urlscan.io logo urlscan.io
SecurityTrails logo

secure.winred.com Open in urlscan Pro
2606:4700::6812:9b15  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://trk.cp20.com/click/gh7c-3454r-1q4pk-4o9v4c0/
Effective URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpc...
Submission: On December 21 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 37 IPs in 2 countries across 29 domains to perform 166 HTTP transactions. The main IP is 2606:4700::6812:9b15, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure.winred.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on October 5th 2021. Valid for: a year.
This is the only time secure.winred.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 216.24.224.100 17358 (ETOLL1)
9 2606:4700::68... 13335 (CLOUDFLAR...)
27 13.225.210.10 16509 (AMAZON-02)
4 2607:f8b0:400... 15169 (GOOGLE)
3 13.225.63.109 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
5 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
43 54.186.23.98 16509 (AMAZON-02)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:402... 15169 (GOOGLE)
2 142.250.80.66 15169 (GOOGLE)
1 199.232.64.157 54113 (FASTLY)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 23.52.162.190 16625 (AKAMAI-AS)
3 151.101.129.44 54113 (FASTLY)
2 13.225.63.61 16509 (AMAZON-02)
1 2600:9000:210... 16509 (AMAZON-02)
2 2001:4998:14:... 14777 (YAHOO)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 23.52.160.130 16625 (AKAMAI-AS)
2 2600:9000:21e... 16509 (AMAZON-02)
1 4 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
2 70.42.32.31 22075 (AS-OUTBRAIN)
1 68.67.160.134 29990 (ASN-APPNEX)
1 2 2607:f8b0:400... 15169 (GOOGLE)
1 172.217.165.130 15169 (GOOGLE)
1 104.244.42.131 13414 (TWITTER)
1 104.244.42.69 13414 (TWITTER)
1 8 35.186.226.184 15169 (GOOGLE)
5 2607:f8b0:400... 15169 (GOOGLE)
1 1 2600:1f18:730... 14618 (AMAZON-AES)
1 34.238.14.155 14618 (AMAZON-AES)
1 76.13.32.146 26101 (YAHOO-BF1)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 44.238.75.245 16509 (AMAZON-02)
2 2 107.178.246.49 15169 (GOOGLE)
13 2607:f8b0:400... 15169 (GOOGLE)
2 141.226.224.48 200478 (TABOOLA-AS)
166 37
1    216.24.224.100 (Canada)

ASN17358 (ETOLL1, CA)
PTR: click.skem1.com
trk.cp20.com
9    2606:4700::6812:9b15 (United States)

ASN13335 (CLOUDFLARENET, US)
secure.winred.com
27    13.225.210.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-10.ewr50.r.cloudfront.net
js.stripe.com
4    2607:f8b0:4006:806::200a (United States)

ASN15169 (GOOGLE, US)
maps.googleapis.com
3    13.225.63.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-109.ewr53.r.cloudfront.net
d35ligi1n5bgzc.cloudfront.net
2    2607:f8b0:4006:822::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
5    2607:f8b0:4006:821::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2606:4700::6812:9c15 (United States)

ASN13335 (CLOUDFLARENET, US)
app.revv.co
43    54.186.23.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-186-23-98.stripe.com
q.stripe.com
r.stripe.com
4    2607:f8b0:400d:c08::5c (Morganton, United States)

ASN15169 (GOOGLE, US)
pay.google.com
2    2607:f8b0:4023:1404::9a (Columbus, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    142.250.80.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net
www.googleadservices.com
1    199.232.64.157 (Ashburn, United States)

ASN54113 (FASTLY, US)
static.ads-twitter.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    23.52.162.190 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-190.deploy.static.akamaitechnologies.com
amplify.outbrain.com
3    151.101.129.44 (United States)

ASN54113 (FASTLY, US)
cdn.taboola.com
trc.taboola.com
2    13.225.63.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-61.ewr53.r.cloudfront.net
sc-static.net
1    2600:9000:210b:e600:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)
b-code.liadm.com
2    2001:4998:14:800::1001 (Ashburn, United States)

ASN14777 (YAHOO, US)
s.yimg.com
2    2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    23.52.160.130 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-160-130.deploy.static.akamaitechnologies.com
acdn.adnxs.com
2    2600:9000:21ea:c800:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
m.stripe.network
4    2607:f8b0:4006:81d::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
4    2607:f8b0:4006:81e::2003 (United States)

ASN15169 (GOOGLE, US)
www.google.ca
2    70.42.32.31 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
tr.outbrain.com
1    68.67.160.134 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 670.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
2    2607:f8b0:4006:824::2002 (United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    172.217.165.130 (United States)

ASN15169 (GOOGLE, US)
PTR: lax30s03-in-f2.1e100.net
855967303.privacysandbox.googleadservices.com
1    104.244.42.131 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
8    35.186.226.184 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 184.226.186.35.bc.googleusercontent.com
tr.snapchat.com
5    2607:f8b0:4006:809::2003 (United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2600:1f18:730:b140:3161:8a8b:ea8c:5d8b (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
rp.liadm.com
1    34.238.14.155 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-14-155.compute-1.amazonaws.com
rp4.liadm.com
1    76.13.32.146 (Lockport, United States)

ASN26101 (YAHOO-BF1, US)
PTR: spdc.pbp.vip.bf1.yahoo.com
sp.analytics.yahoo.com
2    2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    44.238.75.245 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-238-75-245.us-west-2.compute.amazonaws.com
m.stripe.com
2    107.178.246.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com
pixel.tapad.com
13    2607:f8b0:4006:806::200e (United States)

ASN15169 (GOOGLE, US)
play.google.com
2    141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)
trc-events.taboola.com
Domain Requested by
34 r.stripe.com js.stripe.com
27 js.stripe.com secure.winred.com
js.stripe.com
13 play.google.com www.gstatic.com
9 q.stripe.com secure.winred.com
9 secure.winred.com secure.winred.com
8 tr.snapchat.com 1 redirects sc-static.net
secure.winred.com
5 www.gstatic.com pay.google.com
www.gstatic.com
5 www.google-analytics.com secure.winred.com
www.google-analytics.com
www.gstatic.com
4 www.google.ca secure.winred.com
4 www.google.com 1 redirects secure.winred.com
4 pay.google.com js.stripe.com
pay.google.com
secure.winred.com
www.gstatic.com
4 maps.googleapis.com secure.winred.com
maps.googleapis.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
secure.winred.com
3 d35ligi1n5bgzc.cloudfront.net secure.winred.com
2 trc-events.taboola.com cdn.taboola.com
2 pixel.tapad.com 2 redirects
2 www.facebook.com secure.winred.com
2 googleads.g.doubleclick.net 1 redirects www.googleadservices.com
2 tr.outbrain.com amplify.outbrain.com
secure.winred.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 connect.facebook.net secure.winred.com
connect.facebook.net
2 s.yimg.com secure.winred.com
s.yimg.com
2 sc-static.net www.googletagmanager.com
tr.snapchat.com
2 cdn.taboola.com www.googletagmanager.com
cdn.taboola.com
2 www.googleadservices.com www.googletagmanager.com
www.googleadservices.com
2 stats.g.doubleclick.net www.google-analytics.com
2 www.googletagmanager.com secure.winred.com
1 m.stripe.com m.stripe.network
1 sp.analytics.yahoo.com secure.winred.com
1 rp4.liadm.com secure.winred.com
1 rp.liadm.com 1 redirects
1 t.co secure.winred.com
1 analytics.twitter.com static.ads-twitter.com
1 855967303.privacysandbox.googleadservices.com secure.winred.com
1 ib.adnxs.com secure.winred.com
1 trc.taboola.com cdn.taboola.com
1 acdn.adnxs.com secure.winred.com
1 b-code.liadm.com www.googletagmanager.com
1 amplify.outbrain.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 app.revv.co secure.winred.com
1 trk.cp20.com 1 redirects
166 42

This site contains links to these domains. Also see Links.

Domain
winred.com
bit.ly
www.nrsc.org
Subject Issuer Validity Valid
www.winred.com
DigiCert SHA2 Extended Validation Server CA		 2021-10-05 -
2022-10-26		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2021-10-21 -
2022-02-02		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.revv.co
DigiCert SHA2 Secure Server CA		 2021-10-05 -
2022-09-16		 a year crt.sh
*.stripe.com
DigiCert SHA2 Secure Server CA		 2021-09-08 -
2022-09-07		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-21 -
2022-07-26		 a year crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2021-09-30 -
2022-03-30		 6 months crt.sh
*.outbrain.com
DigiCert SHA2 Secure Server CA		 2021-05-25 -
2022-06-01		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
sc-static.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-11 -
2022-02-15		 a year crt.sh
*.liadm.com
Amazon		 2021-03-02 -
2022-03-31		 a year crt.sh
*.api.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-12-20 -
2022-02-09		 2 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-10-01 -
2021-12-28		 3 months crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2021-03-11 -
2022-02-07		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.privacysandbox.googleadservices.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-24 -
2022-03-23		 a year crt.sh
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-24 -
2022-03-23		 a year crt.sh
tr.snapchat.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-01-19 -
2022-01-23		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
real.sp.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-10-19 -
2022-04-13		 6 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-02-02		 3 months crt.sh

This page contains 13 frames:

Primary Page: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Frame ID: 1923684611BC15E27DF7D1B3C59649A5
Requests: 68 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
Frame ID: 4DD6267F4427FFD0912D3B0CAD6F5150
Requests: 3 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
Frame ID: DDD67FA0E2F605CAC5B3681D24B8E9EF
Requests: 15 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
Frame ID: FD7B96751CBB145ADF24151939C59723
Requests: 7 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
Frame ID: 134E3F2E1D642E2D549E91F52EBA1749
Requests: 27 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-google-pay-e377fba000e6d5674faf6db30653e830.html
Frame ID: F08DD2CE02222C222A8B3C7E524D0D23
Requests: 5 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-fd6aae5c38e3d9a572618e39078828a8.html
Frame ID: CFC3CCF21BC4E02005FA570137E4E684
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 80E62CED610E154E6F7482B4752A2780
Requests: 5 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
Frame ID: F11C819FDF1F61EF096449B4F6BCB53A
Requests: 16 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=db23cbdb-20db-44d4-b6a5-07bc2f403227
Frame ID: 8E535F0D76334C931C578615A7D83E3A
Requests: 2 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/p?rand=1640010082987&pnid=140&pcid=c779c73c-5c93-42dd-99f3-501ccd4643b5
Frame ID: 5CA7115CB2D891E7B9EEC5809AE0E7A3
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 9F29E8481412193131EB14F829BB9C8B
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
Frame ID: F505B08594A2ACC56EA5E17883D61AE3
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

NRSC HQ

Page URL History Show full URLs

  1. https://trk.cp20.com/click/gh7c-3454r-1q4pk-4o9v4c0/ HTTP 302
    https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaig... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • pay\.google\.com/([a-z/]+)/pay\.js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js

