%22si_section%22%3A%22us%22%7D&cfgv=1&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.64.51 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-64-51.iad89.r.cloudfront.net

Software

Server /

Resource Hash

7d6e303eeb0cb3248e7ea4945dc48ee9763362642595aa25deeb2f7010d33edd

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:06 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 b9d1b307966c2273bf97ed7c681603da.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: IAD89-P1
x-amz-rid: JSDPA1M8J59E5JQMXW10
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 150
x-amz-cf-id: l_iRn8-b7_i7aJAcBb4KVSxrJarQK5LICjjG1L9LF4cCAglVDeBeOQ==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 126 KB
40 KB 608ms
608ms Fetch
text/plain 2607:f8b0:4004:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=83181102513240&correlator=2062651115941268&eid=31077099&output=ldjh&gdfp_req=1&vrg=202309210101&ptt=17&impl=fif&iu_parts=29390238%2Cnyt%2Cus&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1695838386069&lmt=1695873502&adxs=0&adys=132&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&vis=1&psz=1600x90&msz=1600x0&fws=4&ohw=1600&ga_vid=754844932.1695838386&ga_sid=1695838386&ga_hid=787574615&ga_fc=false&dlt=1695838384245&idt=1758&prev_scp=div%3Dtop%26pos%3Dtop%26hb_format_rubicon%3Dbanner%26hb_size_rubicon%3D970x250%26hb_pb_rubicon%3D0.35%26hb_adid_rubicon%3D474cc6289691476%26hb_bidder_rubicon%3Drubicon%26hb_format%3Dbanner%26hb_size%3D970x250%26hb_pb%3D0.35%26hb_adid%3D474cc6289691476%26hb_bidder%3Drubicon%26amznbid%3D2%26amznp%3D2%26request_time%3D1790&cust_params=als_test_clientside%3Dweb_none_low_20230927181304%26mktg%3Dtype_anon%252Clogf%252Cabf%26bt%3D%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1695837502520%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26per%3Dzephyrzooey%26geo%3Dmontana%26des%3Dtransgender%252Clawandlegislation%252Cdecisionsandverdicts%252Csuitsandlitigationcivil%26auth%3Dernestolondoo%26coll%3Dusnews%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dus%26si_section%3Dus%26id%3D100000009088793%26pt%3Dnt10%252Cnt11%252Cnt12%252Cnt13%252Cnt14%252Cnt15%252Cnt18%252Cnt19%252Cnt2%252Cnt3%252Cnt5%252Cnt6%252Cnt9%252Cpt8%26gscat%3Dgv_safe%252Cneg_ibmtest%252Cneg_ibm%252Cneg_citi_aa%252Cneg_bofa%252Cneg_chan2%252Cneg_chanel%252Cneg_capitalone%252Cneg_gg1%252Cneg_hms%252Cgs_law%252Cneg_kaypemg%252Cneg_google%252Cneg_debeer%252Cneg_rchmt%252Cpolitics_sentiment%252Cgs_law_misc%252Cneg_amerex%252Cneg_gg2%252Cneg_mttl%252Cneg_mastercard%252Cneg_ts%252Cgs_politics%252Cneg_newyorkp%252Cneg_sub0%252Cneg_rolex%252Cgs_health%252Cneg_sia%252Cneg_racism%252Cneg_fcli%252Cneg_rms%252Cneg_mtb%252Cneg_ms_safe%252Cgs_politics_issues_policy%252Cgs_politics_misc%252Cgs_health_misc%252Cneg_amex%252Cneg_elec%252Cneg_hearts%252Cgs_family_children%252Cneg_am%252Cneg_chldis%252Cneg_rmw%252Cgb_crime_edu%252Cgb_crime_high_med_low%252Csociety_lgbt%252Cneg_trpavd%252Cneg_google_comps%252Cneg_fidi%252Cneg_amz_sfe%252Cneg_orep%252Cgs_t%26tt%3D54%252C67%26mt%3DMT10%252CMT6%26abra_dfp%3Ddfp_prebid_0723_0_control%26sov%3D3%26page_view_id%3Dss56VWT9pscPp9tOlwFlzabP%26purr%3Dfull%26uap%3Dbrowser%26aid%3DSdDv3LCaDZY_XPcQHH51Kh%26is_viral%3Dlow%26typ_materials%3D%2523news%2523%26slug%3Dtrans&adks=4096615031&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9c , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7468c5b88c4644505f135fdb580e244f0f99551f05c7dd5e6fa536c65946f97f

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPrZ66Syy4EDFX8MaAgdIuMGgg&gqi=&layout=/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPrZ66Syy4EDFX8MaAgdIuMGgg&gqi=&layout=/pagead/gadgets/teracent_product_template_V1/Responsive_Logo_GpaSiriusSingleIframe.html
date: Wed, 27 Sep 2023 18:13:06 GMT
x-content-type-options: nosniff
content-encoding: br
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40630
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 532 B
287 B 136ms
136ms Fetch
text/plain 2607:f8b0:4004:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=83181102513240&correlator=2062651115941268&eid=31077099&output=ldjh&gdfp_req=1&vrg=202309210101&ptt=17&impl=fif&iu_parts=29390238%2Cnyt%2Cus&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=150x50&ifi=2&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1695838386078&lmt=1695873502&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&vis=1&psz=150x16&msz=0x0&fws=132&ohw=1600&ga_vid=754844932.1695838386&ga_sid=1695838386&ga_hid=787574615&ga_fc=false&dlt=1695838384245&idt=1758&prev_scp=div%3Dsponsor%26pos%3Dsponsor%26request_time%3D1794&cust_params=als_test_clientside%3Dweb_none_low_20230927181304%26mktg%3Dtype_anon%252Clogf%252Cabf%26bt%3D%26sub%3Danon%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1695837502520%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26per%3Dzephyrzooey%26geo%3Dmontana%26des%3Dtransgender%252Clawandlegislation%252Cdecisionsandverdicts%252Csuitsandlitigationcivil%26auth%3Dernestolondoo%26coll%3Dusnews%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dus%26si_section%3Dus%26id%3D100000009088793%26pt%3Dnt10%252Cnt11%252Cnt12%252Cnt13%252Cnt14%252Cnt15%252Cnt18%252Cnt19%252Cnt2%252Cnt3%252Cnt5%252Cnt6%252Cnt9%252Cpt8%26gscat%3Dgv_safe%252Cneg_ibmtest%252Cneg_ibm%252Cneg_citi_aa%252Cneg_bofa%252Cneg_chan2%252Cneg_chanel%252Cneg_capitalone%252Cneg_gg1%252Cneg_hms%252Cgs_law%252Cneg_kaypemg%252Cneg_google%252Cneg_debeer%252Cneg_rchmt%252Cpolitics_sentiment%252Cgs_law_misc%252Cneg_amerex%252Cneg_gg2%252Cneg_mttl%252Cneg_mastercard%252Cneg_ts%252Cgs_politics%252Cneg_newyorkp%252Cneg_sub0%252Cneg_rolex%252Cgs_health%252Cneg_sia%252Cneg_racism%252Cneg_fcli%252Cneg_rms%252Cneg_mtb%252Cneg_ms_safe%252Cgs_politics_issues_policy%252Cgs_politics_misc%252Cgs_health_misc%252Cneg_amex%252Cneg_elec%252Cneg_hearts%252Cgs_family_children%252Cneg_am%252Cneg_chldis%252Cneg_rmw%252Cgb_crime_edu%252Cgb_crime_high_med_low%252Csociety_lgbt%252Cneg_trpavd%252Cneg_google_comps%252Cneg_fidi%252Cneg_amz_sfe%252Cneg_orep%252Cgs_t%26tt%3D54%252C67%26mt%3DMT10%252CMT6%26abra_dfp%3Ddfp_prebid_0723_0_control%26sov%3D3%26page_view_id%3Dss56VWT9pscPp9tOlwFlzabP%26purr%3Dfull%26uap%3Dbrowser%26aid%3DSdDv3LCaDZY_XPcQHH51Kh%26is_viral%3Dlow%26typ_materials%3D%2523news%2523%26slug%3Dtrans&adks=2436954947&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9c , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6bc7f9a3f11d6b57fc36f8a0c11cee8050f16e5feb996b8514c820ca4678389

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 257
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D44E 6 KB
3 KB 193ms
62ms Document
text/html 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 18:13:06 GMT
expires: Thu, 26 Sep 2024 18:13:06 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 28ms
28ms Preflight 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 190
content-encoding: gzip
content-length: 20
date: Wed, 27 Sep 2023 18:13:06 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 20
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 17
x-nyt-audience-target-flat: NA:PM
x-nyt-continent: NA
x-nyt-country: US
x-nyt-edge-cache: HIT
x-nyt-meridiem: PM
x-nyt-region: NY
x-samizdat-query-exe-id: 81df6d521f31c11a
x-samizdat-query-field-errors: 0
x-served-by: cache-mia-kmia1760064-MIA
x-timer: S1695838386.143957,VS0,VE1

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 4 KB
2 KB 28ms
28ms Fetch
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-77649f976ae7b90cd555.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

182922543f2c360a45efb777362f9be935b84f69370ded63ebd858f34d81f79b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
nyt-app-type: project-vi
Content-Type: application/json

Response headers

content-encoding: gzip
x-nyt-meridiem: PM
x-b3-traceid: 0
age: 1284
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: a379c3dac1123b7a
samizdat-x-canary: false
x-served-by: cache-mia-kmia1760079-MIA
x-graphiti-gateway: 44540f6d
x-nyt-country: US
x-timer: S1695838386.172686,VS0,VE1
x-nyt-continent: NA
vary: Accept-Encoding, Samizdat-X-Personalize, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: NY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: NA:PM
x-nyt-edge-cache: HIT
x-cache-hits: 37
x-samizdat-query-sup-code
date: Wed, 27 Sep 2023 18:13:06 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: HIT
samizdat-x-instance: 3fb263e7
x-envoy-upstream-service-time: 38
content-length: 1154
last-modified: Wed, 27 Sep 2023 16:56:40 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 franklin-normal-600.75739ac267f076931c6da9740386ee6b.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 27ms
27ms Font
application/octet-stream 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-600.75739ac267f076931c6da9740386ee6b.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

29706c4ab8f4d48b33ccb0ea813f8afb5f7ac569f623536b96fba6cf1fc60e9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:46:16 GMT
date: Wed, 27 Sep 2023 18:13:06 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 20521609
x-guploader-uploadid: ADPycdvhYDoz4CAgqaPW7V_EFM1kOolEePcwJ1MZR-PtG7CvKOZ32JG2ChchRGkWmBq0U2uiZF-WL627Pe8oBB8DrluK59v92au9
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20196
x-served-by: cache-mia-kmia1760081-MIA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1695838386.178681,VS0,VE0
etag: "75739ac267f076931c6da9740386ee6b"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1673991776257702
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=Jc81Jw==, md5=dXOawmfwdpMcbal0A4buaw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20196
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 38513

GET
H2 200 standalone-client.bundle.js Show response
myaccount.nytimes.com/unified_lire/js/ 37 KB
15 KB 28ms
27ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/unified_lire/js/standalone-client.bundle.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

22a42ac0bafcd513a630d9f2751921dc6fa7b669a16d0c388c6372723fd39adc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Wed, 27 Sep 2023 14:44:40 GMT
date: Wed, 27 Sep 2023 18:13:06 GMT
content-encoding: gzip
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-api-version: F-X
age: 485
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache: HIT
x-envoy-upstream-service-time: 33
content-length: 14806
x-served-by: cache-mia-kmia1760079-MIA
x-nyt-backend: lire-ui
server: envoy
etag: "PdmPmw"
content-type: application/javascript
x-cloud-trace-context: 839fd50abca33418398eef01af3cc978
cache-control: public, max-age=600
x-nyt-edge-cache: HIT
accept-ranges: bytes
x-cache-hits: 8

GET
H2 200 / Show response
mwcm.nytimes.com/capi/metered_assets/ 10 KB
4 KB 206ms
188ms Fetch
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://mwcm.nytimes.com/capi/metered_assets/?plat=web&mc=0&gr=METER_LIMIT&mr=0&ma=0&counted=false&granted=false&gwtype=REGIWALL&us=anon&context-type=&areas=barOne&areas=truncator

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-77649f976ae7b90cd555.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

a88fdd3e8f877d19f688967a15722850eaf1dabc11b83feb295ac21be8e629fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:06 GMT
content-encoding: gzip
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: capi-prd.growth-mc.nyti.nyt.net:443/*
x-cache: MISS
x-envoy-upstream-service-time: 133
x-served-by: cache-mia-kmia1760079-MIA
server: envoy
x-cmots-campaign-names: {"barOne":"MAG_bar1_test_subcon","truncator":"MAG-web_all_non-mobile-all_welcome-killset"}
x-timer: S1695838386.249083,VS0,VE161
vary: x-nyt-country, x-nyt-user-status, x-nyt-cmots-purr-ad-conf, x-nyt-device, X-NYT-Currency, x-nyt-last-known-type, Accept-Encoding, Fastly-SSL, Origin
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: 529101750adb944429cf05db46773ec6
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-nyt-route: mwcm-muassets
x-nyt-edge-cache: MISS
accept-ranges: bytes
access-control-allow-headers: Content-Type, x-requested-by, *
x-cache-hits: 0

GET
H2

200

activityi;dc_pre=CMD5gqWyy4EDFWMPaAgdt2sAgQ;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=1637536371.1695838386;u17=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-... Show response
5290727.fls.doubleclick.net/ Frame D20A
Redirect Chain

https://5290727.fls.doubleclick.net/activityi;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=1637536371.1695838386;u17=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontan...
https://5290727.fls.doubleclick.net/activityi;dc_pre=CMD5gqWyy4EDFWMPaAgdt2sAgQ;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=1637536371.1695838386;u17=https%3A%2F%2Fwww.nytimes....

602 B
649 B

101ms
100ms

Document
text/html

142.251.167.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5290727.fls.doubleclick.net/activityi;dc_pre=CMD5gqWyy4EDFWMPaAgdt2sAgQ;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=1637536371.1695838386;u17=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html;u5=;u18=anon;gtm=45He39p0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f148.1e100.net

Software

cafe /

Resource Hash

47aa737bbc930b5b511d55f759ce50d2341d19f8880bea55f560836a168fe7be

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 312
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 18:13:06 GMT
expires: Wed, 27 Sep 2023 18:13:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 18:13:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5290727.fls.doubleclick.net/activityi;dc_pre=CMD5gqWyy4EDFWMPaAgdt2sAgQ;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=1637536371.1695838386;u17=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html;u5=;u18=anon;gtm=45He39p0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 70 KB
24 KB 278ms
65ms Script
application/x-javascript 2600:9000:24f3:d600:18:1fcd:353:c61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f3:d600:18:1fcd:353:c61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ff18779bb7f76122171e9faa51b7af30bc0239d361c926489b02032bb5bccb54

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 16:54:41 GMT
content-encoding: gzip
via: 1.1 f338f1f5c997eee01a37834445ee4740.cloudfront.net (CloudFront)
last-modified: Wed, 09 Aug 2023 00:52:49 GMT
server: nginx
x-amz-cf-pop: IAD55-P2
age: 4705
etag: W/"64d2e361-1197e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: usm-pgoa2mxNRx08Na3A6JzP2OCC5SogHL-xOgwxRUNCWBj6ohKDOg==
expires: Thu, 28 Sep 2023 16:54:41 GMT

GET
H2 200 show-ads.js Show response
a1.nyt.com/analytics/ 45 B
790 B 58ms
27ms Script
text/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.nyt.com/analytics/show-ads.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Fri, 03 Feb 2023 05:46:10 GMT
date: Wed, 27 Sep 2023 18:13:06 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 51964
x-guploader-uploadid: ADPycdtjsmE2ICVIHSb7QJIooj9C3ooKmyI_oHmScreRwweaj0y_HtjPAb6r4E4go2UTjIfkbtHxq5hJwFFKyHtcAl78KE6PGa1F
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 65
x-served-by: cache-mia-kmia1760079-MIA
last-modified: Wed, 22 Dec 2021 23:30:41 GMT
server: UploadServer
x-timer: S1695838386.370246,VS0,VE0
etag: "1d291da792456bd015b664ee1119a5e0"
vary: X-Goog-Allowed-Resources, Accept-Encoding
x-goog-generation: 1640215841852360
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=nM1/Pw==, md5=HSkdp5JFa9AVtmTuERml4A==
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 45
accept-ranges: bytes
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 4118