Page Statistics

166
Requests

99 %
HTTPS

48 %
IPv6

29
Domains

42
Subdomains

37
IPs

2
Countries

2466 kB
Transfer

7525 kB
Size

39
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://trk.cp20.com/click/gh7c-3454r-1q4pk-4o9v4c0/ HTTP 302
    https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 108
  • https://rp.liadm.com/j?dtstmp=1640091667803&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fqeh9k6grxrk08xqqqskrvzx&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&wpn=lc-bundle&c=PHRpdGxlPk5SU0MgSFE8L3RpdGxlPjxtZXRhIGNvbnRlbnQ9IjxwIHN0eWxlPSZxdW90O3RleHQtYWxpZ246IGNlbnRlcjsmcXVvdDs-PHNwYW4gc3R5bGU9JnF1b3Q7Y29sb3I6ICMwMDAwMDA7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtc2l6ZTogMThwdDsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyZxdW90Oz5XaXNoIFByZXNpZGVudCBUcnVtcCAmYW1wO2FtcDsgRm9ybWVyIEZpcnN0IExhZHkgTWVsYW5pYSBhIE1lcnJ5IENocmlzdG1hczwvc3Bhbj48L3N0cm9uZz48L3NwYW4-PGIgaWQ9JnF1b3Q7ZG9jcy1pbnRlcm5hbC1ndWlkLTFhNmUwNmNiLTdmZmYtMTlmYy03NDgyLWIxZTdiZWU5ZWFkYyZxdW90Oz48L2I-PC9zcGFuPjwvcD4KPHAgc3R5bGU9JnF1b3Q7dGV4dC1hbGlnbjogY2VudGVyOyZxdW90Oz48c3BhbiBzdHlsZT0mcXVvdDtjb2xvcjogIzAwMDAwMDsmcXVvdDs-PHNwYW4gc3R5bGU9JnF1b3Q7dGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IGZvbnQtc2l6ZTogMThwdDsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyZxdW90Oz48L3NwYW4-PC9zdHJvbmc-PC9zcGFuPjwvc3Bhbj48L3A-CjxwPjxzcGFuIHN0eWxlPSZxdW90O2NvbG9yOiAjMDAwMDAwOyBmb250LXNpemU6IDEycHQ7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtZmFtaWx5OiBBcmlhbDsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsmcXVvdDs-V2Ugd2FudCB0byBnZXQgPC9zcGFuPjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtZmFtaWx5OiBBcmlhbDsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsmcXVvdDs-RVZFUlk8L3NwYW4-PHNwYW4gc3R5bGU9JnF1b3Q7Zm9udC1mYW1pbHk6IEFyaWFsOyBiYWNrZ3JvdW5kLWNvbG9yOiB0cmFuc3BhcmVudDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyZxdW90Oz4gUGF0cmlvdOKAmXMgc2lnbmF0dXJlIG9uIHRoZWlyIENocmlzdG1hcyBDYXJkIC0gY2FuIHdlIGluY2x1ZGUgeW91ciBuYW1lPzwvc3Bhbj48L3NwYW4-PC9wPgo8cD48c3BhbiBzdHlsZT0mcXVvdDtjb2xvcjogIzAwMDAwMDsgZm9udC1zaXplOiAxMnB0OyZxdW90Oz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7JnF1b3Q7Pjwvc3Bhbj48L3NwYW4-PC9wPgo8cD48c3BhbiBzdHlsZT0mcXVvdDt0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiBBcmlhbDsgY29sb3I6ICMwMDAwMDA7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsmcXVvdDs-UGxlYXNlIGFkZCB5b3VyIG5hbWUgSU1NRURJQVRFTFkgdG8gd2lzaCBQcmVzaWRlbnQgVHJ1bXAgYW5kIE1lbGFuaWEgYSBNZXJyeSBDaHJpc3RtYXMhPC9zcGFuPjwvc3Ryb25nPjwvc3Bhbj48L3A-IiBuYW1lPSJkZXNjcmlwdGlvbiI- HTTP 302
  • https://rp4.liadm.com/j?dtstmp=1640091667803&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fqeh9k6grxrk08xqqqskrvzx&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&wpn=lc-bundle&c=PHRpdGxlPk5SU0MgSFE8L3RpdGxlPjxtZXRhIGNvbnRlbnQ9IjxwIHN0eWxlPSZxdW90O3RleHQtYWxpZ246IGNlbnRlcjsmcXVvdDs-PHNwYW4gc3R5bGU9JnF1b3Q7Y29sb3I6ICMwMDAwMDA7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtc2l6ZTogMThwdDsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyZxdW90Oz5XaXNoIFByZXNpZGVudCBUcnVtcCAmYW1wO2FtcDsgRm9ybWVyIEZpcnN0IExhZHkgTWVsYW5pYSBhIE1lcnJ5IENocmlzdG1hczwvc3Bhbj48L3N0cm9uZz48L3NwYW4-PGIgaWQ9JnF1b3Q7ZG9jcy1pbnRlcm5hbC1ndWlkLTFhNmUwNmNiLTdmZmYtMTlmYy03NDgyLWIxZTdiZWU5ZWFkYyZxdW90Oz48L2I-PC9zcGFuPjwvcD4KPHAgc3R5bGU9JnF1b3Q7dGV4dC1hbGlnbjogY2VudGVyOyZxdW90Oz48c3BhbiBzdHlsZT0mcXVvdDtjb2xvcjogIzAwMDAwMDsmcXVvdDs-PHNwYW4gc3R5bGU9JnF1b3Q7dGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IGZvbnQtc2l6ZTogMThwdDsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyZxdW90Oz48L3NwYW4-PC9zdHJvbmc-PC9zcGFuPjwvc3Bhbj48L3A-CjxwPjxzcGFuIHN0eWxlPSZxdW90O2NvbG9yOiAjMDAwMDAwOyBmb250LXNpemU6IDEycHQ7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtZmFtaWx5OiBBcmlhbDsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsmcXVvdDs-V2Ugd2FudCB0byBnZXQgPC9zcGFuPjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtZmFtaWx5OiBBcmlhbDsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsmcXVvdDs-RVZFUlk8L3NwYW4-PHNwYW4gc3R5bGU9JnF1b3Q7Zm9udC1mYW1pbHk6IEFyaWFsOyBiYWNrZ3JvdW5kLWNvbG9yOiB0cmFuc3BhcmVudDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyZxdW90Oz4gUGF0cmlvdOKAmXMgc2lnbmF0dXJlIG9uIHRoZWlyIENocmlzdG1hcyBDYXJkIC0gY2FuIHdlIGluY2x1ZGUgeW91ciBuYW1lPzwvc3Bhbj48L3NwYW4-PC9wPgo8cD48c3BhbiBzdHlsZT0mcXVvdDtjb2xvcjogIzAwMDAwMDsgZm9udC1zaXplOiAxMnB0OyZxdW90Oz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7JnF1b3Q7Pjwvc3Bhbj48L3NwYW4-PC9wPgo8cD48c3BhbiBzdHlsZT0mcXVvdDt0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiBBcmlhbDsgY29sb3I6ICMwMDAwMDA7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsmcXVvdDs-UGxlYXNlIGFkZCB5b3VyIG5hbWUgSU1NRURJQVRFTFkgdG8gd2lzaCBQcmVzaWRlbnQgVHJ1bXAgYW5kIE1lbGFuaWEgYSBNZXJyeSBDaHJpc3RtYXMhPC9zcGFuPjwvc3Ryb25nPjwvc3Bhbj48L3A-IiBuYW1lPSJkZXNjcmlwdGlvbiI-&i6=MmEwZDo1NjAwOjk6NGIwMzpkMjo6MQ%3D%3D&n3pc=true
Request Chain 118
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/855967303/?random=238982345&cv=9&fst=1640091667702&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tiba=NRSC%20HQ&auid=694662879.1640091667&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=E9DBYa3gMIb6MZGWlJgK&sscte=1&crd=&eitems=ChAIgJOGjgYQvLzhrZmv1u5fEh0AjG9ZNpE-V_FgaSt6Aq8Yr_5Ex1GW_Wt99LllQg HTTP 302
  • https://www.google.com/pagead/1p-conversion/855967303/?random=238982345&cv=9&fst=1640091667702&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tiba=NRSC%20HQ&auid=694662879.1640091667&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=E9DBYa3gMIb6MZGWlJgK&cid=CAQSKQCNIrLMMGqE_JfPCP1r_R_sVvZoGPI3WSRcX0ZfEVpkCTyE1DLAekmK&eitems=ChAIgJOGjgYQvLzhrZmv1u5fEh0AjG9ZNhw_ucOIyXBOiApdd880qhf73j7wAl-q3Q&random=1309546003&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.ca/pagead/1p-conversion/855967303/?random=238982345&cv=9&fst=1640091667702&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tiba=NRSC%20HQ&auid=694662879.1640091667&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=E9DBYa3gMIb6MZGWlJgK&cid=CAQSKQCNIrLMMGqE_JfPCP1r_R_sVvZoGPI3WSRcX0ZfEVpkCTyE1DLAekmK&eitems=ChAIgJOGjgYQvLzhrZmv1u5fEh0AjG9ZNhw_ucOIyXBOiApdd880qhf73j7wAl-q3Q&random=1309546003&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAHd56D_hyCiyrs4KjYlAxzXWpy6NpkfskLPVSzGyG6fc42Y9LqCPsC1qcfGy1Mu88qf2W75nIsH8l-6v9cSC3-
Request Chain 123
  • https://tr.snapchat.com/cm/s?pnid=140&cb=1640091668160 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1640010082987%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1640010082987%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://tr.snapchat.com/cm/p?rand=1640010082987&pnid=140&pcid=c779c73c-5c93-42dd-99f3-501ccd4643b5

166 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request christmas-card-rs-cc
secure.winred.com/nrsc/
Redirect Chain
  • https://trk.cp20.com/click/gh7c-3454r-1q4pk-4o9v4c0/
  • https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amo...
42 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee3085de58c8ed1a0a5da77fee1429a83998fe96cc21b1232f6d2e2157e01b44
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
cache-control
no-store, no-cache, must-revalidate, private, max-age=0
x-revv-cache
Hit from Revv
x-request-id
a11c04d8-c3bb-4b82-bb28-989bd5f23027
x-runtime
0.033122
x-rack-cors
miss; no-origin
strict-transport-security
max-age=0; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6c114c146f09714a-YUL
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Location
https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Server
TRK02
Refresh
0; URL=https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Date
Tue, 21 Dec 2021 13:01:06 GMT
Content-Length
336
/
js.stripe.com/v3/ 		269 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
2f42bb7340fd21481c3d5316650aea407892c5256c299f24e6236680670f4951
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:00:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
43
x-cache
Hit from cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
access-control-allow-origin
*
last-modified
Mon, 20 Dec 2021 22:11:18 GMT
server
Cloudfront
etag
W/"4bd1f07506d63df5ddd3c9eaf7b7d400"
vary
Accept-Encoding,Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
iUeRCuRDJReaVlXV5qDeS458j7EI3WNTJLLVM56_dl5clxBI1h9cUg==
landing_page-4d8ad4ae71325632689399f3673f1196d135dd83520986c3531e8e646912ad13.css
secure.winred.com/assets/ 		217 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/assets/landing_page-4d8ad4ae71325632689399f3673f1196d135dd83520986c3531e8e646912ad13.css
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbe935971411b547760ad22c28a55c7573abd06b49bcd13a361444dc94fa1c0e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
6165
cf-polished
origSize=225723
last-modified
Fri, 03 Dec 2021 01:43:59 GMT
strict-transport-security
max-age=0; includeSubDomains
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
87Z32R0MDF838TXK
x-amz-id-2
bPoMTaa8DGvul/LUZyFNZQRxT7MYpF/7LdXksUnG3jwD+TSN7o/dIs8WsXQHGXW97w04RT8hwco=
cf-bgj
minify
server
cloudflare
etag
W/"9bd66b1efebd8bfddb9730e61146964c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
x-amz-version-id
tzVSTXYyLkLRTSTDBeRwPs8KVSDcmmSY
cf-ray
6c114c150801714a-YUL
expires
Tue, 21 Dec 2021 17:01:06 GMT
1639494402.css
secure.winred.com/stylesheets/rv_page_01fpwqkr3tss73e2tzqzar01xv/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/stylesheets/rv_page_01fpwqkr3tss73e2tzqzar01xv/1639494402.css
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ec663de33990b67d63068df41438ed4f4acfed8e240054952681b92679397ea
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-rack-cors
miss; no-origin
date
Tue, 21 Dec 2021 13:01:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
0
cf-polished
origSize=7176
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
a9e363cf-3cf9-4f5c-beff-efa5fb6b0795
x-runtime
0.028490
expires
Wed, 21 Dec 2022 18:50:18 GMT
last-modified
Tue, 21 Dec 2021 02:20:59 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=31556952
cf-ray
6c114c150803714a-YUL
cf-bgj
minify
js
maps.googleapis.com/maps/api/ 		154 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
6b27c8d189fa02734a7ac010a5c59dc7631ebc4a213a41e11520838c9af5d39e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
server-timing
gfet4t7; dur=20
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51494
x-xss-protection
0
expires
Tue, 21 Dec 2021 13:31:06 GMT
application-landing-page-36cd0a6085201393f2fabbfa8313d174e8533225bd2d05c67cfcfa56a4ecae3a.js
secure.winred.com/assets/ 		612 KB
172 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/assets/application-landing-page-36cd0a6085201393f2fabbfa8313d174e8533225bd2d05c67cfcfa56a4ecae3a.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f7fb4c1f2d3ee57a3767048afa62cdf8d4187c4f85ee32bdf91976c2bc72ad6
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
6165
cf-polished
origSize=627317
last-modified
Fri, 03 Dec 2021 01:43:58 GMT
strict-transport-security
max-age=0; includeSubDomains
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
87Z07885GEA9GYZ5
x-amz-id-2
C/S68yF8x+SELXUZUVaVp9IfxCwlqkAYC/GspMB4udQLIIPBWCOJyVgv82ziYJzuaOqh48kIQQc=
cf-bgj
minify
server
cloudflare
etag
W/"cbdde4319e62c173bcbb5df4621dfcbb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
x-amz-version-id
YktyhJTK4DpeR7OSNg_udb.E71SxF80Q
cf-ray
6c114c150804714a-YUL
expires
Tue, 21 Dec 2021 17:01:06 GMT
api.js
secure.winred.com/cdn-cgi/bm/cv/669835187/ 		35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/cdn-cgi/bm/cv/669835187/api.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
text/javascript
vary
Accept-Encoding
cache-control
max-age=604800, public
cf-ray
6c114c15ae9eecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
20210818_nrsc_pop-ups_swamp_popup.jpg
d35ligi1n5bgzc.cloudfront.net/widget_images/images/000/109/090/medium/ 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d35ligi1n5bgzc.cloudfront.net/widget_images/images/000/109/090/medium/20210818_nrsc_pop-ups_swamp_popup.jpg
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-109.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a145b900c6bc1b00f67ab00a36f47c0988e147ba4a19edf0168700abd2b2f427

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
1hczhJhAp1rreMBR8RN4AZI.sHOObwmt
via
1.1 5ec6b37107376867228d2ed46a794603.cloudfront.net (CloudFront)
etag
"2b06d39856aa664dfb8dce580c3471a8"
last-modified
Thu, 19 Aug 2021 14:41:20 GMT
server
AmazonS3
age
48025
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
date
Mon, 20 Dec 2021 23:40:41 GMT
x-amz-cf-pop
EWR53-C1
accept-ranges
bytes
content-length
106943
x-amz-cf-id
EdQ3hty5nphuTLT0BjUjGDJJG3R8AKM7UbscF-MC_2F0UPMMWkLJJg==
default-360x250.png
d35ligi1n5bgzc.cloudfront.net/profiles/images/000/012/048/square/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d35ligi1n5bgzc.cloudfront.net/profiles/images/000/012/048/square/default-360x250.png
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-109.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f38456ec82ed63fda4f038cb5f6cf4afcb11b28825242c0b1a1000a6b35bea23

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
g3HO94iOuW2BZonuVejzoTFgWKG9BruR
via
1.1 5ec6b37107376867228d2ed46a794603.cloudfront.net (CloudFront)
etag
"4d1514e7a61275dc48eb6284c6215857"
last-modified
Sat, 17 Jul 2021 18:30:35 GMT
server
AmazonS3
age
31132
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
date
Tue, 21 Dec 2021 04:22:15 GMT
x-amz-cf-pop
EWR53-C1
accept-ranges
bytes
content-length
9912
x-amz-cf-id
3DjO9jk8KiQpDl0ihD2iwczKpvBpVHdafO2anThnNqgZU0plGZr4fA==
win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png
secure.winred.com/assets/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.winred.com/assets/win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
0
cf-polished
origFmt=png, origSize=11635
content-length
8708
content-disposition
inline; filename="win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
7K72ARJSRWHCJTAZ
x-amz-id-2
K2nIkF65pGPBd4iWb/stEo/7WVlzng0wSgR+IS12rBdnfKeetuew0Xa4CSoXPQjlGGbBYe6jVW0=
expires
Tue, 21 Dec 2021 17:01:06 GMT
last-modified
Fri, 03 Dec 2021 01:44:00 GMT
server
cloudflare
etag
"972c0cca8d1e490484e89513f902e847"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
image/webp
vary
Accept
cache-control
public, max-age=14400
x-amz-version-id
K63c5mUJXjB8BJXiwVNYE564_vUXptcB
accept-ranges
bytes
cf-ray
6c114c164f07ecee-YUL
cf-bgj
imgq:85,h2pri
win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
secure.winred.com/assets/ 		19 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.winred.com/assets/win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
7047
content-type
image/svg+xml
strict-transport-security
max-age=0; includeSubDomains
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
H3XV5R17K2CRW1S2
x-amz-id-2
vCfWtFfwZt099c11b8IC2W8R4oVQ0w9svekhATUmzWHIjJ/Hptg6wrRxGLpc5EGxnoQfwPGX5to=
last-modified
Fri, 03 Dec 2021 01:44:00 GMT
server
cloudflare
etag
W/"d31530d4186af669daf4f47099614593"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
v5siAAop8r6zLHhL_vF5tua8J6jxBL9S
cache-control
public, max-age=14400
cf-ray
6c114c165f0becee-YUL
expires
Tue, 21 Dec 2021 17:01:06 GMT
gtm.js
www.googletagmanager.com/ 		262 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6fb41b1243fc6402e40b924f76f3103e7e255bb41ddc239dd362f12f5ce7fde0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64023
x-xss-protection
0
last-modified
Tue, 21 Dec 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 21 Dec 2021 13:01:06 GMT
gtm.js
www.googletagmanager.com/ 		230 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5851faa09c1a329179229032ff1e58c9df1e7798af33fa1a90c4d6ba9a2766ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
78138
x-xss-protection
0
last-modified
Tue, 21 Dec 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 21 Dec 2021 13:01:06 GMT
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://secure.winred.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
vary
Origin, X-Origin, Referer
content-length
23
x-xss-protection
0
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1207
date
Tue, 21 Dec 2021 12:40:59 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 21 Dec 2021 14:40:59 GMT
20211105_Fundraising_Christmas_WR_V1_Desktop_%283%29.png
d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/129/411/large/ 		235 KB
235 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/129/411/large/20211105_Fundraising_Christmas_WR_V1_Desktop_%283%29.png
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/stylesheets/rv_page_01fpwqkr3tss73e2tzqzar01xv/1639494402.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-109.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
15ee5bb729c7241692e808ebc1c5a1c299c22f3f94921ed10cc002aa65cebef7

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Tue, 21 Dec 2021 06:44:44 GMT
via
1.1 5ec6b37107376867228d2ed46a794603.cloudfront.net (CloudFront)
last-modified
Fri, 05 Nov 2021 21:01:45 GMT
server
AmazonS3
age
22583
etag
"528ac1b32172781f989218324e9c0ca5"
x-cache
Hit from cloudfront
x-amz-version-id
EceULUYXfZjC5t7jWlCXJzGeAILnFBxU
x-amz-cf-pop
EWR53-C1
accept-ranges
bytes
content-type
image/png
content-length
240445
x-amz-cf-id
zdLIuiBUSl53wh8rMkDuUzTFEIBGd0C86z4R8zCHBZl8nQPmqhoF2g==
icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.png
secure.winred.com/assets/ 		290 B
939 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.winred.com/assets/icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.png
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/assets/landing_page-4d8ad4ae71325632689399f3673f1196d135dd83520986c3531e8e646912ad13.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96b04ef160f8b50520a48707a452fecdd6e6771c643706d5949020a2dea15962
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/assets/landing_page-4d8ad4ae71325632689399f3673f1196d135dd83520986c3531e8e646912ad13.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:06 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
0
cf-polished
origFmt=png, origSize=560
content-length
290
content-disposition
inline; filename="icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
T660T4FN20KKBY1F
x-amz-id-2
00ecAL2mT+CHBxI1x+srGqwNzpUYaAuoJAH6pzW6PYBqAbJsCyZQwdBXVsEi/CqxIyGV+QVfx/o=
expires
Tue, 21 Dec 2021 17:01:06 GMT
last-modified
Fri, 03 Dec 2021 01:43:59 GMT
server
cloudflare
etag
"571ee659b7ee9af9291e7dd8176721d5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
content-type
image/webp
vary
Accept
cache-control
public, max-age=14400
x-amz-version-id
vUOvaIxKYSZ_97zG3Kyeyxfqn5Q2rSMg
accept-ranges
bytes
cf-ray
6c114c165f0fecee-YUL
cf-bgj
imgq:85,h2pri
m-outer-f7902241893e7a497417843cb15dc858.html
js.stripe.com/v3/ Frame 4DD6 		240 B
958 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
1969520bd7b0ea7b84b1cbdda4a8ae93c321abe6eaeff82b5fa496680bf88a0f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/

Response headers

content-type
text/html; charset=utf-8
content-length
240
last-modified
Wed, 27 Oct 2021 22:19:31 GMT
accept-ranges
bytes
server
Cloudfront
access-control-allow-origin
*
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-security-policy
default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
timing-allow-origin
*
date
Tue, 21 Dec 2021 13:00:11 GMT
cache-control
max-age=60
etag
"f7902241893e7a497417843cb15dc858"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
Ba633sZvJTddlvr60qp7S-qAlSOudzJRScC5kWwiVr9XiQuGJ1g1dg==
age
55
controller-165f07355f9174b10cc50cf7585ea1cb.html
js.stripe.com/v3/ Frame DDD6 		349 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
93ce72e716dd07139bda56b0046e33564b1a8515821c67b4bdb19eac05b00f62
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/

Response headers

content-type
text/html; charset=utf-8
content-length
349
last-modified
Mon, 20 Dec 2021 22:00:25 GMT
accept-ranges
bytes
server
Cloudfront
access-control-allow-origin
*
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-security-policy
default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
timing-allow-origin
*
date
Tue, 21 Dec 2021 13:00:32 GMT
cache-control
max-age=60
etag
"165f07355f9174b10cc50cf7585ea1cb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
1umaOR21qVO3brtGEEYSeQ4XSbSyyPLtvYjT3X7WD14rhD_lua8UKg==
age
41
elements-inner-card-a6504878a0df373090830b160461378b.html
js.stripe.com/v3/ Frame FD7B 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
eb7ee9a5cc25f702210cf4d6401143b4d173db35c0c9d8e2caf50f203d3a3cbc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/

Response headers

content-type
text/html; charset=utf-8
last-modified
Mon, 20 Dec 2021 22:00:25 GMT
server
Cloudfront
access-control-allow-origin
*
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-security-policy
default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
timing-allow-origin
*
content-encoding
gzip
date
Tue, 21 Dec 2021 13:01:07 GMT
cache-control
max-age=60
etag
W/"a6504878a0df373090830b160461378b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
JPFHiP3FzTGf-qtsyWVDJQ6EE1WFx4XaI6FfIYedh0Bb7hsO7ohJXA==
current_with_info
app.revv.co/api/v3/users/ 		162 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.revv.co/api/v3/users/current_with_info?organization_token=rv_org_6KNvU36Z2qWJ2gfUBWqGZGoc&redirect=https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-36cd0a6085201393f2fabbfa8313d174e8533225bd2d05c67cfcfa56a4ecae3a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:9c15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
094e1ad586648c7405b1dfd1a5c540e79e18f9bf12d1f57c1bf2cbfa629a3f8c
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://secure.winred.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-rack-cors-original-access-control-allow-origin
https://secure.winred.com
date
Tue, 21 Dec 2021 13:01:07 GMT
x-rack-cors-original-access-control-max-age
0
x-rack-cors-original-access-control-allow-credentials
true
cf-cache-status
DYNAMIC
x-rack-cors-original-access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
0
x-rack-cors-original-access-control-expose-headers
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id
42de1639-4e6c-47c3-b6b4-d1abb9f76157
x-runtime
0.010130
server
cloudflare
etag
W/"094e1ad586648c7405b1dfd1a5c540e7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/vnd.api+json
access-control-allow-origin
https://secure.winred.com
vary
Origin
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
cf-ray
6c114c174d617151-YUL
x-rack-cors
hit
x-content-type-options
nosniff
access-control-expose-headers
controller-165f07355f9174b10cc50cf7585ea1cb.html
js.stripe.com/v3/ Frame 134E 		349 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
93ce72e716dd07139bda56b0046e33564b1a8515821c67b4bdb19eac05b00f62
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/

Response headers

content-type
text/html; charset=utf-8
content-length
349
last-modified
Mon, 20 Dec 2021 22:00:25 GMT
accept-ranges
bytes
server
Cloudfront
access-control-allow-origin
*
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-security-policy
default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
timing-allow-origin
*
date
Tue, 21 Dec 2021 13:00:32 GMT
cache-control
max-age=60
etag
"165f07355f9174b10cc50cf7585ea1cb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
iFcv6qteRGAcdXRMEBkhb-h2qS1drLYCw5UXGUqWVFhDhNw760zgow==
age
41
payment-request-inner-google-pay-e377fba000e6d5674faf6db30653e830.html
js.stripe.com/v3/ Frame F08D 		434 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/payment-request-inner-google-pay-e377fba000e6d5674faf6db30653e830.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
5f791f2065a8c9e1ae008b593f64979cc77557ca7bae21b47eb2177a25a69a52
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self' https://pay.google.com; style-src 'self' 'unsafe-inline'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/