GET
H2 200 comscore-streaming.js Show response
a1.nyt.com/analytics/ 103 KB
19 KB 59ms
28ms Script
text/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.nyt.com/analytics/comscore-streaming.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

fe8d5a6f12533884b6896dd290e422c830e86e0228d45dbe97ac03c6e86a5b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Thu, 30 Mar 2023 05:47:04 GMT
date: Wed, 27 Sep 2023 18:13:06 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 49287
x-guploader-uploadid: ADPycdu5aboERq8SBOffIq0Rm5gnlya54qEahmMwUJKY8zxEX-PusSwrkXsuhsRS3dYBg8jXzMx0ivKjxF60DPN0tvhLHA
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 18717
x-served-by: cache-mia-kmia1760079-MIA
last-modified: Wed, 22 Dec 2021 23:30:41 GMT
server: UploadServer
x-timer: S1695838386.370379,VS0,VE0
etag: "04e0b9556a78ce5cedf86a34e5483036"
vary: Accept-Encoding
x-goog-generation: 1640215841902856
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=XkdIyw==, md5=BOC5VWp4zlzt+Go05UgwNg==
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 105675
accept-ranges: bytes
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 3684

GET
H2 200 nyt.js Show response
cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/ 4 KB
2 KB 249ms
41ms Script
text/javascript 2606:4700:20::ac43:4842
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/nyt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4842 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51810745d3e4e28eec27857037693434619b5a9487d389a2243a555d6830f66b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:06 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 27 Sep 2023 17:35:15 GMT
server: cloudflare
age: 2271
cf-polished: origSize=4727
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZYWI3mnfqGdjAUyLW13KFxL3A1l5LigylfPMekIfe5HVsVB%2BTt%2FWmmOtVARg%2FMwwl9L3MpZPjfgXjVhosLpx8gqoiObIliAywaTllC2ZShTKizg0b%2Bmk6l9DhTSiy2SE9MOj%2BilpuSQjlp%2BNQjkQq%2F6U"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 80d5b7fbef79b3b6-MIA
request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937

GET
H3

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://insight.adsrvr.org/track/pxl/?adv=bomn82o&ct=0:s2f54xh&fmt=3&ttl=43200&gtmcb=1917813809
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=5590d811-dc9a-4fb5-af35-dad0b675eae8
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4312465876001392131&ttd_tdid=5590d811-dc9a-4fb5-af35-dad0b675eae8
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=5590d811-dc9a-4fb5-af35-dad0b675eae8&expiration=1698430387&gdpr=0&gdpr_consent=

43 B
769 B

81ms
81ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=5590d811-dc9a-4fb5-af35-dad0b675eae8&expiration=1698430387&gdpr=0&gdpr_consent=
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H3
Server: 104.18.27.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OXSSJlvNb2zwNSHMwwbJbCBeLLl2tWitiJPDQiQ9yGNfrdcRPz7YNEDFs%2BJcEbZ3QCjpy46RodykH9rVGqsbmei9Cm6mufnDldo6%2FgYm%2BJ7rd4mruHqS70pRQakCLxhNx%2BYjm6Fdi0qgow%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80d5b7ffadc81273-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=5590d811-dc9a-4fb5-af35-dad0b675eae8&expiration=1698430387&gdpr=0&gdpr_consent=
date: Wed, 27 Sep 2023 18:13:07 GMT
server: Kestrel
content-length: 323

POST
H2 200 / Show response
dd.nytimes.com/js/ 235 B
621 B 151ms
54ms XHR
application/json 18.67.65.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/js/

Requested by

Host: dd.nytimes.com
URL: https://dd.nytimes.com/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-34.iad89.r.cloudfront.net

Software

DataDome /

Resource Hash

0725ee1cf5ac4dfdcf95ecf411325568fa74b0c24ada34ff2fb8ea20571f1d41

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:06 GMT
via: 1.1 0501dadffc52b06a0cf6aadc57586acc.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: DataDome
x-amz-cf-pop: IAD89-P1
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 235
x-amz-cf-id: jLsgCG7D8v0sQXFOmXbSxQKNnDhq28GIWwNkhqOg2dg3AAtxBnhQSA==
expires: 0

POST
H2 200 track
a.et.nytimes.com/ 0
0 130ms
130ms Ping
text/plain 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-42-214.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame 0302 2 KB
3 KB 61ms
61ms Document
text/html 52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

ee6e5ad9ab8d7b16e2abb4380dc8fbfb1967d9608b581525c63e19baff041a42

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&dcc=t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 2112
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 27 Sep 2023 18:13:06 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: VJVV9QB47BH7PR5DQ9PZ

GET
H2 200 enter-email Show response
myaccount.nytimes.com/auth/iframe/ Frame 6C9E 20 KB
9 KB 104ms
104ms Document
text/html 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&display=newsletter_morning_test&asset=RegiWall&application=Free_Experience&preloaded=true

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy / Express

Resource Hash

6af7ac07fb27bd0c4747c3ffcda6813337824e4c95c1e623fd5597232b22a7c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src https://www.google.com .captcha-delivery.com; connect-src 'self' .nytimes.com https://sentry.io .datadome.co https://.go-mpulse.net; font-src https://typeface.nyt.com; img-src 'self' data: .nytimes.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .nytimes.com .nyt.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://sc-static.net https://js.datadome.co https://.go-mpulse.net; style-src 'unsafe-inline' .nytimes.com https://www.google-analytics.com; object-src 'none'; form-action 'self' https://www.google-analytics.com; frame-ancestors .nytimes.com https://shared-ui-dot-nyt-wfvi-dev.appspot.com; block-all-mixed-content ; upgrade-insecure-requests ; report-uri https://csp.dev.nytimes.com/report
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: private, no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
content-security-policy: default-src 'self'; frame-src https://www.google.com *.captcha-delivery.com; connect-src 'self' *.nytimes.com https://sentry.io *.datadome.co https://*.go-mpulse.net; font-src https://typeface.nyt.com; img-src 'self' data: *.nytimes.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nytimes.com *.nyt.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://sc-static.net https://js.datadome.co https://*.go-mpulse.net; style-src 'unsafe-inline' *.nytimes.com https://www.google-analytics.com; object-src 'none'; form-action 'self' https://www.google-analytics.com; frame-ancestors *.nytimes.com https://shared-ui-dot-nyt-wfvi-dev.appspot.com; block-all-mixed-content ; upgrade-insecure-requests ; report-uri https://csp.dev.nytimes.com/report
content-type: text/html; charset=utf-8
date: Wed, 27 Sep 2023 18:13:06 GMT
etag: W/"4ee9-EDGotZu1Flw7f8F6JXalnoIPOa4"
expires: 0
pragma: no-cache
resp-details: [[it:lui]]
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
vary: Accept-Encoding
via: 1.1 google, 1.1 varnish
x-api-version: F-X
x-cache: MISS
x-cache-hits: 0
x-cloud-trace-context: f338feaf16786d8f40fbb5051b6a92cd
x-content-type-options: nosniff
x-datadog-parent-id: 759131342898280632
x-datadog-sampled: 1
x-datadog-sampling-priority: 0
x-datadog-trace-id: 3785007199158072669
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 33
x-nyt-backend: lire-ui
x-nyt-edge-cache: MISS
x-powered-by: Express
x-served-by: cache-mia-kmia1760079-MIA

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
201 B 161ms
52ms Image
image/gif 54.227.29.23
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=nytimes.com&p=nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&u=BXuqaeD_npQduevKu&d=nytimes.com&g=16698&g0=us%2Cnational_desk&g1=Ernesto%20Londo%EF%BF%BD%EF%BF%BDo&n=1&f=00001&c=0&x=0&m=0&y=1200&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html&b=2564&t=CRoy5lIlk4LB43gMyDu-PuIDtmnuR&V=141&i=Montana%EF%BF%BD%EF%BF%BD%EF%BF%BDs%20Ban%20on%20Transition%20Care%20for%20Minors%20Is%20Blocked&tz=600&_acct=anon&sn=1&sv=CQyhDwDOlq8ND5TZ8WCsohKPC417xv&sd=1&im=06679ff3&_
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.227.29.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-227-29-23.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 27 Sep 2023 18:13:06 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H2 200 65568.js Show response
cdn.brandmetrics.com/scripts/bundle/ 98 KB
20 KB 43ms
43ms Script
text/javascript 2606:4700:20::ac43:4842
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4842 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7cf787477c765d8e710c1774f4ad58008c8f556271162e8f892cdd53e8ef9b1b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:06 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 27 Sep 2023 17:35:25 GMT
server: cloudflare
age: 2261
cf-polished: origSize=102146
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6fXj126hV6FEOr%2FZwyRw21%2BiwxV22KgQyvlk97sEnRw6B7tQr%2BOugVfxoo7Fh64v0%2BYWi7Mr52ZOkAGb2%2FkpCo4U0PC7v7yFA6Wa5zItqnBVHZgmXBU9%2BXaM2d9ysOfX1kUBPnSHs7w3AoIB%2FUEUTm8"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 80d5b7fcf977b3b6-MIA
request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937

GET
H2 200 dc_pre=CMD5gqWyy4EDFWMPaAgdt2sAgQ;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html;u5=;u18=a...
adservice.google.com/ddm/fls/z/ Frame D20A 42 B
401 B 185ms
70ms Image
image/gif 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMD5gqWyy4EDFWMPaAgdt2sAgQ;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=*;u17=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html;u5=;u18=anon;gtm=45He39p0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html

Requested by

Host: 5290727.fls.doubleclick.net
URL: https://5290727.fls.doubleclick.net/activityi;dc_pre=CMD5gqWyy4EDFWMPaAgdt2sAgQ;src=5290727;type=allpa0;cat=nyti-0;ord=1;num=961540587335;auiddc=1637536371.1695838386;u17=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html;u5=;u18=anon;gtm=45He39p0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.nytimes.com%2F2023%2F09%2F27%2Fus%2Fmontana-transgender-ban.html?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://5290727.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 0302
Redirect Chain

https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3388399861524506000V10

43 B
479 B

140ms
58ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3388399861524506000V10

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:07 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 0W30RV5CB8RS8QBTC9H5
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:06 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3388399861524506000V10
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
x-mnet-hl2: E
Expires: Wed, 27 Sep 2023 18:13:06 GMT

GET
H2

200

usermatch Show response
ssum-sec.casalemedia.com/ Frame 8879
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

2 KB
921 B

93ms
91ms

Document
text/html

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.27.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ea6a4d85e1c4e4c83b0225804535221762e1b02fa51bc9a26d98003317ad32b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 80d5b7fddf27b3bb-MIA
content-encoding: br
content-type: text/html
date: Wed, 27 Sep 2023 18:13:06 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JbezgSAGvxU5%2FdjyO3Ci0HXQ8RMg6ORR82TCZC1vXW%2FOWGkkOSvd8khbMrUPRygS2keBCeIbVFAD%2BIg0DnDKf0%2F2k3gZfMdMAomNZHAvS5SKvPew%2BvM9nIQLSileOOwSlueQXWuOpn3r%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 80d5b7fd6e6ab3bb-MIA
content-length: 0
date: Wed, 27 Sep 2023 18:13:06 GMT
expires: 0
location: /usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=368uaNVFfjtwkkpC45fpbDyCIo%2BsVBk1OKZ8B%2B%2FMo6HNTkeKTGTeimf6Gz92kuVNXrDrQvveEg92JgMQ3xzIvzeWBA10C%2F3r8BHu185JCr%2FTo2neNpJCV%2FIYqYR6FiOq5STrC%2FGPev7xTg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame F3A7 15 KB
6 KB 195ms
62ms Document
text/html 23.72.184.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.184.231 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-184-231.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=35689
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Wed, 27 Sep 2023 18:13:06 GMT
expires: Thu, 28 Sep 2023 04:07:55 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 7BE1 281 B
554 B 159ms
50ms Document
text/html 23.55.205.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.205.215 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-55-205-215.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 27 Sep 2023 18:13:06 GMT
ETag: "40011-119-6051b805b8000"
Last-Modified: Mon, 11 Sep 2023 20:52:16 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame CCAA
Redirect Chain

https://ups.analytics.yahoo.com/ups/58251/sync?redir=true
https://ups.analytics.yahoo.com/ups/58251/sync?redir=true&verify=true
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS1fNDdKM19oRTJ1THhOMk9GUDN5N2VvOVNnYlJ2TVFGdH5B

43 B
479 B

66ms
59ms

Document
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS1fNDdKM19oRTJ1THhOMk9GUDN5N2VvOVNnYlJ2TVFGdH5B

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Wed, 27 Sep 2023 18:13:07 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: P78V1N3KWK5XJTQGS54P

Redirect headers

age: 0
content-length: 0
date: Wed, 27 Sep 2023 18:13:06 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS1fNDdKM19oRTJ1THhOMk9GUDN5N2VvOVNnYlJ2TVFGdH5B
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server: ATS/9.1.10.75
strict-transport-security: max-age=31536000

GET
H2

200

cm Show response
u.openx.net/w/1.0/ Frame 11B1
Redirect Chain

https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX...

693 B
736 B

47ms
45ms

Document
text/html

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: ec00b1ab600cbefd105982ae42125bec6f640b950903c2d4eb158fb326feafc6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 403
content-type: text/html
date: Wed, 27 Sep 2023 18:13:06 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 27 Sep 2023 18:13:06 GMT
location: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
via: 1.1 google

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame 4CEF
Redirect Chain

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
https://s.amazon-adsystem.com/ecm3?id=4312465876001392131&ex=appnexus.com

43 B
479 B

59ms
59ms

Document
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?id=4312465876001392131&ex=appnexus.com

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Wed, 27 Sep 2023 18:13:06 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: SCN73EFRXMK6NN14JJD5

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: e4dade96-026f-4b4c-b913-f891ce1f5c6d
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Wed, 27 Sep 2023 18:13:06 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://s.amazon-adsystem.com/ecm3?id=4312465876001392131&ex=appnexus.com
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.21.3
x-proxy-origin: 38.132.118.77; 38.132.118.77; 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame B62B
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=1449237798462052953525

43 B
479 B

117ms
61ms

Document
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=1449237798462052953525

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Wed, 27 Sep 2023 18:13:06 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: 2YXVBR46KDQZQW6AQV0C

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Wed, 27 Sep 2023 18:13:06 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=1449237798462052953525
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 container.html Show response
8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4915 6 KB
3 KB 98ms
97ms Document
text/html 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 18:13:06 GMT
expires: Thu, 26 Sep 2024 18:13:06 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK c.js Show response
collector.brandmetrics.com/ 0
188 B 261ms
74ms Script
text/javascript 20.40.202.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://collector.brandmetrics.com/c.js?siteid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com&rnd=8686191
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.40.202.2 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Request-Context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937
Date: Wed, 27 Sep 2023 18:13:06 GMT
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H2 200 unified-lire.bundle.js Show response
myaccount.nytimes.com/lire_ui/js/ Frame 6C9E 485 KB
160 KB 31ms
30ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=984b955

Requested by

Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&display=newsletter_morning_test&asset=RegiWall&application=Free_Experience&preloaded=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

8a0f1628ae40f1c65f58ee1b1de14ad64bc40f8e391e516e8196115b5631ea8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&display=newsletter_morning_test&asset=RegiWall&application=Free_Experience&preloaded=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Wed, 27 Sep 2023 14:40:59 GMT
date: Wed, 27 Sep 2023 18:13:06 GMT
content-encoding: gzip
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-api-version: F-X
age: 114
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache: HIT
x-envoy-upstream-service-time: 43
content-length: 162879
x-served-by: cache-mia-kmia1760079-MIA
x-nyt-backend: lire-ui
server: envoy
etag: "PdmPmw"
content-type: application/javascript
x-cloud-trace-context: 4a2ef9da24603b85da03c3b6f71ac2e1
cache-control: public, max-age=600
x-nyt-edge-cache: HIT
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 sentry.bundle.js Show response
myaccount.nytimes.com/lire_ui/js/ Frame 6C9E 108 KB
36 KB 35ms
34ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/lire_ui/js/sentry.bundle.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

ccfdf8c4db4ea3b032de39c3b9ae7c881c9cc550be34e10250af46ead724caf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&display=newsletter_morning_test&asset=RegiWall&application=Free_Experience&preloaded=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Wed, 27 Sep 2023 14:41:20 GMT
date: Wed, 27 Sep 2023 18:13:06 GMT
content-encoding: gzip
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-api-version: F-X
age: 365
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache: HIT
x-envoy-upstream-service-time: 33
content-length: 37024
x-served-by: cache-mia-kmia1760079-MIA
x-nyt-backend: lire-ui
server: envoy
etag: "PdmPmw"
content-type: application/javascript
x-cloud-trace-context: 291e20abfe4247e2d374dbc4a25a79b7
cache-control: public, max-age=600
x-nyt-edge-cache: HIT
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 ATH8A-MAMN8-XPXCH-N5KAX-8D239 Show response
s.go-mpulse.net/boomerang/ Frame 6C9E 205 KB
49 KB 176ms
57ms Script
application/javascript 2600:1408:c400:1886::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&display=newsletter_morning_test&asset=RegiWall&application=Free_Experience&preloaded=true
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1408:c400:1886::11a6 , United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://myaccount.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:06 GMT
content-encoding: br
last-modified: Sat, 05 Aug 2023 19:43:17 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