Response headers

content-type
text/html; charset=utf-8
content-length
434
last-modified
Mon, 20 Dec 2021 22:00:33 GMT
accept-ranges
bytes
server
Cloudfront
access-control-allow-origin
*
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-security-policy
default-src 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self' https://pay.google.com; style-src 'self' 'unsafe-inline'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; report-uri https://q.stripe.com/csp-report
timing-allow-origin
*
date
Tue, 21 Dec 2021 13:00:34 GMT
cache-control
max-age=60
etag
"e377fba000e6d5674faf6db30653e830"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
NTJpcPnAoVKtwQmn5JFn5ZnyI08x5wwgxU2WM3Y6OFlqOAe2Xb12Kg==
age
34
payment-request-inner-browser-fd6aae5c38e3d9a572618e39078828a8.html
js.stripe.com/v3/ Frame CFC3 		370 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/payment-request-inner-browser-fd6aae5c38e3d9a572618e39078828a8.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
17beff14c8c89d003a2eb1696cd5f48ed01deb2045d4c0190e80b722b0829df9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/

Response headers

content-type
text/html; charset=utf-8
content-length
370
last-modified
Mon, 20 Dec 2021 22:00:25 GMT
accept-ranges
bytes
server
Cloudfront
access-control-allow-origin
*
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-security-policy
default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://pay.google.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
timing-allow-origin
*
date
Tue, 21 Dec 2021 13:00:32 GMT
cache-control
max-age=60
etag
"fd6aae5c38e3d9a572618e39078828a8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
CUFmK3kUamifAVRUgJJFtltEIxEilb6vFBtSo_0AaqTqvxp9enZzDA==
age
35
csp-report
q.stripe.com/ Frame 4DD6 		0
346 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
server
nginx
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
x-envoy-upstream-service-time
2
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length
0
csp-report
q.stripe.com/ Frame DDD6 		0
346 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
server
nginx
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
x-envoy-upstream-service-time
1
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length
0
csp-report
q.stripe.com/ Frame FD7B 		0
346 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
server
nginx
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
x-envoy-upstream-service-time
1
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length
0
csp-report
q.stripe.com/ Frame 134E 		0
346 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
server
nginx
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
x-envoy-upstream-service-time
1
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length
0
csp-report
q.stripe.com/ Frame F08D 		0
346 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
server
nginx
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
x-envoy-upstream-service-time
2
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length
0
csp-report
q.stripe.com/ Frame CFC3 		0
347 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
server
nginx
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
x-envoy-upstream-service-time
2
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length
0
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1662619249&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&ul=en-us&de=UTF-8&dt=NRSC%20HQ&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1287454762&gjid=1278217415&cid=1668169841.1640091667&tid=UA-23419263-1&_gid=952362482.1640091667&_r=1&_slc=1&z=1761713632
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://secure.winred.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
m-outer-639174098ea8fe7fede6fa654790e8ec.js
js.stripe.com/v3/fingerprinted/js/ Frame 4DD6 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-639174098ea8fe7fede6fa654790e8ec.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/m-outer-f7902241893e7a497417843cb15dc858.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
55
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:14 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 25 Oct 2021 19:35:20 GMT
server
Cloudfront
etag
W/"5213886b88cd72e6d0aebc89868e5d13"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
HRygNf4frEUpkmF6xrYT-sCMQlrVMqLxyNCVkiyivbxPtVjqSa4OVA==
shared-acf33b06d6d76130df5c048ea078a213.js
js.stripe.com/v3/fingerprinted/js/ Frame DDD6 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
69f5cce133b2f1a38396e72a66a4091fb471a5f4642903393f028c1e362ff9b2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
59
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:09 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 20 Dec 2021 22:00:26 GMT
server
Cloudfront
etag
W/"37a90f9260462bb02881b86994e5b047"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
A3dGFv59tlTUy_dqPri7XG3o9KCx9gwUDRktM4K_MaAJIjd2TqLLKQ==
controller-f5defcbabb3286a437c4f6c0112a75b5.js
js.stripe.com/v3/fingerprinted/js/ Frame DDD6 		309 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/controller-f5defcbabb3286a437c4f6c0112a75b5.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
af34a7c112231439d5ee0d083e2d36ebd4edd2ecd5a34fc7b99bde8112646664
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
37
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:32 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 20 Dec 2021 22:00:28 GMT
server
Cloudfront
etag
W/"edbd95762483b0c626ca772ba0505b8b"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
b86m5NS9-_xXHh1zdEbTh7tb3oL3lbRqn0xNIzk-vnwQKypKe83sQQ==
ui-shared-46e93b3755a485133d7e5e7e1db48eaf.css
js.stripe.com/v3/fingerprinted/css/ Frame FD7B 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/css/ui-shared-46e93b3755a485133d7e5e7e1db48eaf.css
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
d9f33ed9fdd936a670993b9a8e6ca44e7a358d0f7b217b6c6638b502f66a8015
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR50-C1
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Wed, 03 Nov 2021 22:14:27 GMT
server
Cloudfront
etag
W/"7c0a4ba6a732ed01cc27774f97bbe8bd"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
lCwYxCdQNBBc50umIFN9S0lreTK7uL1PVsVMqHHac_U64Os_HhWajQ==
shared-acf33b06d6d76130df5c048ea078a213.js
js.stripe.com/v3/fingerprinted/js/ Frame FD7B 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
69f5cce133b2f1a38396e72a66a4091fb471a5f4642903393f028c1e362ff9b2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
59
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:09 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 20 Dec 2021 22:00:26 GMT
server
Cloudfront
etag
W/"37a90f9260462bb02881b86994e5b047"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
jzuYcIYi6GV8Qmxe9s1CXE-SMiVvLCGtVWrStjtCBr1WJIQ5Ep6f2Q==
ui-shared-33cfbc46d3bc2ef99c5386365de528e3.js
js.stripe.com/v3/fingerprinted/js/ Frame FD7B 		216 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/ui-shared-33cfbc46d3bc2ef99c5386365de528e3.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
c2d1c1bde03b00b550ade5bb8da528021d17b57d0a1eede0db854b3209a5ccec
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR50-C1
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Tue, 14 Dec 2021 19:41:48 GMT
server
Cloudfront
etag
W/"6eb3258128d57112afb69b0cdc5dbec1"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
hslu3OVOiUU1YWJ5Ne4oqUKZdbtBaBzuMEY4FHllGfTkdllZiyVL7w==
elements-inner-card-f168cb5e237dc04a5625532edb08f52d.js
js.stripe.com/v3/fingerprinted/js/ Frame FD7B 		46 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/elements-inner-card-f168cb5e237dc04a5625532edb08f52d.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
d0c4620ce8318742733f6d4b9ff6881018b9b2c51b2ae13f16dfc284461faa73
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR50-C1
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Thu, 18 Nov 2021 21:18:10 GMT
server
Cloudfront
etag
W/"64ac4bf7f6b6d9ed8cee940c632f347f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
aLPLbumNgNPRZEqknBODVyHnBYAihRxnM1eBAdjCZRPJeU7AZXEwtw==
shared-acf33b06d6d76130df5c048ea078a213.js
js.stripe.com/v3/fingerprinted/js/ Frame 134E 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
69f5cce133b2f1a38396e72a66a4091fb471a5f4642903393f028c1e362ff9b2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
59
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:09 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 20 Dec 2021 22:00:26 GMT
server
Cloudfront
etag
W/"37a90f9260462bb02881b86994e5b047"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
YIWhCKr4GXmmw79CyeMuJjjlfgjMcxc2c3N8y0Yy_kfhiDZD0cE1AA==
controller-f5defcbabb3286a437c4f6c0112a75b5.js
js.stripe.com/v3/fingerprinted/js/ Frame 134E 		309 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/controller-f5defcbabb3286a437c4f6c0112a75b5.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
af34a7c112231439d5ee0d083e2d36ebd4edd2ecd5a34fc7b99bde8112646664
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/controller-165f07355f9174b10cc50cf7585ea1cb.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
37
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:32 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 20 Dec 2021 22:00:28 GMT
server
Cloudfront
etag
W/"edbd95762483b0c626ca772ba0505b8b"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
JuezH_7acastAFKk0SSaKheACRLveD-wfLKmiJLgL3P7ofzvJ-ToCA==
pay.js
pay.google.com/gp/p/js/ Frame F08D 		95 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/js/pay.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-e377fba000e6d5674faf6db30653e830.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c08::5c Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
111f1700ccb35898fa18b3bbf8eb1d0b0f6e7f744cf9fa6e59e5a2723dd9f20f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-GHjzp5/HppN4akwLQKm6Ww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-GHjzp5/HppN4akwLQKm6Ww' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private, max-age=600
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'report-sample' 'nonce-GHjzp5/HppN4akwLQKm6Ww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-GHjzp5/HppN4akwLQKm6Ww' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Tue, 21 Dec 2021 13:01:07 GMT
shared-acf33b06d6d76130df5c048ea078a213.js
js.stripe.com/v3/fingerprinted/js/ Frame F08D 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-e377fba000e6d5674faf6db30653e830.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
69f5cce133b2f1a38396e72a66a4091fb471a5f4642903393f028c1e362ff9b2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/payment-request-inner-google-pay-e377fba000e6d5674faf6db30653e830.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
59
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:09 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 20 Dec 2021 22:00:26 GMT
server
Cloudfront
etag
W/"37a90f9260462bb02881b86994e5b047"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
ptKtkBQ1EJXFUa-sJipIcKlcbAq9Qh0CGPL-NePFLqACHKvQb1GhVw==
payment-request-inner-google-pay-5e439d520ede429b331d0ce50c30566f.js
js.stripe.com/v3/fingerprinted/js/ Frame F08D 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-google-pay-5e439d520ede429b331d0ce50c30566f.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-google-pay-e377fba000e6d5674faf6db30653e830.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
7a1932aa34ccfff4e12c70801d4552b48dd2ba496538bfba9ed6decbc6969ade
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/payment-request-inner-google-pay-e377fba000e6d5674faf6db30653e830.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
53
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:15 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Tue, 14 Dec 2021 19:41:48 GMT
server
Cloudfront
etag
W/"644c0a539378705d2075a532d38f5e6e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
o6FMuba4Uyqko0QKP0zR3_Cn3rzukevHrZvBfNZNrWZFQ3zCQrOGpA==
shared-acf33b06d6d76130df5c048ea078a213.js
js.stripe.com/v3/fingerprinted/js/ Frame CFC3 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-fd6aae5c38e3d9a572618e39078828a8.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
69f5cce133b2f1a38396e72a66a4091fb471a5f4642903393f028c1e362ff9b2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/payment-request-inner-browser-fd6aae5c38e3d9a572618e39078828a8.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
59
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:09 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 20 Dec 2021 22:00:26 GMT
server
Cloudfront
etag
W/"37a90f9260462bb02881b86994e5b047"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
1jGTCcxYSV_5_Q7igjj0Wj-T36DErL-cowkJWaEFfRgMiBxUM-I2FQ==
payment-request-inner-browser-f2a776258b5d03fabd63ccb663dcf89a.js
js.stripe.com/v3/fingerprinted/js/ Frame CFC3 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-browser-f2a776258b5d03fabd63ccb663dcf89a.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/payment-request-inner-browser-fd6aae5c38e3d9a572618e39078828a8.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
71a55578d53e666ef644669139972f47092d97114a67c8b251f155ef6c19c15d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/payment-request-inner-browser-fd6aae5c38e3d9a572618e39078828a8.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
46
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:22 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 25 Oct 2021 19:35:22 GMT
server
Cloudfront
etag
W/"10d818482d8e44820136b10d6f9b02e4"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
T_bE6DaEU1ThUppUuTosIBVQX3E74323eTj-84I3xvH8Sjndw7qK8g==
collect
stats.g.doubleclick.net/j/ 		4 B
443 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-73658561-7&cid=1668169841.1640091667&jid=1143075784&gjid=1823707651&_gid=952362482.1640091667&_u=aGDAiEABBAAAAG~&z=1482800865
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4023:1404::9a Columbus, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 21 Dec 2021 13:01:07 GMT
content-type
text/plain
access-control-allow-origin
https://secure.winred.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1662619249&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&ul=en-us&de=UTF-8&dt=NRSC%20HQ&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiEABBAAAAC~&jid=1143075784&gjid=1823707651&cid=1668169841.1640091667&tid=UA-73658561-7&_gid=952362482.1640091667&gtm=2wgc10NTQZ9N&cd61=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&z=1046473885
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 01:48:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
40368
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1662619249&t=event&ni=0&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&ul=en-us&de=UTF-8&dt=NRSC%20HQ&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=donation%20landing%20page&ea=user%20session%20start&el=landing%20page%20settings&_u=aGDAiEABBAAAAG~&jid=&gjid=&cid=1668169841.1640091667&tid=UA-73658561-7&_gid=952362482.1640091667&gtm=2wgc10NTQZ9N&cd41=anonymous&cd58=f&cd61=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&z=1332348035
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 01:48:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
40368
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
7317a02358b2b617ba0934b570c313ee76f29176c4821a9a5fd1656413e5f41b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14333
x-xss-protection
0
server
cafe
etag
8469929769973419123
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 21 Dec 2021 13:01:07 GMT
uwt.js
static.ads-twitter.com/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.64.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
last-modified
Thu, 16 Sep 2021 23:12:14 GMT
etag
"8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
5410
x-served-by
cache-iad-kjyo7100113-IAD, cache-wdc5525-WDC
bat.js
bat.bing.com/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
90bd855f92aec63cef7a79cd868ffc8b0923a4eded158336fc3eb213fbe90166

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
last-modified
Wed, 01 Dec 2021 21:48:46 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E523BEA2A3EB4B2E85ABFEB9F02C908D Ref B: YMQ01EDGE0417 Ref C: 2021-12-21T13:01:07Z
etag
"0b35237fde6d71:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
10224
obtp.js
amplify.outbrain.com/cp/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://amplify.outbrain.com/cp/obtp.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.190 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
998d9415269d92557b561a936955f7590d5052865044a9191a528b5a36f3afc9

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 21 Dec 2021 13:01:07 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Oct 2021 12:12:10 GMT
Server
AkamaiNetStorage
ETag
"973e2603f46b719eecf8139c22b897a0:1633349530.816673"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=1200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3150
Expires
Tue, 21 Dec 2021 13:21:07 GMT
tfa.js
cdn.taboola.com/libtrc/unip/1409910/ 		75 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ddd2d4b48fd6c3547c236f881fa2a246b6ec91146fde4925d59fdba17b202024

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
qyNumW9teDjkIgVr12y665O127JH9ABJ
content-encoding
gzip
etag
"ee414acabfba099c79737ce87b1794cd"
age
0
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
24955
x-amz-id-2
YZDCpmlyUhqv1yC7BK8Lq63IHBvHKy/iC2jJKEPpL7LAuLWjz3hjyDE7rNHnOVabulx8Eo+9AbM=
x-served-by
cache-yul12833-YUL
last-modified
Mon, 13 Dec 2021 13:04:26 GMT
server
AmazonS3
x-timer
S1640091667.397721,VS0,VE0
date
Tue, 21 Dec 2021 13:01:07 GMT
vary
Accept-Encoding
x-amz-request-id
XTCEGZMRJ7GJAFRC
via
1.1 varnish
cache-control
private,max-age=14401
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
45
x-cache-hits
1
scevent.min.js
sc-static.net/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-61.ewr53.r.cloudfront.net
Software
CloudFront /
Resource Hash
86cef2add30bc2d72060cfa9bac755d279fbab4894012fac0db3aed74ef96dd4

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
server
CloudFront
x-amz-cf-pop
EWR53-C1
x-cache
LambdaGeneratedResponse from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, s-maxage=0, max-age=600
access-control-allow-headers
Content-Type
content-length
6867
via
1.1 19f59f4851bd1754171a506ce0726a08.cloudfront.net (CloudFront)
x-amz-cf-id
1DICJA2VU__VUESik3jC-6NlETLYwX1UouMGsMcHYSSyEuSzJLstmA==
a-00r9.min.js
b-code.liadm.com/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b-code.liadm.com/a-00r9.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:e600:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ZIO-Http /
Resource Hash
7526f8a344eb37a7785c1e8b21f8b53ed5b0bbc07f1a247eb03075d3694ebdd6

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 20 Dec 2021 22:08:05 GMT
via
1.1 df1151801209e878a7d395961b098b21.cloudfront.net (CloudFront)
server
ZIO-Http
age
53582
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-pop
EWR53-C3
content-encoding
gzip
x-amz-cf-id
2k8La8EWZtCbDILFJGSwvRl1_Pk7YDkdVWYP69VeRphrsF6YXNXprg==
ytc.js
s.yimg.com/wi/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4998:14:800::1001 Ashburn, United States, ASN14777 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
759d6f0c1292d86d24d7abe7ad9a2cd1d86df0041260f98186ccfa26c7daab62
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

ats-carp-promotion
1
date
Tue, 21 Dec 2021 12:43:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1083
x-amz-server-side-encryption
AES256
vary
Origin, Accept-Encoding
content-length
5652
x-amz-id-2
uaURSnFCJUoz1xIVR+IQolsjMhIQr3XNwPWIjtNIWZKJeg36/WWKmXw5jSPgOG3kywtTM8ftSB8=
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Sat, 10 Dec 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Thu, 04 Nov 2021 15:26:13 GMT
server
ATS
etag
"146f99405588b7446958a732612c901d-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
PP1XNH7GCK6Q1PT6
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
x-amz-version-id
pCmRUUjnQE9zqMEfVdrNnyYpaPAyW8Do
accept-ranges
bytes
content-type
application/javascript
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
n9Xjr59OomqWZXvvHWF8mFLWeU2b/cK/4Nc7NXpklWvOhKAlTp6MnZYmMNc8bFYhpJ700eeJ6wkvm6wvJX6o6A==
x-fb-trip-id
1512268381
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Tue, 21 Dec 2021 13:01:07 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixie.js
acdn.adnxs.com/dmp/up/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/up/pixie.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.160.130 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-160-130.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 21 Dec 2021 13:01:07 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Jun 2021 15:04:00 GMT
X-Serial
327
X-Akamai-Pragma-Client-IP
23.33.238.118, 68.183.148.185
ETag
"60b79de0-23b3"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
X-Check-Cacheable
YES
Cache-Control
max-age=86402
Connection
keep-alive
Content-Length
3340
Server
nginx/1.18.0 (Ubuntu)
Expires
Wed, 22 Dec 2021 13:01:09 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-23419263-1&cid=1668169841.1640091667&jid=1287454762&gjid=1278217415&_gid=952362482.1640091667&_u=IEBAAEAAAAAAAC~&z=1383703461
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4023:1404::9a Columbus, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 21 Dec 2021 13:01:07 GMT
content-type
text/plain
access-control-allow-origin
https://secure.winred.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
result
secure.winred.com/cdn-cgi/bm/cv/ 		0
535 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/cdn-cgi/bm/cv/result?req_id=6c114c146f09714a
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/cdn-cgi/bm/cv/669835187/api.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/json

Response headers

strict-transport-security
max-age=0; includeSubDomains
x-content-type-options
nosniff
server
cloudflare
date
Tue, 21 Dec 2021 13:01:07 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
cf-ray
6c114c193937ecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
inner.html
m.stripe.network/ Frame 80E6 		932 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-639174098ea8fe7fede6fa654790e8ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21ea:c800:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd
Security Headers
Name Value
Content-Security-Policy connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/

Response headers

content-type
text/html; charset=utf-8
content-length
932
last-modified
Thu, 04 Nov 2021 19:04:57 GMT
accept-ranges
bytes
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
x-content-type-options
nosniff
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://m.stripe.com; default-src 'none'; font-src 'self'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy
connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
date
Tue, 21 Dec 2021 12:59:20 GMT
cache-control
max-age=300, public
etag
"f6254e6dd0cb06228801a1c8baf0939f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 c267e55887d5d0922d95439137f937dd.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
gTvdhpdpQqXgBk3sPgGRhOYQfw4V3MEIHf-NGnRdBssCPHjf0X1Z-g==
age
107
payframe
pay.google.com/gp/p/ui/ Frame F11C 		17 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c08::5c Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
122690b32ed1a45c5e2eed195f3d8eb74eccef96755ce498ae3380a7a9ba414e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-9caSx078hcwct4r6tNKUVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-9caSx078hcwct4r6tNKUVg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/

Response headers

content-type
text/html; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible
IE=edge
expires
Tue, 21 Dec 2021 13:01:07 GMT
date
Tue, 21 Dec 2021 13:01:07 GMT
cache-control
private, max-age=3600
strict-transport-security
max-age=31536000
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site
content-security-policy
script-src 'report-sample' 'nonce-9caSx078hcwct4r6tNKUVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-9caSx078hcwct4r6tNKUVg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
countryRanges-ed6f8980af15d82ca172d25916879a5c.json
js.stripe.com/v3/fingerprinted/data/ Frame FD7B 		143 KB
36 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/data/countryRanges-ed6f8980af15d82ca172d25916879a5c.json
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
5785c083b1cf0a752958975ebf6365d60896c3e809e7fd9bd94dc6e11bc75004
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://js.stripe.com/v3/elements-inner-card-a6504878a0df373090830b160461378b.html
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR50-C1
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 25 Oct 2021 19:35:30 GMT
server
Cloudfront
etag
W/"ed6f8980af15d82ca172d25916879a5c"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
zRHoyI6kesk_WVxg24tqep9Nohzv-lVljmdcU2ZIE5727M-MIXtezg==
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-73658561-7&cid=1668169841.1640091667&jid=1143075784&_u=aGDAiEABBAAAAG~&z=1526697180
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-73658561-7&cid=1668169841.1640091667&jid=1143075784&_u=aGDAiEABBAAAAG~&z=1526697180
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-23419263-1&cid=1668169841.1640091667&jid=1287454762&_u=IEBAAEAAAAAAAC~&z=2091047621
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-23419263-1&cid=1668169841.1640091667&jid=1287454762&_u=IEBAAEAAAAAAAC~&z=2091047621
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
trc.taboola.com/1409910/trc/3/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/1409910/trc/3/json?tim=1640091667582&data=%7B%22id%22%3A772%2C%22ii%22%3A%22%2Fnrsc%2Fchristmas-card-rs-cc%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1640091667570%2C%22cv%22%3A%2220211213-1-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dnrsc-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1640091667581%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50%22%2C%22tos%22%3A5%2C%22ssd%22%3A1%2C%22scd%22%3A46%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5340aa7ab7328008e54f93d83814fb0bf56b4ea3be496bea96cda6cff5715810