POST
H2 200 track
a.et.nytimes.com/ Frame 6C9E 0
0 93ms
92ms Ping
text/plain 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&display=newsletter_morning_test&asset=RegiWall&application=Free_Experience&preloaded=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-42-214.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 tags.js Show response
dd.nytimes.com/ Frame 6C9E 298 KB
61 KB 54ms
54ms Script
text/javascript 18.67.65.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/tags.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-34.iad89.r.cloudfront.net

Software

Apache /

Resource Hash

887f1e249e870d52cd78628117b0286a77a68cf092ca501c17c839606e6d3e54

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://myaccount.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
via: 1.1 4a050b98a443ca2d3af477f9b4dc39ae.cloudfront.net (CloudFront)
date: Wed, 27 Sep 2023 17:22:13 GMT
x-amz-cf-pop: IAD89-P1
age: 3053
x-cache: Hit from cloudfront
last-modified: Tue, 19 Sep 2023 14:50:58 GMT
server: Apache
etag: "4a77c-605b762febfe2-gzip"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: -hl9Tfvrp9qdkkKJrZiNpia82RD4Gu6X8xd2V-eZXdHvvoR6KH31YA==
expires: Wed, 27 Sep 2023 18:22:13 GMT

POST
H2 200 track
a.et.nytimes.com/ Frame 6C9E 0
0 76ms
76ms Ping
text/plain 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&display=newsletter_morning_test&asset=RegiWall&application=Free_Experience&preloaded=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-42-214.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 data-layer Show response
a.nytimes.com/svc/nyt/ Frame 6C9E 1 KB
1 KB 191ms
85ms Fetch
application/json 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://a.nytimes.com/svc/nyt/data-layer?sourceApp=nyt-lire&referrer=https%3A%2F%2Fwww.nytimes.com%2F&assetUrl=https%3A%2F%2Fmyaccount.nytimes.com%2Fauth%2Fiframe%2Fenter-email%3Fresponse_type%3Dcookie%26client_id%3Dfreex%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252Fsubscription%252Fonboarding-offer%253FcampaignId%253D7JFJX%2526redirect_uri%253Dhttps%25253A%25252F%25252Fwww.nytimes.com%25252F2023%25252F09%25252F27%25252Fus%25252Fmontana-transgender-ban.html%2526EXIT_URI%253Dhttps%25253A%25252F%25252Fwww.nytimes.com%25252F2023%25252F09%25252F27%25252Fus%25252Fmontana-transgender-ban.html%26display%3Dnewsletter_morning_test%26asset%3DRegiWall%26application%3DFree_Experience%26preloaded%3Dtrue%23lire-ui-293461

Requested by

Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=984b955

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-3-42-214.compute-1.amazonaws.com

Software

envoy /

Resource Hash

2d20b53db6c75684d241e74a4970b4a310f11e6620dcc551fd768fe4a6402d8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://myaccount.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-nyti-upstream: gke
date: Wed, 27 Sep 2023 18:13:07 GMT
x-envoy-decorator-operation: a.nytimes.com:443/*
via: 1.1 google
strict-transport-security: max-age=63072000; preload; includeSubdomains
content-encoding: gzip
server: envoy
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://myaccount.nytimes.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 31
access-control-allow-headers: Content-Type, x-requested-by

POST
H2 200 track
a.et.nytimes.com/ 0
0 75ms
74ms Ping
text/plain 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-42-214.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 11B1 43 B
479 B 59ms
59ms Image
image/gif 52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=e67b010a-61c9-8885-843f-4951a9742836

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:06 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 0VJRFQS0S1K4TFN9WVET
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 2a6a1b33-edcf-a136-75e6-dd333e102e9f
pr-bh.ybp.yahoo.com/sync/openx/ Frame 11B1 43 B
602 B 180ms
61ms Image
image/gif 2600:1f18:4e9:5a07:3d74:ec94:292f:f7b9
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/2a6a1b33-edcf-a136-75e6-dd333e102e9f?gdpr=0

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4e9:5a07:3d74:ec94:292f:f7b9 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:07 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame 11B1 43 B
855 B 150ms
57ms Image
image/gif 52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=e67b010a-61c9-8885-843f-4951a9742836

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:07 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: J1Q61GSVK6QGG2ZGCZHR
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

google
match.adsrvr.org/track/cmf/ Frame 11B1
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=bead7d77-7d63-337f-4431-cbc6c147e3d6&gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NTU5MGQ4MTEtZGM5YS00ZmI1LWFmMzUtZGFkMGI2NzVlYWU4&gdpr=0&gdpr_consent=&ttd_tdid=5590d811-dc9a-4fb5-af35-dad0b...
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=5590d811-dc9a-4fb5-af35-dad0b675eae8&google_gid=CAESEK3m9V_qxrXelSfc8OCM74U&google_cver=1

70 B
483 B

53ms
52ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=5590d811-dc9a-4fb5-af35-dad0b675eae8&google_gid=CAESEK3m9V_qxrXelSfc8OCM74U&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol: H2
Server: 35.71.131.137 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:07 GMT
server: Kestrel
content-length: 70
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=5590d811-dc9a-4fb5-af35-dad0b675eae8&google_gid=CAESEK3m9V_qxrXelSfc8OCM74U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 386
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 11B1 170 B
409 B 168ms
61ms Image
image/png 172.253.63.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTJjMmFlYmQtYjQxNC02ZGRiLTUxZDEtOTE3ZjBiYTUyZGI2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 11B1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL99U_5oCYvW-A-jBB88Sjw&google_cver=1

43 B
180 B

62ms
42ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL99U_5oCYvW-A-jBB88Sjw&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol: H2
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL99U_5oCYvW-A-jBB88Sjw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 7BE1 35 KB
11 KB 52ms
51ms Script
text/html 23.55.205.215
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.205.215 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-55-205-215.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 8e2e6043625a26724079636a426110ceb19048a516a2a68f8d8569f36d9d5f3f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Wed, 27 Sep 2023 18:13:06 GMT
Content-Encoding: gzip
Last-Modified: Tue, 26 Sep 2023 21:57:18 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=13405
Connection: keep-alive
Content-Length: 10474
Expires: Wed, 27 Sep 2023 21:56:31 GMT

GET
H2 200 grumi.js Show response
rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/ Frame 4915 197 KB
67 KB 64ms
63ms Script
text/javascript 2600:9000:2009:8a00:4:b37b:9440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2009:8a00:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1c205a67e110a122f2d950dc0b68a8491b4ea2f24a1480ff88582d4246a6d647

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 17:29:41 GMT
x-amz-version-id: 9UVO7azPGfNEWgrxIOokbiIbNhiA9F6W
content-encoding: br
last-modified: Wed, 27 Sep 2023 16:59:58 GMT
server: AmazonS3
via: 1.1 8aad346c495a4d92f652a000a22d62fa.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
etag: W/"ab9f11ac2df57ea4ca0986e513542ce6"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
age: 2606
x-amz-cf-id: vHpq4XFRiDrJMQFNAgf4Y16hyXqQKJ4Aj8ACqP_YrptdpBbjMHY7xQ==

POST
H2 200 track
a.et.nytimes.com/ Frame 6C9E 0
0 77ms
76ms Ping
text/plain 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&display=newsletter_morning_test&asset=RegiWall&application=Free_Experience&preloaded=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-42-214.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 nyt-franklin-500-normal.woff
typeface.nyt.com/fonts/ Frame 6C9E 29 KB
29 KB 132ms
27ms Font
font/woff 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://typeface.nyt.com/fonts/nyt-franklin-500-normal.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ae62969b5b189bb28c67dbcee8666abe3e9f498d17a79a68c56e1069d7d63123

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://myaccount.nytimes.com/
Origin: https://myaccount.nytimes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Thu, 07 Mar 2024 05:43:57 GMT
date: Wed, 27 Sep 2023 18:13:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 17584148
x-guploader-uploadid: ADPycdvK2n82qVLQDD06fuHAAFphur6hrbOWxSpWyhVO8IQ2zU8EFIzSq_Hg6W39w23CvY3i-x4eWahsfvZj5tBoNwPImw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 29324
x-served-by: cache-mia-kmia1760064-MIA
last-modified: Mon, 16 Nov 2020 14:58:37 GMT
server: UploadServer
x-timer: S1695838387.036576,VS0,VE0
etag: "728e9527fef73904783dd2561029d091"
x-goog-generation: 1605538717313763
content-type: font/woff
access-control-allow-origin: *
x-goog-hash: crc32c=GFrw3g==, md5=co6VJ/73OQR4PdJWECnQkQ==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 29324
accept-ranges: bytes
x-nyt-pagetype: nyt-fonts-legacy-asset
timing-allow-origin: *
x-cache-hits: 1096

GET
H2 200 nyt-franklin-700-normal.woff
typeface.nyt.com/fonts/ Frame 6C9E 29 KB
29 KB 132ms
27ms Font
font/woff 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://typeface.nyt.com/fonts/nyt-franklin-700-normal.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

60994a4c022df26635bb5ccdb7a22cf32a6486ee25a4648cebdfce0ef398a0fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://myaccount.nytimes.com/
Origin: https://myaccount.nytimes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

expires: Fri, 02 Feb 2024 05:47:02 GMT
date: Wed, 27 Sep 2023 18:13:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 20521562
x-guploader-uploadid: ADPycdvKICl4RDNP_PWTHY6aE0U5HxkDgj6UhTKVzI8f8MlOgJw9k0QefMqX94SLg7CqCKedCHhr9orb35NuO4z-gXSZdQtK2IJJ
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 29504
x-served-by: cache-mia-kmia1760064-MIA
last-modified: Mon, 16 Nov 2020 14:58:37 GMT
server: UploadServer
x-timer: S1695838387.036469,VS0,VE0
etag: "2c984913a2cbf4fb7c2f5cb3cb768ec7"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1605538717322939
content-type: font/woff
access-control-allow-origin: *
x-goog-hash: crc32c=0c1ISA==, md5=LJhJE6LL9Pt8L1yzy3aOxw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 29504
accept-ranges: bytes
x-nyt-pagetype: nyt-fonts-legacy-asset
timing-allow-origin: *
x-cache-hits: 1075

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame F3A7 2 KB
2 KB 294ms
94ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=59835355&p=156011&s=165626&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 1b28602617d1574ca8d644a7244aaabb8971d26827d68ab73df044e1e2a1aea1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Wed, 27 Sep 2023 18:13:07 GMT
content-length: 1718
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame 8879 43 B
855 B 110ms
61ms Image
image/gif 52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZRRwsr3Ny2RAs4hX_gddIAAACvgAAAIB&gpp=&gpp_sid=

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:07 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: RW6K2A3SVBRVVVR3YN19
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

cksync
hb.yahoo.net/ Frame 8879
Redirect Chain

https://match.adsrvr.org/track/cmf/casale
https://ups.analytics.yahoo.com/ups/55953/sync?uid=5590d811-dc9a-4fb5-af35-dad0b675eae8&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&redir=true
https://hb.yahoo.net/cksync?cs=63&axid_e=eS00NGhWOEFoRTJ1RXhNUGI4bHkwSzkwX0pXT0hFMzNxa35B&gdpr=0&ovsid=5590d811-dc9a-4fb5-af35-dad0b675eae8&dpid=55953

53 B
659 B

255ms
70ms

Image
image/gif

23.15.9.49
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hb.yahoo.net/cksync?cs=63&axid_e=eS00NGhWOEFoRTJ1RXhNUGI4bHkwSzkwX0pXT0hFMzNxa35B&gdpr=0&ovsid=5590d811-dc9a-4fb5-af35-dad0b675eae8&dpid=55953

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Protocol

Server

23.15.9.49 , United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-15-9-49.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Wed, 27 Sep 2023 18:13:07 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Wed, 27 Sep 2023 18:13:07 GMT

Redirect headers

location: https://hb.yahoo.net/cksync?cs=63&axid_e=eS00NGhWOEFoRTJ1RXhNUGI4bHkwSzkwX0pXT0hFMzNxa35B&gdpr=0&ovsid=5590d811-dc9a-4fb5-af35-dad0b675eae8&dpid=55953
date: Wed, 27 Sep 2023 18:13:07 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 8879
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZRRwsr3Ny2RAs4hX-gddIAAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGDivy2F3b128nJp1X-Z5DE&google_cver=1

43 B
734 B

68ms
67ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGDivy2F3b128nJp1X-Z5DE&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H3
Server: 104.18.27.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=96XjEmS7PZzH7tztSQ7%2Bj9yod1Bt1meXlEbGwOChKSxeKmHRMmVto5574m1SEWGHFVmvzj3VSRDmVQOz0cquQzKkJYZSl2CaJIYwKrV2X%2BAVOrvySzSVBxqs7jxE4AHT%2FpRGZ4nfnRJXOg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80d5b8000e6c1273-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGDivy2F3b128nJp1X-Z5DE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

usermatchredir
ssum-sec.casalemedia.com/ Frame 8879
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZRRwsr3Ny2RAs4hX_gddIAAACvgAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEHoaRTyjNqx8StTPkq78VIM&google_cver=1

43 B
734 B

102ms
102ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEHoaRTyjNqx8StTPkq78VIM&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H3
Server: 104.18.27.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=La%2BtKuTj%2BUT7oWZPIyCtOeI%2B0uRgrfqFhpNvYhNHLEQee4BfOo8OaWEqznjgbl3QdaLX6F9cuJHF7kg1l8P3cID8fIf%2FEwyoGZzjjlxC4AJogZZyWwFZNi7mnBNvlakXWHYcV22hQKrypg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80d5b7ffadce1273-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEHoaRTyjNqx8StTPkq78VIM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 364
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum.casalemedia.com/ Frame 8879
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
https://casale-match.dotomi.com/match/bounce/current?DotomiTest=42aab27685f30549&is_secure=true&networkId=19998&version=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAABwt12XT5MbwNEryl5AAAAAAA&expiration=1695924787&is_secure=true

43 B
722 B

71ms
70ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAABwt12XT5MbwNEryl5AAAAAAA&expiration=1695924787&is_secure=true
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H3
Server: 104.18.27.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kIJfWSKTKa4nbdQr5WPmTaZDmmGY7eh8VgEgsKHrpCCdSTrYyHBUQyZjLEdMVgopZewvGnXpC9vhz8f8FjuDPhfosZ5hNnnZ1Hjmq4z323sveFhB8YuxSR%2Fjf44yjA%2FsXYaimIX5"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80d5b80198701273-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAABwt12XT5MbwNEryl5AAAAAAA&expiration=1695924787&is_secure=true
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2

200

crum
dsum.casalemedia.com/ Frame 8879
Redirect Chain

https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=4312465876001392131

43 B
333 B

76ms
71ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=4312465876001392131
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H2
Server: 104.18.27.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xBXVXrNjgdRYjIkRDViLBhC5T7Z9t%2FmdwnanfSiAS0CdO2r%2B1b%2BSqlCCdNn%2BoxQxGhIp46bLwfLyh%2FIdVTsBAY0zJS2pHB8%2Bui9qZFaDyL7RRfAY7SZdan%2BpJuG2HdPB1bE8mtuG"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80d5b7ffaa6eb3bb-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
an-x-request-uuid: a0d40b6d-fd2b-441d-ab08-4d0e1c90cc51
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=4312465876001392131
x-proxy-origin: 38.132.118.77; 38.132.118.77; 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 400 /
sync.taboola.com/sg/indexscod/1/cm/ Frame 8879 0
0 315ms
63ms Image
text/html 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/indexscod/1/cm/?us_privacy=&gdpr=&gdpr_consent=&id=ZRRwsr3Ny2RAs4hX-gddIAAA%262808&gpp=&gpp_sid=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 8879
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=ZRRwswATh1d4PQA_
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZRRwswATh1d4PQA_&_test=ZRRwswATh1d4PQA_

43 B
733 B

71ms
70ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZRRwswATh1d4PQA_&_test=ZRRwswATh1d4PQA_
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol: H3
Server: 104.18.27.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xsyAuwsDT56fhQ6Z%2Feorn3pLQMOLdxY%2BmxpoyCPVIgU8AsHPDCOb0D%2BPJT4bK9Iy2tRkcAjEEpK%2BcuGXzKgsb4DHSszP04RU8iApvUYdr212c4gsZPXvzqItqYYJJL2PGRDBqQHiodWhvg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 80d5b8001e791273-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

x-served-by: cache-mia-kmia1760071-MIA
pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1695838387.188476,VS0,VE0
x-cache: HIT
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZRRwswATh1d4PQA_&_test=ZRRwswATh1d4PQA_
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 8879 43 B
479 B 93ms
62ms Image
image/gif 52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=index.com&id=ZRRwsr3Ny2RAs4hX_gddIAAACvgAAAIB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:07 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: JWXQK7TG96P9EPQ00TZE
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 / Show response
dd.nytimes.com/js/ Frame 6C9E 241 B
624 B 56ms
54ms XHR
application/json 18.67.65.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/js/

Requested by

Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/lire_ui/js/sentry.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.65.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-65-34.iad89.r.cloudfront.net

Software

DataDome /

Resource Hash

6a3549450817481f472233505c553c445dee2b368a9df0b9486e1ac3aff626a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
via: 1.1 0501dadffc52b06a0cf6aadc57586acc.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: DataDome
x-amz-cf-pop: IAD89-P1
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 241
x-amz-cf-id: DNeb9H0tkEK21p58xA1rwAYavv5UWlo492FOzQGLx62c1DYPvFHY4A==
expires: 0

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 7BE1 7 B
790 B 217ms
55ms XHR
application/json 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: d67ad46d58ddbab9fb03c088eabaaff8
Expires: 0

POST
H2 200 init Show response
gw.geoedge.be/api/ Frame 4915 0
217 B 217ms
62ms XHR
text/plain 2600:9000:250a:1200:10:43f:4352:ad61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gw.geoedge.be/api/init
Requested by: Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:250a:1200:10:43f:4352:ad61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Wed, 27 Sep 2023 18:13:07 GMT
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
content-length: 0
x-amz-cf-id: w2L1cVFMAHr9HMxXcdcMDDl1CTT2TEvlO9r0B2DRzOmpluxSv0PzSA==
x-cache: Miss from cloudfront

POST
H2 200 track
a.et.nytimes.com/ Frame 6C9E 0
0 83ms
83ms Ping
text/plain 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F09%252F27%252Fus%252Fmontana-transgender-ban.html&display=newsletter_morning_test&asset=RegiWall&application=Free_Experience&preloaded=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-42-214.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 4915 52 KB
21 KB 160ms
53ms Script
text/javascript 2607:f8b0:4004:c17::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 27 Sep 2023 18:05:40 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 447
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 27 Sep 2023 20:05:40 GMT

GET
H2 200 ssrh.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 4915 84 KB
29 KB 160ms
52ms Script
text/javascript 2607:f8b0:4004:c17::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/ssrh.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 05:03:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47398
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29043
x-xss-protection: 0
server: cafe
etag: 16132151104434394549
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 28 Sep 2023 05:03:09 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame 6C9E 6 KB
2 KB 213ms
95ms XHR
application/json 2600:1408:c400:784::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=ATH8A-MAMN8-XPXCH-N5KAX-8D239&d=myaccount.nytimes.com&t=5652795&v=1.720.0&sl=0&si=0e703bac-f574-4988-b07b-37fc66f6b159-s1np9v&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/lire_ui/js/sentry.bundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1408:c400:784::11a6 , United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: f3484749d00c552a2dfa9ad013167a26d4510d38a1e4daec5e935a20a2b7c8eb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://myaccount.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Wed, 27 Sep 2023 18:13:07 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 1502

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 7BE1
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LN22E08X-15-5418
https://s.amazon-adsystem.com/ecm3?id=LN22E08X-15-5418&ex=d-rubiconproject.com&status=ok

43 B
479 B

63ms
63ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=LN22E08X-15-5418&ex=d-rubiconproject.com&status=ok

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:07 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 9NPTE9CB11DY622AS1H3
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://s.amazon-adsystem.com/ecm3?id=LN22E08X-15-5418&ex=d-rubiconproject.com&status=ok
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 966e54b6201ecd300c4db0efc0f5781a
Expires: 0

GET
H/1.1 200
OK ecm3 Show response
s.amazon-adsystem.com/ Frame 05F8 43 B
479 B 62ms
61ms Document
image/gif 52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UID66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Wed, 27 Sep 2023 18:13:07 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: GBV7BSVSFP0RZVZP0HG4

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F3A7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZtwXp5FTTGWC4Y_Pu8Pe6A%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

15 KB
15 KB

61ms
61ms

Image
text/html

23.72.184.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 23.72.184.231 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-184-231.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:07 GMT
content-encoding: gzip
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=35688
accept-ranges: bytes
content-length: 5606
expires: Thu, 28 Sep 2023 04:07:55 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame F3A7
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=30e929b1-07b2-4261-b055-9b064f08800a%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5590d811-dc9a-4fb5-af35-dad0b675eae8&ttd_puid=30e929b1-07b2-4261-b055-9b064f08800a%2C%2C

95 B
124 B

47ms
46ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5590d811-dc9a-4fb5-af35-dad0b675eae8&ttd_puid=30e929b1-07b2-4261-b055-9b064f08800a%2C%2C

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

Server

34.111.113.62 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5590d811-dc9a-4fb5-af35-dad0b675eae8&ttd_puid=30e929b1-07b2-4261-b055-9b064f08800a%2C%2C
date: Wed, 27 Sep 2023 18:13:07 GMT
server: Kestrel
content-length: 359

GET
H2 403 FZt5psomz79DGe~O1V5PkX7S8-NVJIdw0INR-k~Duu9c36GyIDyElf4y8fa2~-9InNSq4BCadyu-8tQSiIkaVleT~Yh8GI4ocNSeo4~API4DJEsYNIMg2sPMMXvjcckTUFy53ZYw3gzv35jSAchydRkSr2XFgqe-kzzlKTlv1VT7-TlAc0PcX7nFzbKlHypwbpU3A...
us01.z.antigena.com/l/ Frame F3A7 0
0 185ms
55ms Image
text/html 40.76.134.238
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us01.z.antigena.com/l/FZt5psomz79DGe~O1V5PkX7S8-NVJIdw0INR-k~Duu9c36GyIDyElf4y8fa2~-9InNSq4BCadyu-8tQSiIkaVleT~Yh8GI4ocNSeo4~API4DJEsYNIMg2sPMMXvjcckTUFy53ZYw3gzv35jSAchydRkSr2XFgqe-kzzlKTlv1VT7-TlAc0PcX7nFzbKlHypwbpU3AWUAJgUx%2066DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&rnd=RND
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 40.76.134.238 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

GET
H2 200 xuid
eb2.3lift.com/ Frame F3A7 37 B
354 B 57ms
55ms Image
image/gif 35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=7976&xuid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&dongle=u6nf&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.71.139.29 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: image/gif
date: Wed, 27 Sep 2023 18:13:07 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame F3A7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjZEQzE3QTctOTE1My00QzY1LTgyRTEtOEZDRkJCQzNERUU4&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
245 B

175ms
58ms

Image
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Wed, 27 Sep 2023 18:13:07 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame F3A7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJQyz2pvsDH8WAW020XGewM&google_cver=1

42 B
347 B

177ms
58ms

Image
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJQyz2pvsDH8WAW020XGewM&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Wed, 27 Sep 2023 18:13:07 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJQyz2pvsDH8WAW020XGewM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame F3A7
Redirect Chain

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:5469571E4C844DE788E049DF39F33D3A

42 B
286 B

82ms
59ms

Image
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:5469571E4C844DE788E049DF39F33D3A
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Wed, 27 Sep 2023 18:13:07 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date: Wed, 27 Sep 2023 18:13:07 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:5469571E4C844DE788E049DF39F33D3A
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 26 Sep 2023 18:13:07 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame F3A7
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&gdpr_consent=

42 B
542 B

289ms
94ms

Image
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Wed, 27 Sep 2023 18:13:06 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&gdpr_consent=
date: Wed, 27 Sep 2023 18:13:07 GMT
server: Kestrel
content-length: 355

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame F3A7
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-wOKt_q9E2uVUikjEDgRYtoqYyPUUAkA-~A&gdpr=0

0
260 B

185ms
58ms

Image
text/plain

162.248.18.34
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-wOKt_q9E2uVUikjEDgRYtoqYyPUUAkA-~A&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Server: 162.248.18.34 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:06 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-wOKt_q9E2uVUikjEDgRYtoqYyPUUAkA-~A&gdpr=0
date: Wed, 27 Sep 2023 18:13:07 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame F3A7 43 B
602 B 58ms
57ms Image
image/gif 2600:1f18:4e9:5a07:3d74:ec94:292f:f7b9
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4e9:5a07:3d74:ec94:292f:f7b9 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:07 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 4915 22 KB
23 KB 167ms
51ms Image
image/jpeg 2607:f8b0:4004:c17::8b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcThtZFc50Im7AEbXk3BD_t-SMEtwdGpsH-eIgnGLCH_rTATWkC82T6KrpALww&usqp=CAI

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::8b , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df6ea0c37262acb4465fc54a7a73ae75d870eb18dcc8668fca9b0e33f10b1108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 21:19:35 GMT
x-content-type-options: nosniff
age: 75212
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22967
x-xss-protection: 0
last-modified: Tue, 04 Jun 2024 07:59:56 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 25 Sep 2024 21:19:35 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 4915 33 KB
34 KB 162ms
55ms Image
image/jpeg 2607:f8b0:4004:c07::71
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcSisaEKk7QA9sS8jvLTU6HKBlGu_djwu9Nl5bMYq6pLvIFZ0g7n&usqp=CAI

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::71 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efe89ee5574a12b23b5b2d8adba217ad5d458e732bef5149a0d85fa185400790

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 10:38:16 GMT
x-content-type-options: nosniff
age: 27291
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33833
x-xss-protection: 0
last-modified: Sun, 02 Jan 2022 11:20:49 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 26 Sep 2024 10:38:16 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 4915 23 KB
24 KB 179ms
62ms Image
image/jpeg 2607:f8b0:4004:c1d::66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRcih0Q_Y4ZlhBX6YN5HuOxpjw1TWXtJy-SzpySAgyukMBcmcVW5lag2QpZguA&usqp=CAI

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e517a4f97449d217c060d363041da434976cbcf598c1faa9716a998fc3421003

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 10:27:49 GMT
x-content-type-options: nosniff
age: 27918
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23566
x-xss-protection: 0
last-modified: Fri, 28 Jan 2022 06:27:06 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 26 Sep 2024 10:27:49 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 4915 31 KB
31 KB 243ms
128ms Image
image/jpeg 2607:f8b0:4004:c17::8b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcS9PLWe0PazTcHWTx71Ys-xarZHdKsh3sPeHtPrBFdgsXWtIwADi10XIJ5UyfM&usqp=CAI

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::8b , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a5d256cf445e0fd4be752c52d9ceb32dda878595c02e38a38d95c4a282de2c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:12:09 GMT
x-content-type-options: nosniff
age: 90058
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31626
x-xss-protection: 0
last-modified: Sat, 06 Apr 2024 11:52:25 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 25 Sep 2024 17:12:09 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 4915 31 KB
31 KB 276ms
161ms Image
image/jpeg 2607:f8b0:4004:c17::8b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRzPPd2jrfBdok48fZkBXwFWiuA43g52-ZK5uWacPwnx7_h4FdP&usqp=CAI

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::8b , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb56f5ea7ba42892889cf0c9c29b43997729d20bb327a836f97844642e2e90e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:12:09 GMT
x-content-type-options: nosniff
age: 90058
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31359
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 04:37:51 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 25 Sep 2024 17:12:09 GMT

GET
H2 200 8381471241321516335
tpc.googlesyndication.com/simgad/ Frame 4915 7 KB
7 KB 54ms
53ms Image
image/png 2607:f8b0:4004:c17::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8381471241321516335

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01fcb5b381e8d77bd8c2b79ae2de19de96fbdfb14323cfcda19cdfb2d899b43a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 18:29:48 GMT
x-content-type-options: nosniff
age: 85399
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7176
x-xss-protection: 0
last-modified: Fri, 29 Sep 2017 01:10:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 25 Sep 2024 18:29:48 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230925/r20110914/ Frame 4915 23 KB
9 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c17::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230925/r20110914/abg_lite_fy2021.js

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 13:55:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15438
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9135
x-xss-protection: 0
server: cafe
etag: 9583221549990841032
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 11 Oct 2023 13:55:49 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A16D 143 B
383 B 264ms
155ms Document
text/html 2607:f8b0:4004:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::9c , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 1690
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 17:44:57 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230925/r20110914/client/ Frame 4915 3 KB
1 KB 58ms
57ms Script
text/javascript 2607:f8b0:4004:c17::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230925/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 13:55:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15438
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 11 Oct 2023 13:55:49 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230925/r20110914/client/ Frame 4915 20 KB
8 KB 59ms
58ms Script
text/javascript 2607:f8b0:4004:c17::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230925/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 13:55:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15438
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 11 Oct 2023 13:55:49 GMT

POST
H2 403 report
csp.dev.nytimes.com/ Frame 6C9E 0
0 54ms
28ms Other
text/html 151.101.65.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.dev.nytimes.com/report
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7BE1
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OWZiYzEyNGJhYzUxYjc0N2U5NzJlYmMyYmM2YTAzMzk2NzkxOWVlMw

170 B
188 B

61ms
60ms

Image
image/png

172.253.63.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OWZiYzEyNGJhYzUxYjc0N2U5NzJlYmMyYmM2YTAzMzk2NzkxOWVlMw

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

Server

172.253.63.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OWZiYzEyNGJhYzUxYjc0N2U5NzJlYmMyYmM2YTAzMzk2NzkxOWVlMw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 0228ab361cece0438ff9eb16e4e5890e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK dcm
aax-eu.amazon-adsystem.com/s/ Frame 7BE1 43 B
855 B 628ms
214ms Image
image/gif 67.220.228.203
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.220.228.203 Washington, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:07 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: R1R28SHJ6ZMEYKN9KPGW
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 7BE1
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LN22E08X-15-5418

0
515 B

159ms
98ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LN22E08X-15-5418
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:07 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 28CB97EB159E43169828C9AD7CF98FE6 Ref B: MIAEDGE2713 Ref C: 2023-09-27T18:13:07Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYGWySwcBZ0RblOiMKseg==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LN22E08X-15-5418
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 314e432eb2d967cf733b82bdbbe35231
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 7BE1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPBE9cJh1H_dPEsNTOlWEIw&google_cver=1

42 B
703 B

176ms
55ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPBE9cJh1H_dPEsNTOlWEIw&google_cver=1
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 314e432eb2d967cf733b82bdbbe35231
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPBE9cJh1H_dPEsNTOlWEIw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7BE1
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TE4yMkUwOFgtMTUtNTQxOA==
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKfzipFnQvnrzph2tex7UcU&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE4yMkUwOFgtMTUtNTQxOA==&google_push=

170 B
188 B

66ms
66ms

Image
image/png

172.253.63.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE4yMkUwOFgtMTUtNTQxOA==&google_push=

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Server

172.253.63.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f154.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE4yMkUwOFgtMTUtNTQxOA==&google_push=
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d67ad46d58ddbab9fb03c088eabaaff8
Expires: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 7BE1
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&gdpr_consent=&expires=30

42 B
703 B

58ms
55ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&gdpr_consent=&expires=30
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 19c1ac3b9706c83a73951eba4d239689
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=5590d811-dc9a-4fb5-af35-dad0b675eae8&gdpr=0&gdpr_consent=&expires=30
date: Wed, 27 Sep 2023 18:13:07 GMT
server: Kestrel
content-length: 289

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 7BE1
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/yT_y-pAXdJ6PM71uKVLopsn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-GbDPUm9E2oJdNLNDoj194s0XgnEyHohoYDhOmQ--~A

42 B
703 B

55ms
55ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-GbDPUm9E2oJdNLNDoj194s0XgnEyHohoYDhOmQ--~A
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: c1df09169f58a071f2a391dff1b3307b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Wed, 27 Sep 2023 18:13:07 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-GbDPUm9E2oJdNLNDoj194s0XgnEyHohoYDhOmQ--~A
content-length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 7BE1
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=hLKiB5VqSpeKf8tLZ8Tfsg&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=hLKiB5VqSpeKf8tLZ8Tfsg

43 B
479 B

72ms
71ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=hLKiB5VqSpeKf8tLZ8Tfsg

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:07 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 7KD1Q1560N3GT7ETWMPC
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=hLKiB5VqSpeKf8tLZ8Tfsg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 19ea072139d67f7022c6e463249c998e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 7BE1
Redirect Chain

https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp
https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&_bee_ppp=1
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAETbk7KKOEAABhYSu3RjA&expires=30

42 B
703 B

56ms
56ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAETbk7KKOEAABhYSu3RjA&expires=30
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 0228ab361cece0438ff9eb16e4e5890e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAETbk7KKOEAABhYSu3RjA&expires=30
Date: Wed, 27 Sep 2023 18:13:07 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H2

200

cksync
hb.yahoo.net/ Frame 7BE1
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LN22E08X-15-5418&redir=true
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LN22E08X-15-5418&redir=true
https://hb.yahoo.net/cksync?cs=63&axid_e=eS00NGhWOEFoRTJ1RXhNUGI4bHkwSzkwX0pXT0hFMzNxa35B&ovsid=LN22E08X-15-5418&dpid=58160

53 B
479 B

70ms
70ms

Image
image/gif

23.15.9.49
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hb.yahoo.net/cksync?cs=63&axid_e=eS00NGhWOEFoRTJ1RXhNUGI4bHkwSzkwX0pXT0hFMzNxa35B&ovsid=LN22E08X-15-5418&dpid=58160