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms
19
date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
server
nginx
x-timer
S1640091668.592330,VS0,VE19
x-served-by
cache-yul12833-YUL
vary
Accept-Encoding
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
access-control-allow-credentials
true
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
via
1.1 varnish
x-cache-hits
0
csp-report
q.stripe.com/ Frame 80E6 		0
121 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://m.stripe.network/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
x-envoy-upstream-service-time
14
server
nginx
content-length
0
strict-transport-security
max-age=31556926; includeSubDomains; preload
csp-report
q.stripe.com/ Frame 80E6 		0
121 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://m.stripe.network/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
x-envoy-upstream-service-time
13
server
nginx
content-length
0
strict-transport-security
max-age=31556926; includeSubDomains; preload
cachedClickId
tr.outbrain.com/ 		35 B
239 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr.outbrain.com/cachedClickId?marketerId=00a57e16539986d0eda5fcb3cdf025defc
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
X-TraceId
5d2a719a661328402d4f8933bcd6b856
Content-Length
56
Content-Type
application/javascript
unifiedPixel
tr.outbrain.com/ 		43 B
256 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.outbrain.com/unifiedPixel?marketerId=00a57e16539986d0eda5fcb3cdf025defc&obApiVersion=1.0-gtm&obtpVersion=1.5.2&name=PAGE_VIEW&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&optOut=false&bust=033905343205353367
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 21 Dec 2021 13:01:07 GMT
Cache-Control
no-cache
X-TraceId
2f80a4f3405128fa164e5329e21f8d6e
content-encoding
gzip
Content-Length
60
Content-Type
image/gif;
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame F11C 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c08::5c Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
referrer-policy
no-referrer
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1608
content-type
text/html; charset=UTF-8
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
pixie
ib.adnxs.com/ 		42 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/pixie?e=PageView&pi=26e1b8dd-a273-4727-b1c1-de9229a26953&it=1640091667652&v=0.0.20&u=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&st=1640091667651&et=1640091667652&if=0
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.134 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
670.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 21 Dec 2021 13:01:07 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx/1.17.9
Connection
keep-alive
X-Proxy-Origin
37.120.205.173; 37.120.205.173; 670.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
Content-Length
42
Content-Type
image/gif
726955087976350
connect.facebook.net/signals/config/ 		306 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/726955087976350?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d2faeda140d9ebdb133e44b31a5174a0c8864bb2be4caada87f7616895a90c05
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
89288
x-xss-protection
0
pragma
public
x-fb-debug
i0XlkZUazGEEXnSbnJSEZgwrCFMOv4uIB6pNFie4RJc0AStlNyYnsi8t6yQ1XFhCDMcXSehJPsGCeT4PWjspmA==
x-frame-options
DENY
date
Tue, 21 Dec 2021 13:01:07 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
10099393.json
s.yimg.com/wi/config/ 		2 B
449 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/config/10099393.json
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4998:14:800::1001 Ashburn, United States, ASN14777 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 12:56:19 GMT
x-content-type-options
nosniff
age
288
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id
A25906N3QQCE3Y7Q
x-amz-id-2
yguQNzdGVgbJCV4bbyPOtjh4iJiD052NLzN5Lp8Q1nctIIkUTSZ+fAnYAvyFWVf1rCD5wlOVS3U=
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
content-length
2
5576699.js
bat.bing.com/p/action/ 		0
94 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5576699.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 21 Dec 2021 13:01:07 GMT
cache-control
private,max-age=1800
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E9020F3B0BFD43268C4904029CBDAEB9 Ref B: YMQ01EDGE0417 Ref C: 2021-12-21T13:01:07Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
151 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5576699&tm=gtm002&Ver=2&mid=9fc68c47-a594-48c0-abfa-a648772b7cb2&sid=10054b60625e11ecadc679a421d18965&vid=10056dc0625e11ec96baf9acbd405496&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=NRSC%20HQ&p=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&r=&lt=660&evt=pageLoad&msclkid=N&sv=1&rn=114858
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:07 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: C35126BA9CE34A91A362630A232ADDB8 Ref B: YMQ01EDGE0417 Ref C: 2021-12-21T13:01:07Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/863113746/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863113746/?random=1640091667698&cv=9&fst=1640091667698&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tiba=NRSC%20HQ&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
833d81909818642ed47e9303a681c75314a6b10477d1d7b1b0803052977c04cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1115
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/855967303/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/855967303/?random=1640091667702&cv=9&fst=1640091667702&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tiba=NRSC%20HQ&auid=694662879.1640091667&capi=1&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
c4085301bd7590ff1b1acc9db4322e08b3f13155b6975acb198e3ce67aaf91b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1312
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
855967303.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/855967303/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://855967303.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/855967303/?random=1640091667702&cv=9&fst=1640091667702&num=1&fmt=3&value=0&label=_VeJCOrpwfcBEMeMlJgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tiba=NRSC%20HQ&auid=694662879.1640091667&capi=1&hn=www.googleadservices.com&bttype=purchase&async=1
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.165.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lax30s03-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
adsct
analytics.twitter.com/i/ 		31 B
672 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o09rg&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=924f0486-628d-4b0c-b378-fecf597fd2c4&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tpx_cb=twttr.conversion.loadPixels
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
0
x-response-time
9
pragma
no-cache
last-modified
Tue, 21 Dec 2021 13:01:07 GMT
server
tsa_b
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
02102f29905e689b8462da1cada8c2bc8afce13427b7e1ae2334ed20ec92d2bd
x-transaction
7129b6dd87d8e099
expires
Tue, 31 Mar 1981 05:00:00 GMT
adsct
t.co/i/ 		43 B
469 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o09rg&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=924f0486-628d-4b0c-b378-fecf597fd2c4&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
8
pragma
no-cache
last-modified
Tue, 21 Dec 2021 13:01:07 GMT
server
tsa_b
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
2a00740b809525fe85baaa74126fd9578abea0823beb59cd465ca03b3db2d616
x-transaction
1d50e428bd6c80a7
expires
Tue, 31 Mar 1981 05:00:00 GMT
is_enabled
tr.snapchat.com/collector/ 		46 B
313 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/collector/is_enabled?pids=db23cbdb-20db-44d4-b6a5-07bc2f403227
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
b59860ba7f4430aad856fe57aa9550316deb2bdbc8ead7780bc97f3eb5bba92b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 google
server
nginx/1.17.3
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46
m=_b,_tp
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AM... Frame F11C 		147 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fjs.stripe.com&mid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8a148e1b9d6521e624ac4a4019a30a1095aaa74e0d45b419d858d6db4ca06f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 00:14:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
391621
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52724
x-xss-protection
0
last-modified
Sat, 04 Dec 2021 03:35:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires
Sat, 17 Dec 2022 00:14:06 GMT
out-4.5.41.js
m.stripe.network/ Frame 80E6 		85 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.41.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21ea:c800:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
78
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 12:59:50 GMT
last-modified
Thu, 04 Nov 2021 19:04:57 GMT
server
Cloudfront
etag
W/"2db385faf28cf5f9393cf01a0a1edfa2"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 c267e55887d5d0922d95439137f937dd.cloudfront.net (CloudFront)
cache-control
max-age=300, public
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
WeMF0wTLcPd98eDG-_P0NHM3Kk4KQnZVOM-9e3PLqHmax2f1-EsKBA==
0
r.stripe.com/ Frame DDD6 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:07 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
i
tr.snapchat.com/cm/ Frame 8E53 		672 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/cm/i?pid=db23cbdb-20db-44d4-b6a5-07bc2f403227
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/

Response headers

server
nginx/1.17.3
date
Tue, 21 Dec 2021 13:01:07 GMT
content-type
text/html
content-length
672
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
j
rp4.liadm.com/
Redirect Chain
  • https://rp.liadm.com/j?dtstmp=1640091667803&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fqeh9k6grxrk08xqqqskrvzx&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%...
  • https://rp4.liadm.com/j?dtstmp=1640091667803&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fqeh9k6grxrk08xqqqskrvzx&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium...
13 B
569 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rp4.liadm.com/j?dtstmp=1640091667803&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fqeh9k6grxrk08xqqqskrvzx&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&wpn=lc-bundle&c=PHRpdGxlPk5SU0MgSFE8L3RpdGxlPjxtZXRhIGNvbnRlbnQ9IjxwIHN0eWxlPSZxdW90O3RleHQtYWxpZ246IGNlbnRlcjsmcXVvdDs-PHNwYW4gc3R5bGU9JnF1b3Q7Y29sb3I6ICMwMDAwMDA7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtc2l6ZTogMThwdDsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyZxdW90Oz5XaXNoIFByZXNpZGVudCBUcnVtcCAmYW1wO2FtcDsgRm9ybWVyIEZpcnN0IExhZHkgTWVsYW5pYSBhIE1lcnJ5IENocmlzdG1hczwvc3Bhbj48L3N0cm9uZz48L3NwYW4-PGIgaWQ9JnF1b3Q7ZG9jcy1pbnRlcm5hbC1ndWlkLTFhNmUwNmNiLTdmZmYtMTlmYy03NDgyLWIxZTdiZWU5ZWFkYyZxdW90Oz48L2I-PC9zcGFuPjwvcD4KPHAgc3R5bGU9JnF1b3Q7dGV4dC1hbGlnbjogY2VudGVyOyZxdW90Oz48c3BhbiBzdHlsZT0mcXVvdDtjb2xvcjogIzAwMDAwMDsmcXVvdDs-PHNwYW4gc3R5bGU9JnF1b3Q7dGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IGZvbnQtc2l6ZTogMThwdDsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyZxdW90Oz48L3NwYW4-PC9zdHJvbmc-PC9zcGFuPjwvc3Bhbj48L3A-CjxwPjxzcGFuIHN0eWxlPSZxdW90O2NvbG9yOiAjMDAwMDAwOyBmb250LXNpemU6IDEycHQ7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtZmFtaWx5OiBBcmlhbDsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsmcXVvdDs-V2Ugd2FudCB0byBnZXQgPC9zcGFuPjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtZmFtaWx5OiBBcmlhbDsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsmcXVvdDs-RVZFUlk8L3NwYW4-PHNwYW4gc3R5bGU9JnF1b3Q7Zm9udC1mYW1pbHk6IEFyaWFsOyBiYWNrZ3JvdW5kLWNvbG9yOiB0cmFuc3BhcmVudDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyZxdW90Oz4gUGF0cmlvdOKAmXMgc2lnbmF0dXJlIG9uIHRoZWlyIENocmlzdG1hcyBDYXJkIC0gY2FuIHdlIGluY2x1ZGUgeW91ciBuYW1lPzwvc3Bhbj48L3NwYW4-PC9wPgo8cD48c3BhbiBzdHlsZT0mcXVvdDtjb2xvcjogIzAwMDAwMDsgZm9udC1zaXplOiAxMnB0OyZxdW90Oz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7JnF1b3Q7Pjwvc3Bhbj48L3NwYW4-PC9wPgo8cD48c3BhbiBzdHlsZT0mcXVvdDt0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiBBcmlhbDsgY29sb3I6ICMwMDAwMDA7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsmcXVvdDs-UGxlYXNlIGFkZCB5b3VyIG5hbWUgSU1NRURJQVRFTFkgdG8gd2lzaCBQcmVzaWRlbnQgVHJ1bXAgYW5kIE1lbGFuaWEgYSBNZXJyeSBDaHJpc3RtYXMhPC9zcGFuPjwvc3Ryb25nPjwvc3Bhbj48L3A-IiBuYW1lPSJkZXNjcmlwdGlvbiI-&i6=MmEwZDo1NjAwOjk6NGIwMzpkMjo6MQ%3D%3D&n3pc=true
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Server
34.238.14.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-238-14-155.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
x-pixel-event-id
ea9cebda-2ba1-467c-9888-e24a7379480e
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
request-time
1
vary
Origin
content-length
13
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx/1.18.0
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json
access-control-allow-origin
null
access-control-allow-credentials
true
trace-id
4f0955ea34b341ac

Redirect headers

date
Tue, 21 Dec 2021 13:01:07 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx/1.18.0
vary
Origin
location
https://rp4.liadm.com/j?dtstmp=1640091667803&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fqeh9k6grxrk08xqqqskrvzx&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&wpn=lc-bundle&c=PHRpdGxlPk5SU0MgSFE8L3RpdGxlPjxtZXRhIGNvbnRlbnQ9IjxwIHN0eWxlPSZxdW90O3RleHQtYWxpZ246IGNlbnRlcjsmcXVvdDs-PHNwYW4gc3R5bGU9JnF1b3Q7Y29sb3I6ICMwMDAwMDA7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtc2l6ZTogMThwdDsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyZxdW90Oz5XaXNoIFByZXNpZGVudCBUcnVtcCAmYW1wO2FtcDsgRm9ybWVyIEZpcnN0IExhZHkgTWVsYW5pYSBhIE1lcnJ5IENocmlzdG1hczwvc3Bhbj48L3N0cm9uZz48L3NwYW4-PGIgaWQ9JnF1b3Q7ZG9jcy1pbnRlcm5hbC1ndWlkLTFhNmUwNmNiLTdmZmYtMTlmYy03NDgyLWIxZTdiZWU5ZWFkYyZxdW90Oz48L2I-PC9zcGFuPjwvcD4KPHAgc3R5bGU9JnF1b3Q7dGV4dC1hbGlnbjogY2VudGVyOyZxdW90Oz48c3BhbiBzdHlsZT0mcXVvdDtjb2xvcjogIzAwMDAwMDsmcXVvdDs-PHNwYW4gc3R5bGU9JnF1b3Q7dGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IGZvbnQtc2l6ZTogMThwdDsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyZxdW90Oz48L3NwYW4-PC9zdHJvbmc-PC9zcGFuPjwvc3Bhbj48L3A-CjxwPjxzcGFuIHN0eWxlPSZxdW90O2NvbG9yOiAjMDAwMDAwOyBmb250LXNpemU6IDEycHQ7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtZmFtaWx5OiBBcmlhbDsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsmcXVvdDs-V2Ugd2FudCB0byBnZXQgPC9zcGFuPjxzcGFuIHN0eWxlPSZxdW90O2ZvbnQtZmFtaWx5OiBBcmlhbDsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsmcXVvdDs-RVZFUlk8L3NwYW4-PHNwYW4gc3R5bGU9JnF1b3Q7Zm9udC1mYW1pbHk6IEFyaWFsOyBiYWNrZ3JvdW5kLWNvbG9yOiB0cmFuc3BhcmVudDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyZxdW90Oz4gUGF0cmlvdOKAmXMgc2lnbmF0dXJlIG9uIHRoZWlyIENocmlzdG1hcyBDYXJkIC0gY2FuIHdlIGluY2x1ZGUgeW91ciBuYW1lPzwvc3Bhbj48L3NwYW4-PC9wPgo8cD48c3BhbiBzdHlsZT0mcXVvdDtjb2xvcjogIzAwMDAwMDsgZm9udC1zaXplOiAxMnB0OyZxdW90Oz48c3BhbiBzdHlsZT0mcXVvdDtmb250LWZhbWlseTogQXJpYWw7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7JnF1b3Q7Pjwvc3Bhbj48L3NwYW4-PC9wPgo8cD48c3BhbiBzdHlsZT0mcXVvdDt0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiBBcmlhbDsgY29sb3I6ICMwMDAwMDA7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50OyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsmcXVvdDs-UGxlYXNlIGFkZCB5b3VyIG5hbWUgSU1NRURJQVRFTFkgdG8gd2lzaCBQcmVzaWRlbnQgVHJ1bXAgYW5kIE1lbGFuaWEgYSBNZXJyeSBDaHJpc3RtYXMhPC9zcGFuPjwvc3Ryb25nPjwvc3Bhbj48L3A-IiBuYW1lPSJkZXNjcmlwdGlvbiI-&i6=MmEwZDo1NjAwOjk6NGIwMzpkMjo6MQ%3D%3D&n3pc=true
x-frame-options
DENY
access-control-allow-origin
https://secure.winred.com
x-xss-protection
1; mode=block
x-permitted-cross-domain-policies
master-only
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
4c0934ea4d2ca62f
request-time
1
content-length
0
x-content-type-options
nosniff
cds-pips.js
cdn.taboola.com/scripts/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/cds-pips.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding
gzip
etag
"3aa74dbf5cd656dbb65deda2d238ddbd"
age
2804
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
911
x-amz-id-2
Y36gzyX/Xo8m4VMhQranq9RIU7YMgb+bhi3Yj9WU0iSdNjXsrpZxcGmTA9XyLcC66e9v6+PuWkU=
x-served-by
cache-yul12833-YUL
last-modified
Wed, 14 Jul 2021 05:06:01 GMT
server
AmazonS3
x-timer
S1640091668.811813,VS0,VE0
date
Tue, 21 Dec 2021 13:01:07 GMT
vary
Accept-Encoding
x-amz-request-id
7HHZ0EGJG13DKY17
via
1.1 varnish
cache-control
private, max-age=3600
accept-ranges
bytes
content-type
application/javascript
abp
11
x-cache-hits
11023
sp.pl
sp.analytics.yahoo.com/ 		43 B
715 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Tue%2C%2021%20Dec%202021%2013%3A01%3A07%20GMT&n=0&b=NRSC%20HQ&.yp=10099393&f=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&enc=UTF-8&yv=1.10.2&tagmgr=gtm
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.13.32.146 Lockport, United States, ASN26101 (YAHOO-BF1, US),
Reverse DNS
spdc.pbp.vip.bf1.yahoo.com
Software
ATS /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:07 GMT
x-content-type-options
nosniff
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, private, must-revalidate
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
43
referrer-policy
strict-origin-when-cross-origin
expires
Tue, 21 Dec 2021 13:01:07 GMT
is_enabled
tr.snapchat.com/collector/ 		91 B
154 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/collector/is_enabled?pids=db23cbdb-20db-44d4-b6a5-07bc2f403227,5184087d-ebf3-491a-9ed9-4a48a1eee160
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
49b5daac714d35c45fdf53aacc3b322f3e98c8d26a3237ee185e0c648573bcb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 google
server
nginx/1.17.3
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
91
p
tr.snapchat.com/ 		68 B
86 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.snapchat.com/p?pid=db23cbdb-20db-44d4-b6a5-07bc2f403227&ev=PAGE_VIEW&pl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&ts=1640091667817&rf=&v=1.5&if=false&bt=__LIVE__&intg=gtm&u_c1=d5d01276-d97f-4663-8e6b-ca6668d1a1a3&m_sl=1260&m_rd=1387&m_pi=551&m_ic=0
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 google
server
nginx/1.17.3
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-transform
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
68
p
tr.snapchat.com/ 		68 B
86 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.snapchat.com/p?pid=db23cbdb-20db-44d4-b6a5-07bc2f403227&ev=PAGE_VIEW&pl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&ts=1640091667863&rf=&v=1.5&if=false&bt=__LIVE__&u_hem=FFF7b7416ec1f35b8a794c92887c2c62529b2179b6fa911173803c59c0c463ba572&u_c1=d5d01276-d97f-4663-8e6b-ca6668d1a1a3&intg=gtm&m_sl=1260&m_rd=1432&m_pi=551&m_ic=0
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 google
server
nginx/1.17.3
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-transform
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
68
p
tr.snapchat.com/ 		68 B
86 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.snapchat.com/p?pid=5184087d-ebf3-491a-9ed9-4a48a1eee160&ev=PAGE_VIEW&pl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&ts=1640091667863&rf=&v=1.5&if=false&bt=__LIVE__&u_hem=FFF7b7416ec1f35b8a794c92887c2c62529b2179b6fa911173803c59c0c463ba572&u_c1=d5d01276-d97f-4663-8e6b-ca6668d1a1a3&intg=gtm&m_sl=1260&m_rd=1432&m_pi=551&m_ic=0
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 google
server
nginx/1.17.3
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, no-transform
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
68
/
www.facebook.com/tr/ 		44 B
406 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=726955087976350&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&rl=&if=false&ts=1640091667908&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%22432355648185493%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22USD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%222915042018814936%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22USD%22%7D%7D%7D&par[2]=%7B%22extractorID%22%3A%22285609139649075%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[3]=%7B%22extractorID%22%3A%223536133729846044%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1640091667896.343904404&it=1640091667676&coo=false&rqm=GET
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Tue, 21 Dec 2021 13:01:07 GMT
/
www.google.com/pagead/1p-user-list/863113746/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/863113746/?random=1640091667698&cv=9&fst=1640091600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tiba=NRSC%20HQ&async=1&fmt=3&is_vtc=1&random=2452983636&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/863113746/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/863113746/?random=1640091667698&cv=9&fst=1640091600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tiba=NRSC%20HQ&async=1&fmt=3&is_vtc=1&random=2452983636&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-conversion/855967303/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/855967303/?random=238982345&cv=9&fst=1640091667702&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u...
  • https://www.google.com/pagead/1p-conversion/855967303/?random=238982345&cv=9&fst=1640091667702&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_a...
  • https://www.google.ca/pagead/1p-conversion/855967303/?random=238982345&cv=9&fst=1640091667702&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-conversion/855967303/?random=238982345&cv=9&fst=1640091667702&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tiba=NRSC%20HQ&auid=694662879.1640091667&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=E9DBYa3gMIb6MZGWlJgK&cid=CAQSKQCNIrLMMGqE_JfPCP1r_R_sVvZoGPI3WSRcX0ZfEVpkCTyE1DLAekmK&eitems=ChAIgJOGjgYQvLzhrZmv1u5fEh0AjG9ZNhw_ucOIyXBOiApdd880qhf73j7wAl-q3Q&random=1309546003&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAHd56D_hyCiyrs4KjYlAxzXWpy6NpkfskLPVSzGyG6fc42Y9LqCPsC1qcfGy1Mu88qf2W75nIsH8l-6v9cSC3-
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 21 Dec 2021 13:01:08 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.ca/pagead/1p-conversion/855967303/?random=238982345&cv=9&fst=1640091667702&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgc10&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50&tiba=NRSC%20HQ&auid=694662879.1640091667&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=E9DBYa3gMIb6MZGWlJgK&cid=CAQSKQCNIrLMMGqE_JfPCP1r_R_sVvZoGPI3WSRcX0ZfEVpkCTyE1DLAekmK&eitems=ChAIgJOGjgYQvLzhrZmv1u5fEh0AjG9ZNhw_ucOIyXBOiApdd880qhf73j7wAl-q3Q&random=1309546003&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAHd56D_hyCiyrs4KjYlAxzXWpy6NpkfskLPVSzGyG6fc42Y9LqCPsC1qcfGy1Mu88qf2W75nIsH8l-6v9cSC3-
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
m=byfTOb,lsjVmc,LEikZe
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.HTq... Frame F11C 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.HTqfbqayYmU.L.B1.O/am=BgAC/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrjRMCIOQyt3VRLO5xGLlmBd_4lTUw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f2d9f427387d66c1e47f6fc9338e3877a8493526fbcf277cdb7f3e55d77cd85a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 15:31:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
422973
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13458
x-xss-protection
0
last-modified
Sat, 04 Dec 2021 02:26:14 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires
Fri, 16 Dec 2022 15:31:35 GMT
6
m.stripe.com/ Frame 80E6 		156 B
522 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.41.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.238.75.245 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-238-75-245.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
e6507c106fde348af04562d47f32bc7918c5ada9ef472723ad9702d1d251ad8c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 21 Dec 2021 13:01:08 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
scevent.min.js
sc-static.net/ Frame 8E53 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: tr.snapchat.com
URL: https://tr.snapchat.com/cm/i?pid=db23cbdb-20db-44d4-b6a5-07bc2f403227
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-61.ewr53.r.cloudfront.net
Software
CloudFront /
Resource Hash
86cef2add30bc2d72060cfa9bac755d279fbab4894012fac0db3aed74ef96dd4

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tr.snapchat.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 20 Dec 2021 22:35:35 GMT
content-encoding
gzip
server
CloudFront
age
51933
etag
0d6e407936704bd380072f5891d28b0e
x-cache
Hit from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, s-maxage=86400, max-age=600
x-amz-cf-pop
EWR53-C1
access-control-allow-headers
Content-Type
content-length
6867
via
1.1 19f59f4851bd1754171a506ce0726a08.cloudfront.net (CloudFront)
x-amz-cf-id
p5e4677EcKsUc07ztcbG7yE0US8hB3r9_yI2VCLYpHNl50DJA8LXTg==
m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.HTq... Frame F11C 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.HTqfbqayYmU.L.B1.O/am=BgAC/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrjRMCIOQyt3VRLO5xGLlmBd_4lTUw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058d6bb45f407a87de0e1aafd110a5e3422d7d35f6c8b33b4f43e577fd1e0281
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 20 Dec 2021 17:14:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
71219
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27350
x-xss-protection
0
last-modified
Sat, 04 Dec 2021 02:26:14 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires
Tue, 20 Dec 2022 17:14:09 GMT
p
tr.snapchat.com/cm/ Frame 5CA7
Redirect Chain
  • https://tr.snapchat.com/cm/s?pnid=140&cb=1640091668160
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1640010082987%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1640010082987%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
  • https://tr.snapchat.com/cm/p?rand=1640010082987&pnid=140&pcid=c779c73c-5c93-42dd-99f3-501ccd4643b5
0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/cm/p?rand=1640010082987&pnid=140&pcid=c779c73c-5c93-42dd-99f3-501ccd4643b5
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://tr.snapchat.com/

Response headers

server
nginx/1.17.3
date
Tue, 21 Dec 2021 13:01:08 GMT
content-type
text/html
content-length
0
access-control-allow-origin
*
cache-control
no-cache, no-transform
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