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Server

23.15.9.49 , United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-15-9-49.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Wed, 27 Sep 2023 18:13:07 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Wed, 27 Sep 2023 18:13:07 GMT

Redirect headers

location: https://hb.yahoo.net/cksync?cs=63&axid_e=eS00NGhWOEFoRTJ1RXhNUGI4bHkwSzkwX0pXT0hFMzNxa35B&ovsid=LN22E08X-15-5418&dpid=58160
date: Wed, 27 Sep 2023 18:13:07 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame 7BE1
Redirect Chain

https://token.rubiconproject.com/token?pid=37556&a=1
https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LN22E08X-15-5418

95 B
124 B

46ms
45ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LN22E08X-15-5418

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_pm-db5_rbd_n-vmg_n-MediaNet_ox-db5_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

Server

34.111.113.62 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

Location: https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LN22E08X-15-5418
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 2fcb300b847bad3e7dd1184ec8a1c2f5
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

ProfilesEngineServlet
sync1.intentiq.com/profiles_engine/ Frame 7BE1
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=primis
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LN22E08X-15-5418
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LN22E08X-15-5418
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LN22E08X-15-5418&ckls=true&ci=HcwDsHcRHW&nc=false&trid=253238734

43 B
1 KB

174ms
55ms

Image
image/gif

52.85.132.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LN22E08X-15-5418&ckls=true&ci=HcwDsHcRHW&nc=false&trid=253238734
Protocol: H2
Server: 52.85.132.46 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-132-46.iad50.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:08 GMT
via: 1.1 09028890675e48687e2855f3bdad98ea.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: IAD50-C2
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: wSipatkf3Qs8pDkBk-w2gur9Oc4ToqyhMkyKJQplgExCVy0ubOiBog==
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:08 GMT
via: 1.1 e88b34dd0e6a8e6f16f12ba472ae0c12.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: IAD50-C2
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LN22E08X-15-5418&ckls=true&ci=HcwDsHcRHW&nc=false&trid=253238734
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
patent: https://www.almondnet.com/ip
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: PDZ8gmegFhErGoetTKlJHkpBFLwvTwcNEO1JpRR7FEqvcQ3J8Dr50Q==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4915 182 KB
57 KB 59ms
59ms Script
text/javascript 172.253.63.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f154.1e100.net

Software

sffe /

Resource Hash

ff18e273fc7f233bf924108949a94f34e0587ed1cdfaa6820ba90be9cb739720

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695641553523962"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Sep 2023 18:13:07 GMT

GET
DATA 200
OK truncated
/ Frame 4915 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e59bbca4cd6bb859bdac896992fb60f513316870cd29a462df7220cfde94a667

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A16D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
307 B

69ms
67ms

Document
text/html

2607:f8b0:4004:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::9c , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 18:13:07 GMT
expires: Wed, 27 Sep 2023 18:13:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 18:13:07 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 .status
a.et.nytimes.com// 0
0 87ms
86ms Fetch
text/plain 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com//.status
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-42-214.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept: */*
Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain;charset=UTF-8

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 252ms
146ms XHR
application/json 2607:f8b0:4004:c1d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202309210101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9d , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

392d3cc14a31c57afd1286de75ef5bb4ac582df74fc71c473afa55ebfac1a4ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12032
x-xss-protection: 0

GET
H2 200 loader.js Show response
platform.iteratehq.com/ 1 KB
1 KB 105ms
38ms Script
application/javascript 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/loader.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a6544983b382dc6cc4c0ac84f8a07ec1f594cd5d4ed627c6e682ec5ff57546b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:07 GMT
x-amz-version-id: J903q30sVrYmZWkaTAb7gab1T5yz30du
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: HFE44WRY27Y87T6J
age: 427
x-amz-server-side-encryption: AES256
x-amz-id-2: WT06eG0n8gZIXhAU1jRINt+2AauEVY12+yLuAnw1PU0Wf7mAeUtd3xhu69BZQgv49+tej6CZVg4=
last-modified: Fri, 22 Sep 2023 15:53:32 GMT
server: cloudflare
etag: W/"8808b54975b295cfc85aa22f9abe57b6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8JzQ6p4tpRxNWRQDO5EUM6Jb6RtWqziMhqJYOlCMC6dxDBV%2Ba6a%2FZpupxfzv%2FJ%2FKleuu5vNnUIvng6sqIGzzNNu6y8623uMju75walOjAQpS%2BOYCgyYyvfj8921pcOyhHWBz%2BZiLapNcgFgnpPdMNuI4S3E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 80d5b804bf12b3ce-MIA

GET
H2

200

cs.js Show response
sb.scorecardresearch.com/internal-c2/3005403/
Redirect Chain

https://sb.scorecardresearch.com/c2/3005403/cs.js
https://sb.scorecardresearch.com/internal-c2/3005403/cs.js

0
383 B

49ms
49ms

Script
application/javascript

18.165.83.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-c2/3005403/cs.js
Protocol: H2
Server: 18.165.83.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-83-3.iad55.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 03:54:45 GMT
via: 1.1 d6b2e9bf1f40c8fcec509faeb60f8c54.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jul 2023 14:48:36 GMT
server: AmazonS3
x-amz-cf-pop: IAD55-P3
age: 51502
x-amz-server-side-encryption: AES256
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 0
x-amz-cf-id: 4L_6xYrMtyJOJf4Yn6IOiAGceFFSuRykP9wl-teQVHdKoqBRn5dm0w==

Redirect headers

date: Wed, 27 Sep 2023 18:13:07 GMT
via: 1.1 d6b2e9bf1f40c8fcec509faeb60f8c54.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: IAD55-P3
x-cache: Miss from cloudfront
location: /internal-c2/3005403/cs.js
content-length: 0
x-amz-cf-id: YtuYdjvI3PfVAbPD5OCB08-ioW3_kjXCWyBXgPX9OI7gl4TNBTqGxg==

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 4915
Redirect Chain

https://securepubads.g.doubleclick.net/pagead/adview?ai=CMiZWsnAUZfq4C_-YoPMPosabkAiclujscY-FsZmGCNWTlpjeOhABIMjW9RlgyYaAgNyjxBCgAarOtusDyAEJ4AIAqAMByANKqgTHAk_QiV75F0xmHkr7vAsC2FuXPZIuzZ0kN61WgmDM...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb5ca95bcb9556cfd0000000000000000%22,%222%22:%220x435e9115f3d183f50000000000000000%22,%223%22:%220x501026...

0
0

165ms
59ms

Fetch
text/css

142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xb5ca95bcb9556cfd0000000000000000%22,%222%22:%220x435e9115f3d183f50000000000000000%22,%223%22:%220x501026d7de66160c0000000000000000%22,%224%22:%220xd4c99ba7a3ad1e260000000000000000%22,%225%22:%220xe6402ca1954049480000000000000000%22},%22debug_key%22:%229429011883512680841%22,%22debug_reporting%22:true,%22destination%22:%22https://xterrawetsuits.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221030596394%22],%224%22:[%2209-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210764847291238189553%22}&andc=true

Requested by

Host: 8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
URL: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:08 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xb5ca95bcb9556cfd0000000000000000","2":"0x435e9115f3d183f50000000000000000","3":"0x501026d7de66160c0000000000000000","4":"0xd4c99ba7a3ad1e260000000000000000","5":"0xe6402ca1954049480000000000000000"},"debug_key":"9429011883512680841","debug_reporting":true,"destination":"https://xterrawetsuits.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1030596394"],"4":["09-27"],"6":["true"]},"priority":"500","source_event_id":"10764847291238189553"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: null
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 27 Sep 2023 18:13:08 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 27 Sep 2023 18:13:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xb5ca95bcb9556cfd0000000000000000","2":"0x435e9115f3d183f50000000000000000","3":"0x501026d7de66160c0000000000000000","4":"0xd4c99ba7a3ad1e260000000000000000","5":"0xe6402ca1954049480000000000000000"},"debug_key":"9429011883512680841","debug_reporting":true,"destination":"https://xterrawetsuits.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1030596394"],"4":["09-27"],"6":["true"]},"priority":"500","source_event_id":"10764847291238189553"}&andc=true
access-control-allow-origin: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H3 204 adview
securepubads.g.doubleclick.net/pagead/ Frame 0
0 263ms
68ms Preflight
text/html 2607:f8b0:4004:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/adview?ai=CMiZWsnAUZfq4C_-YoPMPosabkAiclujscY-FsZmGCNWTlpjeOhABIMjW9RlgyYaAgNyjxBCgAarOtusDyAEJ4AIAqAMByANKqgTHAk_QiV75F0xmHkr7vAsC2FuXPZIuzZ0kN61WgmDM1mFcKLGOCu5jROicoSu6FP6FavBBSddp63Ze7-nJFog4MSAgNsbDcbrKld2dxLzGRMlE_HLFMF4OSNZikRE548f5wqoxTXKmm2hTqVQYZYK6thsOE_NQjWMouQzpzkFe8Md8GQTI4uYNrIu8wN2jFilvF3-2r_XBJiyQP2025zu18kaIXMcxXvSPjZ8SKNCrtYNB0Kac-uRECqSWjwFKy5PiuBGidakuN30QcAOZou2KCtdPQgJrf_zl8cMOfsG0N4P_WZwgedhU8JvaFUPtLhxeifUumF52hBBNFwkMWocawmXpufL9USgZsejNask3UgsfFC0uZ0yWwwLBMpEIa_ArClTpn2a69rRZ_xEEclez5_nIaDYWJEY9AmyR-Q9yE_jIiMKEu2JMG8AE-vTE3uoB4AQBiAWwk56_A5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe-sckUqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcFELukiQHSCBQIgGEQARgdMgKKAjoCgEBIvf3BOpoJH2h0dHBzOi8vd3d3Lnh0ZXJyYXdldHN1aXRzLmNvbS-ACgPICwHaDBAKChDwkOf1yL-aoiISAgED4g0TCNjh56Syy4EDFX8MaAgdIuMGgtgTAtAVAZgWAYAXAbIXHgocCAASFHB1Yi05NTQyMTI2NDI2OTkzNzE0GJ7nFQ&sigh=A5v7ZpGD2y0&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaNAy_dEuIFrGxXDTY97f-66XNQ9jLJP3T1laS0nGQUu0SEueUql617uYvsuPY-CaVUU9bWIhCPuiSAexiWUbBJeH4nW0g2DgUYAQ&template_id=311&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9c , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 27 Sep 2023 18:13:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 1oOvdJ-Zd8iyZzymJJP8dpJcIY19edQL40-8Fy2m33E.js Show response
pagead2.googlesyndication.com/bg/ Frame B4CD 37 KB
15 KB 247ms
53ms Script
text/javascript 2607:f8b0:4004:c1d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1oOvdJ-Zd8iyZzymJJP8dpJcIY19edQL40-8Fy2m33E.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9d , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d683af749f9977c8b2673ca62493fc76925c218d7d79d40be34fbc172da6df71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 08:18:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35707
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14650
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 15:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Sep 2024 08:18:01 GMT

GET
H2 200 match-prod-66cbe8cec178ba6cb620.js Show response
platform.iteratehq.com/ 85 KB
30 KB 38ms
38ms Script
application/javascript 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/match-prod-66cbe8cec178ba6cb620.js

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8d712c312f7cc12c84ddbd40fd22136782652c3f663d6ae1d0218863c155899

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:08 GMT
x-amz-version-id: x8tWGuPFns0BzFA5U8yxLpu88eLwkMe.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: HFEBGEZHPV0X6WE7
age: 439938
x-amz-server-side-encryption: AES256
x-amz-id-2: f7V+a/6wKJEiqkV3w38rxEEKWfltA13vEKKyQYmylsurwn7P7h5jJ+8wndmkjXiHLtF0WF99beU=
last-modified: Fri, 22 Sep 2023 15:53:31 GMT
server: cloudflare
etag: W/"6f9a4888e87fb09d3afbc15a220165f5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U5tokNlTHW%2FIq7D8secWRL%2Fu1bk2bP4Ng%2BJyjGonCMLEd0aaaasGp3Vzz4I%2B90WvHzwkykt4hvVRsb2V8nvXwfqTaj6jxE00ZbWQmsVa7fNIjM%2B2GShpwmRfc00xxvOm25nSHiypNOGNuO%2BtOfa1a3pa7HA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 80d5b804ff8cb3ce-MIA

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 298 B
541 B 68ms
67ms Fetch
application/json 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/match-prod-66cbe8cec178ba6cb620.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11b8019b3870bd7aa7963689c0e2d19d76e607f60520fdbb4f0edeaeec6deb00

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNTQ0MTI5MzQxfQ.UI13nEXGs0udbZxhjyFLruAEed42XwFO4fZlCqOgY1o
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 27 Sep 2023 18:13:08 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BTxcvhcfV1rWEsG5srQssI6wjgtY%2Fu21y24FZr%2FQAJ5prlNJ2g4UyniW1bu4i7ErdTj%2BoLPRBsa7Fl1qKWHecFWetvUloRr3ZMafyK9C4w0rK8DQGGSbr2IRFcA5buZWR%2B7wiu8l930cLNA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 80d5b8067cb42206-MIA

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 180ms
61ms Preflight 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 80d5b8061c372206-MIA
content-length: 0
date: Wed, 27 Sep 2023 18:13:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fq0AV8mcsWQcfWpKcjNrlUavLMWdaMT%2BDcz4qXKmYvl3BNWJkgTm1jb3m52ffjxrp6Cg%2FjrmC0cD2YzNjGIixOseWicCBqAYNOIsVGuyuftskFCNNMy4EZ6jN%2FYo3Yde1GHLsgk7q5MxE18%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 58ms
54ms Script
text/javascript 2607:f8b0:4004:c17::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 27 Sep 2023 18:13:08 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3690 13 KB
5 KB 55ms
53ms Document
text/html 2607:f8b0:4004:c17::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::84 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 441557
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 22 Sep 2023 15:33:51 GMT
expires: Sat, 21 Sep 2024 15:33:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 321B 829 B
996 B 74ms
72ms Document
text/html 2607:f8b0:4004:c17::93
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi-ip.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::93 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4d40fe6306241675393bb5e4823ed7466b745447fd3a7ab6b5ec143f1bcefb33

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vgsug4uvLaXWVNXsCXeVMQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-vgsug4uvLaXWVNXsCXeVMQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 18:13:08 GMT
expires: Wed, 27 Sep 2023 18:13:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 tGcDLxZnxcZjneq6ZTfMhLSKmVRaNAcBIKHxIKG0fIc.js Show response
pagead2.googlesyndication.com/bg/ Frame 3690 37 KB
15 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c1d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tGcDLxZnxcZjneq6ZTfMhLSKmVRaNAcBIKHxIKG0fIc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9d , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b467032f1667c5c6639deaba6537cc84b48a99545a34070120a1f120a1b47c87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 08:07:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36330
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14772
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 15:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Sep 2024 08:07:38 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 321B 0
0 77ms
77ms Image
text/html 2607:f8b0:4004:c1d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202309210101&jk=83181102513240&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1d::9d , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 162ms
60ms Preflight
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: null
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 27 Sep 2023 18:13:08 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3690 0
10 B 150ms
149ms Image
text/plain 2607:f8b0:4004:c17::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?xBl5MA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c17::84 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:08 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 64 B
339 B 62ms
61ms Fetch
application/json 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/match-prod-66cbe8cec178ba6cb620.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea939bd13d79a17cc436d4c3e102d4060cb7ebf0e8e61918f3d034580dff02b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NTE0NzBiNDYzMmIwNTAwMDFhMjVlYzMiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNjk1ODM4Mzg4fQ.PNGKpMAT_44qUXD2w25fT5qMN9OOCV27lY0hK9W8EOE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 27 Sep 2023 18:13:08 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KNngXp8qM1tAKlKxc5IKsVKCayR47M4iVPiUT05GUTj5GJ9IxvEyHdQzRnmyW1ag02XB2PPeoh5x4cVrz6u3qEfFhCnU4piWpnw1eLF2a6GYgyRSWpb9RXXgAASzjUwEAnyS3j53iYHeaSk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 80d5b808dfb12206-MIA

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 58ms
57ms Preflight 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 80d5b8087f3d2206-MIA
content-length: 0
date: Wed, 27 Sep 2023 18:13:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4StjAbxSOUEOTN10nMpbkAKhuJqB6mEJ30ElYad5MU6nWU6SoHTSxdl%2Bp1BTXWDjhdRX1CuEsUGwz930Kq0KgJzCVcCc452%2ByH%2FdRbOd3j%2Fn7LSeNWruUSiBbQcblo35R8OJmKEbawcDcjg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 200 pd
nytimes-d.openx.net/w/1.0/ 43 B
123 B 56ms
41ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nytimes-d.openx.net/w/1.0/pd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:08 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

cksync.php
cs.media.net/
Redirect Chain

https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&redir=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Dcon%26ovsi...
https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=78fda0d9649e0530&is_secure=true&version=1&networkId=57734&gdpr=%24%7BGDPR%7D&gdpr_consent=%24%7BGDPR_CONSENT%7D&redir=https%3A%2F%2...
https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAAB4LU3wRS-HQN5VLtkAAAAAAA&expiration=1695924789&is_secure=true&gdpr_consent=${GDPR_CONSENT}&gdpr=${GDPR}

53 B
643 B

293ms
174ms

Image
image/gif

23.195.92.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAAB4LU3wRS-HQN5VLtkAAAAAAA&expiration=1695924789&is_secure=true&gdpr_consent=${GDPR_CONSENT}&gdpr=${GDPR}
Protocol: HTTP/1.1
Server: 23.195.92.23 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-92-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:09 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 53
x-mnet-hl2: E
Expires: Wed, 27 Sep 2023 18:13:09 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:09 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAAB4LU3wRS-HQN5VLtkAAAAAAA&expiration=1695924789&is_secure=true&gdpr_consent=${GDPR_CONSENT}&gdpr=${GDPR}
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2

200

cksync.php
contextual.media.net/
Redirect Chain

https://x.bidswitch.net/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1
https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1
https://sync-dmp.mobtrakk.com/match/bidswitch?id=${user_id}&gdpr=&consent=&usp=&ssp=medianet&bsw=6feb8dde-d916-4ff0-bd55-dc3157bce6a2
https://sync-dmp.mobtrakk.com/match/bidswitch?id=%24%7Buser_id%7D&gdpr=&consent=&usp=&ssp=medianet&bsw=6feb8dde-d916-4ff0-bd55-dc3157bce6a2&chk=1
https://x.bidswitch.net/sync?dsp_id=457&user_id=NjA3MDlkZDgzZGY4YTI0Ng&gdpr=&gdpr_consent=&us_privacy=&ssp=medianet&bsw_param=6feb8dde-d916-4ff0-bd55-dc3157bce6a2
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=6feb8dde-d916-4ff0-bd55-dc3157bce6a2&gdpr=&gdpr_consent=&gdpr_pd=

53 B
464 B

181ms
180ms

Image
image/gif

23.55.204.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=6feb8dde-d916-4ff0-bd55-dc3157bce6a2&gdpr=&gdpr_consent=&gdpr_pd=

Protocol

Server

23.55.204.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-55-204-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 27 Sep 2023 18:13:09 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Wed, 27 Sep 2023 18:13:09 GMT

Redirect headers

Location: //contextual.media.net/cksync.php?cs=1&type=bs&ovsid=6feb8dde-d916-4ff0-bd55-dc3157bce6a2&gdpr=&gdpr_consent=&gdpr_pd=
Date: Wed, 27 Sep 2023 18:13:09 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://eb2.3lift.com/sync?px=1&src=prebid&
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=3658&xuid=5590d811-dc9a-4fb5-af35-dad0b675eae8&dongle=0cfd&gdpr=0&gdpr_consent=

37 B
354 B

55ms
55ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3658&xuid=5590d811-dc9a-4fb5-af35-dad0b675eae8&dongle=0cfd&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.71.139.29 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: image/gif
date: Wed, 27 Sep 2023 18:13:09 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://eb2.3lift.com/xuid?mid=3658&xuid=5590d811-dc9a-4fb5-af35-dad0b675eae8&dongle=0cfd&gdpr=0&gdpr_consent=
date: Wed, 27 Sep 2023 18:13:09 GMT
server: Kestrel
content-length: 251

GET
H/1.1

200
OK

cksync.php
cs.media.net/
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_
https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=fce3gcAb1QLz255

53 B
631 B

398ms
398ms

Image
image/gif

23.195.92.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=fce3gcAb1QLz255
Protocol: HTTP/1.1
Server: 23.195.92.23 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-92-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:09 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 53
x-mnet-hl2: E
Expires: Wed, 27 Sep 2023 18:13:09 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:08 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-789-g976496f#rel-ec2-master i-00865c8b063743674@us-east-1d@dxedge-app-us-east-1-prod-asg
Location: https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=fce3gcAb1QLz255
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK cksync.php
cs.media.net/ 52 B
418 B 367ms
366ms Image
image/gif 23.195.92.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync.php?cs=8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.195.92.23 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-92-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Sep 2023 18:13:09 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 52
x-mnet-hl2: E
Expires: Wed, 27 Sep 2023 18:13:09 GMT

GET
H2

200

cksync.php
contextual.media.net/
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=&gpp=${GPP_STRING_142}&gpp_sid=${GPP_SID}&url=https%3A%2F%2Fcontextual.med...
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=e39f9f5f-4cb9-4dd4-8d92-dded18717a30&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=

53 B
615 B

333ms
192ms

Image
image/gif

23.55.204.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=e39f9f5f-4cb9-4dd4-8d92-dded18717a30&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=

Protocol

Server

23.55.204.22 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-55-204-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 27 Sep 2023 18:13:09 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Wed, 27 Sep 2023 18:13:09 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:09 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=e39f9f5f-4cb9-4dd4-8d92-dded18717a30&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1765075
content-length: 0
expires: Wed, 27 Sep 2023 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4915 42 B
174 B 391ms
390ms Fetch
image/gif 2607:f8b0:4004:c1d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0rwLTN3Y1iEXFHnlqs8vsJrERYfjnQEAl0TkIgbIXg2gx5mG_x5Q9NAfLZ5dlJ2jfhyFpNv0j_Y6vDihUbyRppcc2Q5jra6I2uV8BS90aRv5P0d_Q68abkGZK1xtfupHNd0S1yI-D3w&sai=AMfl-YST5PxjSaD-qpKWd0b5W72zx9Qk698Azcdb-otVSK5ya6rBUkyBPmj9Z_KcBm6FZkzsJtkIvxwxGygXfGH-8pP7Ug67-UYgtyk7eKWmD9Ib4TELPSS4Qb4AEXqxmGmPH3piJJDNSpakgo4pAQ&sig=Cg0ArKJSzHREK33Cg6VuEAE&cid=CAQSTADICaaNAy_dEuIFrGxXDTY97f-66XNQ9jLJP3T1laS0nGQUu0SEueUql617uYvsuPY-CaVUU9bWIhCPuiSAexiWUbBJeH4nW0g2DgUYAQ&id=lidar2&mcvt=1000&p=132,0,382,1600&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230925&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=21&adk=4096615031&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1695838386747&rpt=1230&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/b3960cc6-bfd2-4adc-910c-6e917e8a6a0e/grumi.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9d , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 79ms
79ms Image
text/html 2607:f8b0:4004:c1d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202309210101&jk=83181102513240&bg=!OjmlOXbNAAYrDsWMCw47ADQBe5WfOPUD5iP0HSpzRnuk7iUusn7rY-oC796hZfvublEUU7j3_5Zu1lktv7mkjQSt-gFTAgAAAFNSAAAACGgBB5kC0o9Mp-DzpamwCZlpkRuOjezvxI1Fm7xbQ0jTahttGDy-wFf5urBt_Q4XkYZt4-UXtGuB_KaNkrNcNPpvmcqJwkJNOTfPpfLhinIIubbWpAkD3JGzKLZsN2-IbO8b8JdxlUoi5Sn_YSdP7nBTD1duZcdIEBkWZMnmX51UJ-MokD7Uht4PIews2AFLFL1m864UI6Lg6xLKNsT4k3E1W8ox-Lt2FM-ouycbCKZsgOEUdQq9_FnKWQvS1Mqc9sTvObATG9G2TSciJ2kFo7sPKymJneh77rniy6zlQOPD8yA51F1Lqri4huT_SvzQFjB6xdjc6dc_F43Q1CKvx7qGJ6XkxZMkF_PsH_UOmTZ16hQlLZ969V1NHcSeZKNfPlmrvN0Y9Dvazo-vJ1i0JQPo-rVioU5L0n205B7IcabubiSxQfD0iYNye8VCeKvHl6ZWkpk_VNfoKFNtOW_aMlkMiQgIZp4rCdjA7Gok4gc24EXxGBkGQOIkJrQnjolDSKQ3pLtmvDk4m3TljHMULSkDgkRb955K1yjRiVDynEquTSF621qv4I9dvHHFPoVzOis35XIOtmD96R0Gfjjsj0h2D42xzVXQlHOBaHZkFPVAVnguGdVt1YA-NIYdMsk1bDA44asGO_AGEQh9Qju7ZTfQiKDYCIIFmGMGdeDLPJQx-Gjg0qM1_-YnNzJTyBw5gWS2Ay3WCpl9E7nbkgP1EITEYLLArGbidLwDai78VCQXKkP96zkmvibmMVvZjZb8ARZKZpDm5fLtv2m69uWYyJPUo38HkMm6VPHs-RD-lP5Rt7ejJIh2bKXqYizd5MaQhv09nc0V46Aq9avUhGgrQH7_vZ7KTx7TlL4H8Op_D9FHyRHAVsTbFCqxhRyhc1qqSt87jWgsX7Ctx8B5_wPdTvg_M6QJLwXQIcm56ZZ1A8oqOzKGER5C182Rz24gPphbloYo1Lh24Y3u
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c1d::9d , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame F3A7 0
128 B 59ms
58ms Script
text/plain 162.248.18.34
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156011&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.34 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 18:13:08 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame F3A7 1 KB
2 KB 95ms
94ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=87927903&p=156011&s=165626&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 2993097b3285bc8f7aee221dd19bda9397d39ac445b3c90a98bb103a169f7b67

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Wed, 27 Sep 2023 18:13:09 GMT
content-length: 1490
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK dcm Show response
s.amazon-adsystem.com/ Frame 30C7 43 B
855 B 62ms
62ms Document
image/gif 52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&redir=true&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Wed, 27 Sep 2023 18:13:10 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 8T667E1VNYDW6EA1E4PE

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 53C1
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFVGJrN0tLT0VBQUJoWVN1M1JqQQ&gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&b...
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://sync.technoratimedia.com/services?uid=AAETbk7KKOEAABhYSu3RjA&srv=cs&pid=73&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_cu...
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=2
https://bh.contextweb.com/bh/rtset?ev=AAETbk7KKOEAABhYSu3RjA&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Cpm%26bee_sync_current_par...
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAETbk7KKOEAABhYSu3RjA&pid=558502&do=add&gdpr=0
https://rtb-csync.smartadserver.com/redir?partneruserid=AAETbk7KKOEAABhYSu3RjA&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dpm%2...
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=4&userid=2823099493271102769&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAETbk7KKOEAABhYSu3RjA&gdpr=0&gdpr_consent=

42 B
279 B

58ms
58ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAETbk7KKOEAABhYSu3RjA&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 27 Sep 2023 18:13:11 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Wed, 27 Sep 2023 18:13:11 GMT
Server: gunicorn
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAETbk7KKOEAABhYSu3RjA&gdpr=0&gdpr_consent=
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 0643
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4312465876001392131&gdpr=0&gdpr_consent=

42 B
217 B

95ms
95ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4312465876001392131&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 27 Sep 2023 18:13:10 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: 6e1ffee7-465f-4a31-a5ae-8e3a95b0ea20
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Wed, 27 Sep 2023 18:13:10 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4312465876001392131&gdpr=0&gdpr_consent=
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.21.3
x-proxy-origin: 38.132.118.77; 38.132.118.77; 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 9D3A
Redirect Chain

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=841704ac-5d61-11ee-93b1-2a795dd41d4d

42 B
323 B

94ms
94ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=841704ac-5d61-11ee-93b1-2a795dd41d4d
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 27 Sep 2023 18:13:09 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 0
content-type: image/gif
date: Wed, 27 Sep 2023 18:13:10 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=841704ac-5d61-11ee-93b1-2a795dd41d4d
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: lga-delivery-8

GET
H/1.1 200
OK ecm3 Show response
s.amazon-adsystem.com/ Frame 2D52 43 B
479 B 59ms
59ms Document
image/gif 52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UID66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Wed, 27 Sep 2023 18:13:10 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: X2DNSY6G8DATQJSX2YV5

GET
H2

200

insync
thrtle.com/ Frame F3A7
Redirect Chain

https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&gdpr=0&gdpr_consent=
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&vxii_pid=12&vxii_pid1=10067&vxii_rcid=8ce735ce-5e4c-4d4f-8174-d516cbd3cd56

43 B
294 B

54ms
53ms

Image
image/gif

3.231.182.141
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&vxii_pid=12&vxii_pid1=10067&vxii_rcid=8ce735ce-5e4c-4d4f-8174-d516cbd3cd56
Protocol: H2
Server: 3.231.182.141 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-231-182-141.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

p3p: CP="NOI OUR BUS UNI COM NAV"
date: Wed, 27 Sep 2023 18:13:10 GMT
content-length: 43
content-type: image/gif

Redirect headers

location: https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&vxii_pid=12&vxii_pid1=10067&vxii_rcid=8ce735ce-5e4c-4d4f-8174-d516cbd3cd56
date: Wed, 27 Sep 2023 18:13:10 GMT
content-type: text/html; charset=utf-8
content-length: 211
p3p: CP="NOI OUR BUS UNI COM NAV"

GET
H3 200 sd
us-u.openx.net/w/1.0/ Frame F3A7 43 B
61 B 49ms
47ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=540245193&val=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&gdpr=0&gdpr_consent=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:10 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 Martin
crb.kargo.com/api/v1/dsync/ Frame F3A7 43 B
359 B 170ms
53ms Image
image/gif 3.91.167.182
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crb.kargo.com/api/v1/dsync/Martin?exid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.91.167.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-91-167-182.compute-1.amazonaws.com
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 18:13:10 GMT
x-accel-expires: 0
vary: Origin
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 204 sync
sync.bfmio.com/ Frame F3A7 0
425 B 229ms
52ms Image
text/plain 44.215.82.85
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=187&uid=66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.215.82.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-215-82-85.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Connection: keep-alive
Date: Wed, 27 Sep 2023 18:13:09 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame F3A7
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=c80ba617-56b0-497f-ae9d-b39620034ec8&gdpr=0&gdpr_consent=

1 B
315 B

94ms
94ms

Image
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=c80ba617-56b0-497f-ae9d-b39620034ec8&gdpr=0&gdpr_consent=
Protocol: H2
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Wed, 27 Sep 2023 18:13:08 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=c80ba617-56b0-497f-ae9d-b39620034ec8&gdpr=0&gdpr_consent=
Date: Wed, 27 Sep 2023 18:13:10 GMT
Connection: keep-alive
X-CI-RTID: 6c803312-ef4d-4474-a665-3c537d674f61
Content-Length: 205
Content-Type: text/html; charset=utf-8

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame F3A7
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3050744800502580243&gdpr=0&gdpr_consent=&us_privacy=

1 B
297 B

95ms
94ms

Image
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3050744800502580243&gdpr=0&gdpr_consent=&us_privacy=
Protocol: H2
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Wed, 27 Sep 2023 18:13:10 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3050744800502580243&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 27 Sep 2023 18:13:09 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

POST
H2 200 track
a.et.nytimes.com/ 0
0 74ms
73ms Ping
text/plain 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-42-214.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Verdicts & Comments Add Verdict or Comment

141 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

134 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 17:13:34	Name: sync Value: CgkIOhDtheG-rTE=
.nytimes.com/	1970-01-20 23:49:34	Name: nyt-a Value: SdDv3LCaDZY_XPcQHH51Kh
.nytimes.com/	1970-01-20 15:04:19	Name: nyt-gdpr Value: 0
.nytimes.com/	1970-01-20 23:49:34	Name: nyt-purr Value: cfhhcfhhhckfhdfs
.nytimes.com/	1970-01-20 15:04:19	Name: nyt-us Value: 1
.nytimes.com/	1970-01-20 15:04:19	Name: nyt-geo Value: US
.nytimes.com/	1970-01-20 15:03:58	Name: nyt.et.dd Value: iv=1AF729F4735B4BC49AC95FFD749A307B&val=bP9NHAVbXEscx9RCWmI0vDmP564XKn/fjyzmN3vsSjixuZzfW/UZlTCZed/WNgbLKYqbMpd+5r9vE7K92iiYHg+lh0kcBo8B8TdUNQEN/7+SlStyxsmlf3V8efGH/H85K1+DtxtLYTwwmkXiYL8DrydFKhIVndv7Dq9R6egUPPsISgzfKHHVoQQgBNX4ubz4ABNmQXcI10WQg7xwxFw4Vw==
.nytimes.com/	1969-12-31 23:59:59	Name: nyt-b3-traceid Value: 05d3075bbfab4c5bb547b7cc833c212e
.et.nytimes.com/	1970-01-20 15:04:00	Name: sessionActive Value: true
.et.nytimes.com/	1970-01-20 23:49:34	Name: sessionIndex Value: 1\|1695838384581\|SdDv3LCaDZY_XPcQHH51Kh\|1695838384581
.rubiconproject.com/	1970-01-20 23:49:34	Name: khaos Value: LN22E08X-15-5418
.scorecardresearch.com/	1970-01-21 00:39:58	Name: UID Value: 1D746bde3a3b30aa61fe7791695838385
.adnxs.com/	1970-01-20 17:13:34	Name: icu Value: ChgIkbx3EAoYASABKAEwseHRqAY4AUABSAEQseHRqAYYAA..
.adnxs.com/	1970-01-20 17:13:34	Name: uuid2 Value: 4312465876001392131
.nytimes.com/	1970-01-21 00:33:28	Name: purr-cache Value: <K0<r<C_<G_<S0<a0<ua
a.nytimes.com/	1969-12-31 23:59:59	Name: jkidd-s Value: referrer=&landing=&start=1695838385930&isNew=1&pageIndex=1
a.nytimes.com/	1970-01-20 23:49:34	Name: jkidd-p Value: prevPage=&currPage=
.nytimes.com/	1970-01-20 15:04:19	Name: b2b_cig_opt Value: %7B%22isCorpUser%22%3Afalse%7D
.nytimes.com/	1970-01-20 15:04:19	Name: edu_cig_opt Value: %7B%22isEduUser%22%3Afalse%7D
.nytimes.com/	1970-01-20 23:49:34	Name: nyt-jkidd Value: uid=0&lastRequest=1695838385930&activeDays=%5B0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C1%5D&adv=1&a7dv=1&a14dv=1&a21dv=1&lastKnownType=anon&newsStartDate=&entitlements=
.nytimes.com/	1970-01-20 17:13:34	Name: _gcl_au Value: 1.1.1637536371.1695838386
.amazon-adsystem.com/	1970-01-20 19:33:15	Name: ad-id Value: A6X4XEqtA0cesXFwCrrqBe0
.amazon-adsystem.com/	1970-01-21 00:39:58	Name: ad-privacy Value: 0
.adsrvr.org/	1970-01-20 23:51:00	Name: TDID Value: 5590d811-dc9a-4fb5-af35-dad0b675eae8
.nytimes.com/	1970-01-21 00:32:46	Name: _cb Value: BXuqaeD_npQduevKu
.nytimes.com/	1970-01-21 00:32:46	Name: _chartbeat2 Value: .1695838386679.1695838386679.1.CQyhDwDOlq8ND5TZ8WCsohKPC417xv.1
.nytimes.com/	1970-01-20 15:04:00	Name: _cb_svref Value: null
.doubleclick.net/	1970-01-21 00:39:58	Name: IDE Value: AHWqTUnbpFkgSuG4uFahuU5qcPcTNPAQWfuPx7zqcw1Uc1nInVSQXRR07sdMX7efSbU
.nytimes.com/	1970-01-21 00:25:34	Name: __gads Value: ID=cab8b780eda8cad2:T=1695838386:RT=1695838386:S=ALNI_MaW7K4I_ZohY48EY4p-Ifwn5gseGA
.nytimes.com/	1970-01-21 00:25:34	Name: __gpi Value: UID=00000d958597e74f:T=1695838386:RT=1695838386:S=ALNI_MbbSfqRK8b4AkHK3Egfxsa7B2w5lg
.www.nytimes.com/	1970-01-20 23:49:34	Name: datadome Value: 7Qa~mEJrC~45zmC7XT1tzpqP9L~8AaeJonYSvZJ4MOGyxN1It~JWDZdvP5GNuL_rDuBOzQnXbW8DP-fitpV5c6oZnUossrsg6x47uW3z1svbp4wcyDcK8-Ph~dYArZZx
.openx.net/	1970-01-20 23:49:34	Name: i Value: 6d01422e-d4e4-0c88-1ee7-032ea560d02b\|1695838386
.casalemedia.com/	1970-01-20 23:49:34	Name: CMID Value: ZRRwsr3Ny2RAs4hX-gddIAAA
.casalemedia.com/	1970-01-20 17:13:34	Name: CMPS Value: 2808
.casalemedia.com/	1970-01-20 17:13:34	Name: CMPRO Value: 2808
.3lift.com/	1970-01-20 17:13:34	Name: tluid Value: 1449237798462052953525
.openx.net/	1970-01-20 15:25:34	Name: pd Value: v2\|1695838386\|vMgavPkWgy
.et.nytimes.com/	1970-01-20 15:05:24	Name: et-ppvid Value: https://www.nytimes.com/2023/09/27/us/montana-transgender-ban.html=ss56VWT9pscPp9tOlwFlzabP^https://myaccount.nytimes.com/auth/iframe/enter-email=YrQrje8BMBXW7LdZbzfxA95m
.media.net/	1970-01-20 23:49:34	Name: visitor-id Value: 3388399861524506000V10
.yahoo.com/	1970-01-20 23:49:55	Name: A3 Value: d=AQABBLJwFGUCEO9_2bvUwD_C2avKgIfH6r0FEgEBAQHCFWUeZdxH0iMA_eMAAA&S=AQAAAmGiwE8eipuDZZAemICIRmg
.myaccount.nytimes.com/	1970-01-20 23:49:34	Name: datadome Value: 1Ipx47yDRFq6bw~Ivzn_viu1Bk4t0blkSp0jJovPz8WswLuJEywwKfG_4r65AQuqE2j7J2oAkOhTi1cE66wvXC8I4IjJ1uYsWl-LYHkqXiy79LsHBfZqAvxYLckXNLne
.everesttech.net/	1970-01-20 23:49:34	Name: everest_g_v2 Value: g_surferid~ZRRwswATh1d4PQA_
.pubmatic.com/	1970-01-20 23:49:34	Name: KADUSERCOOKIE Value: 66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8
.nytimes.com/	1970-01-20 15:14:03	Name: RT Value: "z=1&dm=nytimes.com&si=e1126294-573f-489f-8447-ffa7511c5e6c&ss=ln22e1o1&sl=1&tt=cr&bcn=%2F%2F68794905.akstat.io%2F&ld=jc"
.tapad.com/	1970-01-20 16:30:22	Name: TapAd_TS Value: 1695838387389
.tapad.com/	1970-01-20 16:30:22	Name: TapAd_DID Value: 30e929b1-07b2-4261-b055-9b064f08800a
.simpli.fi/	1970-01-20 23:51:00	Name: suid Value: 5469571E4C844DE788E049DF39F33D3A
.hb.yahoo.net/	1970-01-20 19:23:10	Name: visitor-id Value: 3388399871524501000V10
.hb.yahoo.net/	1970-01-20 19:23:10	Name: data-ttd Value: 5590d811-dc9a-4fb5-af35-dad0b675eae8~~63
.pubmatic.com/	1970-01-20 17:13:34	Name: KRTBCOOKIE_80 Value: 22987-CAESEJQyz2pvsDH8WAW020XGewM&KRTB&23025-CAESEJQyz2pvsDH8WAW020XGewM&KRTB&23386-CAESEJQyz2pvsDH8WAW020XGewM
.pubmatic.com/	1970-01-20 15:47:10	Name: KRTBCOOKIE_148 Value: 19421-uid:5469571E4C844DE788E049DF39F33D3A&KRTB&23486-uid:5469571E4C844DE788E049DF39F33D3A&KRTB&23489-uid:5469571E4C844DE788E049DF39F33D3A
.tapad.com/	1970-01-20 16:30:22	Name: TapAd_3WAY_SYNCS Value: 1!6498
.pubmatic.com/	1970-01-20 17:13:34	Name: KRTBCOOKIE_377 Value: 6810-5590d811-dc9a-4fb5-af35-dad0b675eae8&KRTB&22918-5590d811-dc9a-4fb5-af35-dad0b675eae8&KRTB&22926-5590d811-dc9a-4fb5-af35-dad0b675eae8&KRTB&23031-5590d811-dc9a-4fb5-af35-dad0b675eae8
.analytics.yahoo.com/	1970-01-20 23:49:34	Name: IDSYNC Value: "18y3~2e5u:1769~2e5u:19e0~2e5u:18z8~2e5u:18vk~2e5u"
.linkedin.com/	1970-01-20 23:49:34	Name: bcookie Value: "v=2&af499a5a-9000-4935-8631-565b2c4e4852"
.linkedin.com/	1970-01-20 15:05:24	Name: lidc Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2602:u=1:x=1:i=1695838387:t=1695924787:v=2:sig=AQGREIgalw73vdyWq5yIgDB5nVlUA2YI"
.bidr.io/	1970-01-21 00:32:31	Name: bito Value: AAETbk7KKOEAABhYSu3RjA
.bidr.io/	1970-01-21 00:32:31	Name: bitoIsSecure Value: ok
.rubiconproject.com/	1970-01-20 23:49:34	Name: audit Value: 1\|tcR/wBEzWcJqYpOY2gNJS6S5Bv7H1ouoxdnNVF8ci15d3O+t/5FIaZzG7R5y8x0C+oZRkYaKsZOp7VtEw4brJOCAnekPgJibDVXYmBCGE1Absm1clVNMrQ==
.hb.yahoo.net/	1970-01-20 19:23:10	Name: data-mag Value: LN22E08X-15-5418~~63
.doubleclick.net/	1970-01-20 15:04:01	Name: DSID Value: NO_DATA
.primis.tech/	1970-01-20 15:39:58	Name: csuuid Value: 651470b3ca17f
.intentiq.com/	1970-01-21 00:39:58	Name: IQver Value: 1.9
.intentiq.com/	1970-01-21 00:39:58	Name: intentIQ Value: HcwDsHcRHW
.intentiq.com/	1970-01-21 00:39:58	Name: IQPData Value: 646215245#1695838388272#0#1695838388272
.intentiq.com/	1970-01-21 00:39:58	Name: ASDT Value: 0
.intentiq.com/	1970-01-21 00:39:58	Name: intentIQCDate Value: 1695838388275
.intentiq.com/	1970-01-21 00:39:58	Name: CSDT Value: UEQ6MTUxMDZfMCZUcjVCM015
.nytimes.com/	1970-01-21 00:39:58	Name: iter_id Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NTE0NzBiNDYzMmIwNTAwMDFhMjVlYzMiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNjk1ODM4Mzg4fQ.PNGKpMAT_44qUXD2w25fT5qMN9OOCV27lY0hK9W8EOE
.googleadservices.com/	1970-01-20 17:13:34	Name: ar_debug Value: 1
.dotomi.com/	1970-01-20 15:03:58	Name: DotomiTest Value: 78fda0d9649e0530
.adsrvr.org/	1970-01-20 23:51:00	Name: TDCPM Value: CAESFwoIYXBwbmV4dXMSCwjSvpDm7eOfPBAFEhYKB3J1Ymljb24SCwj8lcPs7eOfPBAFEhUKBmdvb2dsZRILCKqGiert4588EAUSGQoKcmlnaHRtZWRpYRILCOCP3Ojt4588EAUSFQoGY2FzYWxlEgsIwJWy6e3jnzwQBRIXCghwdWJtYXRpYxILCJbxxOvt4588EAUSFAoFdGFwYWQSCwiWwJ7t7eOfPBAFEhYKB3N2eDl0NTASCwi0oPb77eOfPBAFGAEgASgCMgsI-Jb5qITknzwQBTgBWgdzdng5dDUwYAI.
.criteo.com/	1970-01-21 00:25:34	Name: uid Value: e39f9f5f-4cb9-4dd4-8d92-dded18717a30
.bidswitch.net/	1970-01-20 23:49:34	Name: tuuid Value: 6feb8dde-d916-4ff0-bd55-dc3157bce6a2
.bidswitch.net/	1970-01-20 23:49:34	Name: c Value: 1695838389
.bidswitch.net/	1970-01-20 23:49:34	Name: tuuid_lu Value: 1695838389
.w55c.net/	1970-01-21 00:34:12	Name: wfivefivec Value: fce3gcAb1QLz255
.w55c.net/	1970-01-20 15:47:10	Name: matchmedianet Value: 5
.pubmatic.com/	1970-01-20 15:47:10	Name: SPugT Value: 1695838388
.media.net/	1970-01-20 23:48:07	Name: data-co Value: AAAB4LU3wRS-HQN5VLtkAAAAAAA~~8
sync-dmp.mobtrakk.com/	1969-12-31 23:59:59	Name: chk Value: 1
sync-dmp.mobtrakk.com/	1970-01-21 00:39:58	Name: pid Value: NjA3MDlkZDgzZGY4YTI0Ng
.media.net/	1970-01-20 15:47:10	Name: data-c Value: e39f9f5f-4cb9-4dd4-8d92-dded18717a30~~1
.media.net/	1970-01-20 15:47:10	Name: data-c-ts Value: 1695838389
.media.net/	1970-01-20 23:48:07	Name: data-xu Value: fce3gcAb1QLz255~~8
.media.net/	1970-01-20 23:48:07	Name: data-bs Value: 6feb8dde-d916-4ff0-bd55-dc3157bce6a2~~1
.ads.pubmatic.com/	1970-01-20 15:05:24	Name: KCCH Value: YES
.pubmatic.com/	1970-01-20 17:13:34	Name: chkChromeAb67Sec Value: 2
.pubmatic.com/	1970-01-20 15:05:24	Name: pi Value: 156011:4
.pubmatic.com/	1970-01-20 17:13:34	Name: DPSync3 Value: 1696982400%3A262_261_260_259_201_263%7C1695859200%3A248%7C1696377600%3A265
.pubmatic.com/	1970-01-20 17:13:34	Name: SyncRTB3 Value: 1696982400%3A104_54_71_13_3_220_21_250_166_165%7C1696377600%3A223_2
.turn.com/	1970-01-20 19:23:10	Name: uid Value: 3050744800502580243
.kargo.com/	1970-01-20 23:49:34	Name: ktcid Value: f59c2d11-f999-0617-5ac1-ef604f95a891
.thrtle.com/	1970-01-20 19:51:58	Name: mc Value: eyJpZCI6IjhjZTczNWNlLTVlNGMtNGQ0Zi04MTc0LWQ1MTZjYmQzY2Q1NiIsImwiOjE2OTU4MzgzOTA0MDUsInQiOjF9
.bfmio.com/	1970-01-20 23:49:34	Name: __187_cid Value: 66DC17A7-9153-4C65-82E1-8FCFBBC3DEE8
.bfmio.com/	1970-01-20 23:49:34	Name: __io_cid Value: 26a4ba392923266059a9dcc31e6466fe565cf33c
.pubmatic.com/	1970-01-20 15:47:10	Name: KRTBCOOKIE_22 Value: 14911-3050744800502580243&KRTB&23150-3050744800502580243&KRTB&23527-3050744800502580243
.pubmatic.com/	1970-01-20 17:13:34	Name: KRTBCOOKIE_57 Value: 22776-4312465876001392131&KRTB&23339-4312465876001392131
.adgrx.com/	1970-01-21 00:32:46	Name: ADGRX_UID Value: 841704ac-5d61-11ee-93b1-2a795dd41d4d
.ipredictive.com/	1970-01-20 23:49:34	Name: cu Value: c80ba617-56b0-497f-ae9d-b39620034ec8\|1695838390486
.adgrx.com/	1970-01-20 15:05:24	Name: ADGRX_CM_PUBMATIC_BRIDGED Value: 1
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_16 Value: 1543803565212
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_37 Value: 5b1d1a63-ac20-30bb-9962-497c31c8b90b
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_44 Value: LN21GI17-Z-70C9
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_45 Value: 33EAD8FF-CDBC-4FB2-8DA7-00F4584842DA
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_46 Value: 7674190014737317359
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_48 Value: 4e29f957-8bcf-4dd8-bc1b-49b147223133
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_49 Value: AAAMqvFZLLnuagM9jmuOAAAAAAA
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_50 Value: 97bb4b3e-4955-46a3-909c-fcb4d1890e55
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_61 Value: 212286520604800
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_62 Value: 3388379181524423000V10
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_64 Value: S-MqNgztgWc9leUWnGlQk6KCRdzxShH7
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_7 Value: 3cbde603-abb7-4a46-88c7-36be51704b6b
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_70 Value: 1622253365053-949194170222-008367-009-004841
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_73 Value: AAETbk7KKOEAABhYSu3RjA
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_76 Value: RX-27c41841-3999-4517-9c74-49ba45f6da31-005
.technoratimedia.com/	1970-01-20 15:08:17	Name: tads_uidp_77 Value: Cb44OuZrFldRA_N4_PeGZXVycz9n1X3yXrwMXeTS8kc
.technoratimedia.com/	1970-01-20 15:08:17	Name: tads_uidp_79 Value: e7f39c2c-9506-4a25-93f7-7723e78af808
.technoratimedia.com/	1970-01-20 15:08:17	Name: tads_uidp_80 Value: y-wGGaKHRE2uFr7mRRQ1rpUXVG50xO5WZa~A
.technoratimedia.com/	1970-01-20 15:08:17	Name: tads_uidp_82 Value: ZRRnBUXpXclzuUkX.05DEQAA&1604
.technoratimedia.com/	1970-01-20 15:08:17	Name: tads_uidp_83 Value: XDRyPC3y39Ya
.technoratimedia.com/	1970-01-20 15:08:17	Name: tads_uidp_88 Value: 1784511455542910889061
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uidp_90 Value: dd6efeea-2c59-4a87-b0ac-dbac85afd4f7
.technoratimedia.com/	1970-01-20 15:08:17	Name: tads_uidp_91 Value: 2048915037081700588brt56841675014149615267a0
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uid Value: 325EFEFEE69D4CC091A3A44A64B0FD63
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_uid_cd Value: 20230206233052+0000
.technoratimedia.com/	1970-01-21 00:39:58	Name: tads_zora Value: 2
.technoratimedia.com/	1970-01-20 15:05:24	Name: envelope_liveramp.com Value: 1687042535605
.pubmatic.com/	1970-01-20 15:47:10	Name: KRTBCOOKIE_279 Value: 22890-c80ba617-56b0-497f-ae9d-b39620034ec8&KRTB&23011-c80ba617-56b0-497f-ae9d-b39620034ec8&KRTB&23355-c80ba617-56b0-497f-ae9d-b39620034ec8
.pubmatic.com/	1970-01-20 17:13:34	Name: KRTBCOOKIE_1003 Value: 22761-841704ac-5d61-11ee-93b1-2a795dd41d4d&KRTB&23275-841704ac-5d61-11ee-93b1-2a795dd41d4d
.pubmatic.com/	1970-01-20 15:47:10	Name: PugT Value: 1695838389
.contextweb.com/	1970-01-20 23:42:22	Name: V Value: he77G8zCXUYw
.contextweb.com/	1970-01-20 23:49:34	Name: pb_rtb_ev Value: 3-1n3p\|7dN.0.AAETbk7KKOEAABhYSu3RjA
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: ff07318a08cb12b5

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://myaccount.nytimes.com/auth/prefetch-assets Message: The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
network	error	URL: https://sync.taboola.com/sg/indexscod/1/cm/?us_privacy=&gdpr=&gdpr_consent=&id=ZRRwsr3Ny2RAs4hX-gddIAAA%262808&gpp=&gpp_sid= Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239(Line 9) Message: Refused to connect to 'https://68794905.akstat.io/' because it violates the following Content Security Policy directive: "connect-src 'self' .nytimes.com https://sentry.io .datadome.co https://*.go-mpulse.net".
network	error	URL: https://csp.dev.nytimes.com/report Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://us01.z.antigena.com/l/FZt5psomz79DGe~O1V5PkX7S8-NVJIdw0INR-k~Duu9c36GyIDyElf4y8fa2~-9InNSq4BCadyu-8tQSiIkaVleT~Yh8GI4ocNSeo4~API4DJEsYNIMg2sPMMXvjcckTUFy53ZYw3gzv35jSAchydRkSr2XFgqe-kzzlKTlv1VT7-TlAc0PcX7nFzbKlHypwbpU3AWUAJgUx%2066DC17A7-9153-4C65-82E1-8FCFBBC3DEE8&rnd=RND Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5290727.fls.doubleclick.net
8f64407f064c503e3f3efa6dfe12a201.safeframe.googlesyndication.com
a.et.nytimes.com
a.nytimes.com
a1.nyt.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
ad.turn.com
ads.pubmatic.com
adservice.google.com
als-svc.nytimes.com
bh.contextweb.com
c.amazon-adsystem.com
c.go-mpulse.net
casale-match.dotomi.com
cdn.brandmetrics.com
cm.adgrx.com
cm.g.doubleclick.net
collector.brandmetrics.com
config.aps.amazon-adsystem.com
contextual.media.net
crb.kargo.com
cs.media.net
csp.dev.nytimes.com
dd.nytimes.com
dis.criteo.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn3.gstatic.com
eus.rubiconproject.com
fastlane.rubiconproject.com
g1.nyt.com
googleads.g.doubleclick.net
gw.geoedge.be
hb.yahoo.net
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
insight.adsrvr.org
iteratehq.com
live.primis.tech
match.adsrvr.org
match.prod.bidr.io
medianet-match.dotomi.com
mwcm.nytimes.com
myaccount.nytimes.com
nytimes-d.openx.net
pagead2.googlesyndication.com
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
pixel.tapad.com
platform.iteratehq.com
pm.w55c.net
pnytimes.chartbeat.net
pr-bh.ybp.yahoo.com
prebid.media.net
purr.nytimes.com
px.ads.linkedin.com
rtb-csync.smartadserver.com
rtb.openx.net
rumcdn.geoedge.be
s.amazon-adsystem.com
s.go-mpulse.net
samizdat-graphql.nytimes.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssum-sec.casalemedia.com
static.chartbeat.com
static01.nyt.com
sync-dmp.mobtrakk.com
sync-tm.everesttech.net
sync.bfmio.com
sync.intentiq.com
sync.ipredictive.com
sync.taboola.com
sync.technoratimedia.com
sync1.intentiq.com
thrtle.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
typeface.nyt.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
us01.z.antigena.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.nytimes.com
x.bidswitch.net
104.18.27.193
104.36.113.107
104.36.113.112
141.226.224.48
142.251.16.157
142.251.167.148
151.101.129.164
151.101.193.164
151.101.2.49
151.101.65.164
162.248.18.34
162.248.18.37
172.253.63.154
173.231.178.116
18.160.10.80
18.165.83.3
18.67.64.51
18.67.65.34
18.67.67.228
198.148.27.131
20.40.202.2
216.22.16.8
23.15.9.49
23.195.92.23
23.55.204.22
23.55.205.215
23.72.184.231
2600:1408:c400:1886::11a6
2600:1408:c400:784::11a6
2600:1f18:4e9:5a07:3d74:ec94:292f:f7b9
2600:9000:2009:8a00:4:b37b:9440:93a1
2600:9000:2073:ee00:1b:6b7d:2300:93a1
2600:9000:24f3:d600:18:1fcd:353:c61
2600:9000:24f5:9000:1a:5235:f980:93a1
2600:9000:250a:1200:10:43f:4352:ad61
2602:803:c002:200::62
2603:c020:400d:3000:7130:bb0b:d7e:bee2
2606:4700:20::681a:7e5
2606:4700:20::ac43:4842
2606:ae80:1471:17::1050
2607:f8b0:4004:c07::71
2607:f8b0:4004:c07::84
2607:f8b0:4004:c07::9c
2607:f8b0:4004:c09::9c
2607:f8b0:4004:c0b::61
2607:f8b0:4004:c17::65
2607:f8b0:4004:c17::84
2607:f8b0:4004:c17::8b
2607:f8b0:4004:c17::93
2607:f8b0:4004:c1b::9c
2607:f8b0:4004:c1d::66
2607:f8b0:4004:c1d::9d
2620:112:f002:bbbb::21
2620:1ec:21::14
3.135.132.32
3.225.218.10
3.231.182.141
3.91.167.182
34.107.148.139
34.111.113.62
35.186.253.211
35.194.66.159
35.211.178.172
35.244.159.8
35.71.131.137
35.71.139.29
40.76.134.238
44.211.112.71
44.215.82.85
52.3.42.214
52.46.128.147
52.54.49.121
52.71.201.57
52.85.132.46
52.87.113.81
54.159.168.32
54.227.29.23
54.84.235.220
67.220.228.203
68.67.160.76
69.173.151.100
74.119.119.150
01fcb5b381e8d77bd8c2b79ae2de19de96fbdfb14323cfcda19cdfb2d899b43a
04e5a860e37154bab806061542590a21cfb00ba727f1ee25ef7200a6df38c9a2
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0664961298d6e93ad5d37647650bc8c0f33ded6e53ecffdca7a92a60cebb943c
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0725ee1cf5ac4dfdcf95ecf411325568fa74b0c24ada34ff2fb8ea20571f1d41
09bff184ea094a06e46d7f26512fd7b245304078a27f1ba8084488cbcf7704de
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f
113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771
11b8019b3870bd7aa7963689c0e2d19d76e607f60520fdbb4f0edeaeec6deb00
1560274f4b427b35f9d02fc07a8591fac20de16c2b82c92e15a43bde026fc648
17a60971acd82c65cd57863f07cbc2fc9124483c6fb6f9bfa270019c058a479c
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
182922543f2c360a45efb777362f9be935b84f69370ded63ebd858f34d81f79b
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1a6544983b382dc6cc4c0ac84f8a07ec1f594cd5d4ed627c6e682ec5ff57546b
1b28602617d1574ca8d644a7244aaabb8971d26827d68ab73df044e1e2a1aea1
1c205a67e110a122f2d950dc0b68a8491b4ea2f24a1480ff88582d4246a6d647
22a42ac0bafcd513a630d9f2751921dc6fa7b669a16d0c388c6372723fd39adc
23b95c1b7b3b2b5e95951fea1e41615b6370c8b022f833e5faed2fc00b9ce8d2
25a27c7b16c376c14f690d119b2ac48f54974d3fb107aec2bce59b49c56fb694
284b0236a4042298beab7fbd92e85285533473c1316488a1fd2e0aa3522f607a
290ddb5c02c9d8679b52653c0c424af207d68907449b430874df091a22fcc74f
29706c4ab8f4d48b33ccb0ea813f8afb5f7ac569f623536b96fba6cf1fc60e9b
2993097b3285bc8f7aee221dd19bda9397d39ac445b3c90a98bb103a169f7b67
2d20b53db6c75684d241e74a4970b4a310f11e6620dcc551fd768fe4a6402d8c
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
392d3cc14a31c57afd1286de75ef5bb4ac582df74fc71c473afa55ebfac1a4ba
39c3bbf56d0dcbf6d0a6fe627102e417b923cf50a8821f9cb0a55956c57f9413
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47aa737bbc930b5b511d55f759ce50d2341d19f8880bea55f560836a168fe7be
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49c0ff12cc2fe44a7b4d44702dc2a61e7b3f92ead6cdc8be67deff8e68b6fe39
4b4341349ed8ff84441d5435d1c80b2f5efd6affef721470f793bb5e2656f854
4d40fe6306241675393bb5e4823ed7466b745447fd3a7ab6b5ec143f1bcefb33
4dce82188087b5a879afaed84f7c41579a9ccd759994d30d908879edc355ca62
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
51810745d3e4e28eec27857037693434619b5a9487d389a2243a555d6830f66b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
564385e5dd8a1058fd759445c33b2c554d409528496b9d91533eeb079f6415de
57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176
5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e
60994a4c022df26635bb5ccdb7a22cf32a6486ee25a4648cebdfce0ef398a0fa
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6a3549450817481f472233505c553c445dee2b368a9df0b9486e1ac3aff626a7
6a94146f8607f839721ec77ab025a51250a273cfa4f9d025a9b1b7cf7b1afd5c
6af7ac07fb27bd0c4747c3ffcda6813337824e4c95c1e623fd5597232b22a7c4
7468c5b88c4644505f135fdb580e244f0f99551f05c7dd5e6fa536c65946f97f
7837207f1197c426c0551dcbead6be815beff78431f5c45e84014a94cfde09d5
7853f075e37608b0c15951998a703809e643aa9db53ee12f4431d1043a80cdea
79bc00b1ba3e228fe806d7ddfc0bd9a9b9eb904701a35d6dc435932c0b17c1e3
7b9447e90b1fa53aceff22719995122391fed5e9713a84d8d9988a65a29bec05
7cf787477c765d8e710c1774f4ad58008c8f556271162e8f892cdd53e8ef9b1b
7d6e303eeb0cb3248e7ea4945dc48ee9763362642595aa25deeb2f7010d33edd
7ea9e799d3d6012d616632e36cfc9298ffe3cda681d40541f8b061fcb89e6609
85086520b731460950de6282474a6180b8c5fbee169ccce9d1a44a939d2e0cca
887f1e249e870d52cd78628117b0286a77a68cf092ca501c17c839606e6d3e54
8a0f1628ae40f1c65f58ee1b1de14ad64bc40f8e391e516e8196115b5631ea8b
8a5d256cf445e0fd4be752c52d9ceb32dda878595c02e38a38d95c4a282de2c8
8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306
8c1947652b650658b7573122c3e836ab794dedf89c922a43e0abf777eeebe1d2
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e2e6043625a26724079636a426110ceb19048a516a2a68f8d8569f36d9d5f3f
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423
958b929efda1605da550c969b90450a5a2604c9e5ca92f537e52a6f7f677555d
9863e497691733db74131fb61099b6d3aad4198f442b261fd589ab6a96ab13d9
9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb
9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff
9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470
9ea6a4d85e1c4e4c83b0225804535221762e1b02fa51bc9a26d98003317ad32b
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0f48f37377e5f14b05f2560e82bbfe408c1e10fcbeb97d6696754287e753b67
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e
a88fdd3e8f877d19f688967a15722850eaf1dabc11b83feb295ac21be8e629fe
a931fed0c94dffa9e7b8c2211bbef72da62d20b73cd718be5d515bd8962cf078
aa65623efddc8ae214640d70385acd5186b75edf4649c1802acf508c2a0e1cce
aada35f35104e66e80549712d9076243d16273e36cfc162cb599fc219c49631b
ac769485aa4a02f63378b356613b150f8a1f3ce4ef9cd8adbe33bd0bdbca02b7
ae62969b5b189bb28c67dbcee8666abe3e9f498d17a79a68c56e1069d7d63123
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2064442f57238d5e04d61bacad93794e723f91204f928f6980801c400b7bea6
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
b467032f1667c5c6639deaba6537cc84b48a99545a34070120a1f120a1b47c87
b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e
baabb01c05f5a7a83cf26233fcbb29790b584afb736caa63cb26ed1d051aa78d
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bf2e3faee701cc3b65cc1a66ad651738712733a85bb41be9cc4e4c484544da09
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c5ba5b401146479b013e52b3558548e56cd5a65018ad3c6aa691349d592b190e
c67b2c5a246898ee41fbb13a7aa993bd4f1f446248e10afdc609a3d2462ceacb
c8d712c312f7cc12c84ddbd40fd22136782652c3f663d6ae1d0218863c155899
c93370ec287d636bf91e692eecdb45d3e3696cabfd2dcb7c728303d88d39a9be
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb56f5ea7ba42892889cf0c9c29b43997729d20bb327a836f97844642e2e90e8
ccfdf8c4db4ea3b032de39c3b9ae7c881c9cc550be34e10250af46ead724caf6
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d243c46f684dca0921a186cc19ca02e5abfaa97d4eb42489b91ecbd07a13f1cd
d57cdc47f635d0573f2ffd7afe1ef996c81373cddc10fa4ab69cbbad71903ed2
d683af749f9977c8b2673ca62493fc76925c218d7d79d40be34fbc172da6df71
da840c8ab4f7896c16197e475607c1d29492b3507864a8c3b537a1b679c67596
de2fb7fd3a533c10e58a8054b788190cfd242b5b95be9db2a5d7882f5112abd9
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df6ea0c37262acb4465fc54a7a73ae75d870eb18dcc8668fca9b0e33f10b1108
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e517a4f97449d217c060d363041da434976cbcf598c1faa9716a998fc3421003
e59bbca4cd6bb859bdac896992fb60f513316870cd29a462df7220cfde94a667
ea939bd13d79a17cc436d4c3e102d4060cb7ebf0e8e61918f3d034580dff02b9
ec00b1ab600cbefd105982ae42125bec6f640b950903c2d4eb158fb326feafc6
ee6e5ad9ab8d7b16e2abb4380dc8fbfb1967d9608b581525c63e19baff041a42
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efe89ee5574a12b23b5b2d8adba217ad5d458e732bef5149a0d85fa185400790
f13f08a7d84a37aa43b063e88661aac5ebe09dfaba150099bcb6976428bc86c0
f3484749d00c552a2dfa9ad013167a26d4510d38a1e4daec5e935a20a2b7c8eb
f4c8c10c577f10d982568bd0e5128cb974cc1b3a889dc41a7712734d161de050
f6bc7f9a3f11d6b57fc36f8a0c11cee8050f16e5feb996b8514c820ca4678389
fe438925933c385a5b2853dc023ac3721f6ab4bacb7bdbae6b1f4d0eb5e5b8b9
fe8d5a6f12533884b6896dd290e422c830e86e0228d45dbe97ac03c6e86a5b5a
fe959c9063db59f41dbf732c4e716e61725dcc7196fe89dc8f10656b0174e87c
ff18779bb7f76122171e9faa51b7af30bc0239d361c926489b02032bb5bccb54
ff18e273fc7f233bf924108949a94f34e0587ed1cdfaa6820ba90be9cb739720

www.nytimes.com Open in urlscan Pro 151.101.129.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

207 Requests

81 %HTTPS

33 %IPv6

51 Domains

100 Subdomains

66 IPs

2 Countries

3226 kBTransfer

9640 kBSize

134 Cookies

18 Outgoing links

Redirected requests

207 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.nytimes.com Open in urlscan Pro
151.101.129.164 Public Scan

Screenshot
Live screenshot

Full Image

207
Requests

81 %
HTTPS

33 %
IPv6

51
Domains

100
Subdomains

66
IPs

2
Countries

3226 kB
Transfer

9640 kB
Size

134
Cookies

207 HTTP transactions
1 data transactions