date
Tue, 21 Dec 2021 13:01:08 GMT
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://tr.snapchat.com/cm/p?rand=1640010082987&pnid=140&pcid=c779c73c-5c93-42dd-99f3-501ccd4643b5
content-length
0
via
1.1 google
alt-svc
clear
analytics.js
www.google-analytics.com/ Frame F11C 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.HTqfbqayYmU.L.B1.O/am=BgAC/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrjRMCIOQyt3VRLO5xGLlmBd_4lTUw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1209
date
Tue, 21 Dec 2021 12:40:59 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 21 Dec 2021 14:40:59 GMT
pay
pay.google.com/gp/p/ui/ Frame F11C 		1 MB
338 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/pay
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c08::5c Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d077435f1bd9a91259bb1b6539038df97d5e4775ce00514db1d595604f994fb5
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-drMuAUqo35rleTTIx5X/kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-drMuAUqo35rleTTIx5X/kg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 13:01:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge
server
ESF
cross-origin-opener-policy
unsafe-none
x-frame-options
DENY
strict-transport-security
max-age=31536000
content-type
text/html; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control
private, max-age=3600
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-drMuAUqo35rleTTIx5X/kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-drMuAUqo35rleTTIx5X/kg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
expires
Tue, 21 Dec 2021 13:01:08 GMT
log
play.google.com/ Frame F11C 		131 B
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Tue, 21 Dec 2021 13:01:08 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Tue, 21 Dec 2021 13:01:08 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
log
play.google.com/ Frame F11C 		131 B
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Tue, 21 Dec 2021 13:01:08 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
log
play.google.com/ Frame F11C 		131 B
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Tue, 21 Dec 2021 13:01:08 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Tue, 21 Dec 2021 13:01:08 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Tue, 21 Dec 2021 13:01:08 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
log
play.google.com/ Frame F11C 		131 B
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Tue, 21 Dec 2021 13:01:08 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Tue, 21 Dec 2021 13:01:08 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
log
play.google.com/ Frame F11C 		131 B
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Tue, 21 Dec 2021 13:01:08 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Tue, 21 Dec 2021 13:01:08 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.HTq... Frame F11C 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.HTqfbqayYmU.L.B1.O/am=BgAC/d=1/exm=Das5Le,IZT63,LEikZe,PrPYRd,Ru0Pgb,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrjRMCIOQyt3VRLO5xGLlmBd_4lTUw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8664390f269923cfc07cec5a2f94704ff85786a0ee80ebf564654041e822fd3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 16:54:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
158819
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7265
x-xss-protection
0
last-modified
Sat, 04 Dec 2021 02:26:14 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires
Mon, 19 Dec 2022 16:54:09 GMT
m=lwddkf,EFQ78c
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.HTq... Frame F11C 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.HTqfbqayYmU.L.B1.O/am=BgAC/d=1/exm=Das5Le,FCpbqb,IZT63,LEikZe,PrPYRd,Ru0Pgb,WhJNk,Wt6vjf,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,hhhU8,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrjRMCIOQyt3VRLO5xGLlmBd_4lTUw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=lwddkf,EFQ78c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
40a3be1a3422a8d3afc05bc4cf5b8a559ccc414022040153343dac7060335c0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 19 Dec 2021 18:54:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
151574
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3333
x-xss-protection
0
last-modified
Sat, 04 Dec 2021 02:26:14 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
expires
Mon, 19 Dec 2022 18:54:54 GMT
log
play.google.com/ Frame F11C 		131 B
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Tue, 21 Dec 2021 13:01:08 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-goog-authuser
Origin
https://pay.google.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
https://pay.google.com
access-control-allow-methods
GET, POST, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
content-type
text/plain; charset=UTF-8
date
Tue, 21 Dec 2021 13:01:08 GMT
server
Playlog
content-length
0
x-xss-protection
0
x-frame-options
SAMEORIGIN
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
/
www.facebook.com/tr/ Frame 9F29 		0
18 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://secure.winred.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://secure.winred.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Tue, 21 Dec 2021 13:01:08 GMT
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
js.stripe.com/v3/ Frame F505 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f12ea31f2de03adcf62f4f3e57f6fa95454fde4a55e5f9cfe4989d6724af7358
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/

Response headers

content-type
text/html; charset=utf-8
last-modified
Mon, 20 Dec 2021 22:00:25 GMT
server
Cloudfront
access-control-allow-origin
*
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-security-policy
default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com blob:; font-src data: https:; media-src 'none'; object-src 'self'; report-uri https://q.stripe.com/csp-report
timing-allow-origin
*
content-encoding
gzip
date
Tue, 21 Dec 2021 13:00:51 GMT
cache-control
max-age=60
etag
W/"2f6bcd7172e4cab8a681a031e62f2940"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
rHZXE-Q6y4VsXdTXovSjdhJcoiyhu9CarYyaqR6rs_KtQOlix508GQ==
age
18
log
play.google.com/ Frame F11C 		131 B
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.spj3JaUSYOw.es5.O/am=BgAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrgUrRcszF_4aHAoDgSJgFy09igR0Q/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Tue, 21 Dec 2021 13:01:08 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
csp-report
q.stripe.com/ Frame F505 		0
346 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 21 Dec 2021 13:01:08 GMT
server
nginx
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
x-envoy-upstream-service-time
1
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length
0
ui-shared-46e93b3755a485133d7e5e7e1db48eaf.css
js.stripe.com/v3/fingerprinted/css/ Frame F505 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/css/ui-shared-46e93b3755a485133d7e5e7e1db48eaf.css
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
d9f33ed9fdd936a670993b9a8e6ca44e7a358d0f7b217b6c6638b502f66a8015
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
38
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Wed, 03 Nov 2021 22:14:27 GMT
server
Cloudfront
etag
W/"7c0a4ba6a732ed01cc27774f97bbe8bd"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
QIYqEQgw7E5jX0aoNCEc7DMFnRNjYLYQLhhY4bgu3HOJuGXcea3kJw==
shared-acf33b06d6d76130df5c048ea078a213.js
js.stripe.com/v3/fingerprinted/js/ Frame F505 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
69f5cce133b2f1a38396e72a66a4091fb471a5f4642903393f028c1e362ff9b2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR50-C1
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:01:08 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 20 Dec 2021 22:00:26 GMT
server
Cloudfront
etag
W/"37a90f9260462bb02881b86994e5b047"
vary
Accept-Encoding,Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
1FsY45h7qHoAadsNqDDVQmzNXqcHZVWHYOin_jsKrMPrCS2t-NzkNA==
ui-shared-33cfbc46d3bc2ef99c5386365de528e3.js
js.stripe.com/v3/fingerprinted/js/ Frame F505 		216 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/ui-shared-33cfbc46d3bc2ef99c5386365de528e3.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
c2d1c1bde03b00b550ade5bb8da528021d17b57d0a1eede0db854b3209a5ccec
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
15
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:01:07 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Tue, 14 Dec 2021 19:41:48 GMT
server
Cloudfront
etag
W/"6eb3258128d57112afb69b0cdc5dbec1"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
lgksnkF5s8rPwq-5VjtVegap1NTJasoWrEt8ttWPKSwRUR_s9Y9Dvw==
elements-inner-payment-request-0d10a69033631bfe544b3980c5f4db2d.js
js.stripe.com/v3/fingerprinted/js/ Frame F505 		44 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/elements-inner-payment-request-0d10a69033631bfe544b3980c5f4db2d.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
6f688e7295480921d6bc7f3bc1ad03cd2874ae3f04315efc95d3ca439c0436f2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.stripe.com/v3/elements-inner-payment-request-2f6bcd7172e4cab8a681a031e62f2940.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
20
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:50 GMT
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
last-modified
Mon, 22 Nov 2021 23:04:48 GMT
server
Cloudfront
etag
W/"7912344645a92469680eceb8450d1619"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
timing-allow-origin
*
x-amz-cf-id
CRGSWqgnDsYROwoSur0XwXi707TCrNxQlXoceHi8uJh8jCMA4uvjmA==
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
unip
trc-events.taboola.com/1409910/log/3/ 		0
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc-events.taboola.com/1409910/log/3/unip?en=pre_d_eng_tb&tos=1619&scd=46&ssd=1&est=1640091667574&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1640091669195&vi=1640091667570&ri=3c1b070d4e8618dde82d3bd083714763&sd=v2_9466169dcf87dd59e1bff39491a8f151_38a6827b-43ec-43fc-b4c7-28e6b7e692dc-tuct8bb5593_1640091667_1640091667_CNawjgYQ9oZWGPKY0-jdLyABKAEwJjiJ6AdAsvEHSIXV2QNQ98wHWABgAGiApKeijMutlDNwAQ&ui=38a6827b-43ec-43fc-b4c7-28e6b7e692dc-tuct8bb5593&ref=null&cv=20211213-1-RELEASE&item-url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
https://secure.winred.com
pragma
no-cache
date
Tue, 21 Dec 2021 13:01:09 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
common.js
maps.googleapis.com/maps-api-v3/api/js/47/3/ 		77 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/47/3/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bfbf4aef175aaf8bcb29e886599695cbb631cdfec3d4abc2c17de5e601177be6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 20 Dec 2021 14:56:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
79479
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28762
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:54:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 20 Dec 2022 14:56:32 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/47/3/ 		297 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/47/3/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d515eaea56c39ee639f3d3fdf631d0216452b574aa1395797ecb2651068f0773
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 21 Dec 2021 05:15:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27928
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
92713
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:54:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 21 Dec 2022 05:15:43 GMT
unip
trc-events.taboola.com/1409910/log/3/ 		0
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc-events.taboola.com/1409910/log/3/unip?en=pre_d_eng_tb&tos=4620&scd=46&ssd=1&est=1640091667574&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1640091672196&vi=1640091667570&ri=3c1b070d4e8618dde82d3bd083714763&sd=v2_9466169dcf87dd59e1bff39491a8f151_38a6827b-43ec-43fc-b4c7-28e6b7e692dc-tuct8bb5593_1640091667_1640091667_CNawjgYQ9oZWGPKY0-jdLyABKAEwJjiJ6AdAsvEHSIXV2QNQ98wHWABgAGiApKeijMutlDNwAQ&ui=38a6827b-43ec-43fc-b4c7-28e6b7e692dc-tuct8bb5593&ref=null&cv=20211213-1-RELEASE&item-url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fchristmas-card-rs-cc%3Futm_medium%3Demail%26utm_source%3Drs_nrsc_cc%26utm_campaign%3D20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc%26utm_content%3Ddonate-recgvYyaD37Rsu6bA-10504%26amount%3D50
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
https://secure.winred.com
pragma
no-cache
date
Tue, 21 Dec 2021 13:01:12 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
trusted-types-checker-cda1635e27dc416e23614def05f39e01.js
js.stripe.com/v3/fingerprinted/js/ 		172 B
673 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-cda1635e27dc416e23614def05f39e01.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.210.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-210-10.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
95606fd79e5ed034243c781bbfdacc97d7fbc04174981a4a45cd4ad63008afed
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://secure.winred.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
via
1.1 90a990c5327e86ade86681120dc4a237.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
31
x-cache
Hit from cloudfront
date
Tue, 21 Dec 2021 13:00:43 GMT
content-length
172
last-modified
Fri, 05 Nov 2021 21:06:48 GMT
server
Cloudfront
etag
"c78a4d54d725874984ae69d553523207"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-pop
EWR50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
5-KjDXQgtVwMIUJyPBXTZxVAwWQppATKcqbNff-MS-rZrqfchPcZEg==
0
r.stripe.com/ Frame 134E 		0
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-acf33b06d6d76130df5c048ea078a213.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Tue, 21 Dec 2021 13:01:13 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| dataLayer boolean| isWinRed string| app_platform object| __webpackStripeJSv3Jsonp function| Stripe object| google object| module$exports$mapsapi$util$event object| module$contents$mapsapi$overlay$overlayView_OverlayView function| BestInPlaceEditor function| $ function| jQuery object| jQuery112408532889300437987 function| Tether function| NestedFormEvents object| nestedFormEvents function| JQClass object| bioEp function| Cookies object| App object| picturefillCFG function| picturefill function| UAParser function| gm_authFailure function| tmpl object| ActionCable string| GoogleAnalyticsObject function| ga object| antiClickjack object| a0_0x433e function| a0_0x3d7e object| __CF$cv$params function| landingPageFormSubmitRecaptchaSuccess function| landingPageFormSubmitRecaptchaError object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| postscribe object| google_tag_manager_external function| twq function| obApi function| obTag object| __tfa_pixel_init object| _tfa function| snaptr object| dotq function| fbq function| _fbq function| pixie function| onYouTubeIframeAPIReady function| _typeof object| TFASC object| TRC object| _taboola number| taboola_view_id object| TRCImpl function| __trcError function| UET function| UET_init function| UET_push object| LI object| __li__evt_bus object| liQ object| twttr object| YAHOO object| ueto_d54b03f559 object| uetq boolean| triedToSendCookieToNative object| WebJSBridge function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| __trcWarn

39 Cookies

Domain/Path Name / Value
sc-static.net/scevent.min.js Name: X-AB
Value: 0d6e407936704bd380072f5891d28b0e
app.revv.co/api/v3/users Name: rvid
Value: 8275640a-b253-4946-813e-e6279f1d4f3e
.taboola.com/nrsc-sc/ Name: taboola_session_id
Value: v2_9466169dcf87dd59e1bff39491a8f151_38a6827b-43ec-43fc-b4c7-28e6b7e692dc-tuct8bb5593_1640091667_1640091667_CNawjgYQ9oZWGPKY0-jdLyABKAEwJjiJ6AdAsvEHSIXV2QNQ98wHWABgAGiApKeijMutlDNwAQ
.winred.com/ Name: _revv_v3_session
Value: eHU1aCtyS24yaHh3TVcrS2gyVlpYZ2pOYzlZeEFsOVMxU2tFRnBUQ1BFOTQ1WXR2dklYeis5TFhjUHhqTEdYNkp2WkVUa0d2ZDZ1TDNPRXltd0lyUzJGRFhnSHVVYk9SV1YzaG1pZDIvL1hXVEJSV0lhRUpIbTEzU04wQ1ZicWNEejZmRG9ITkRKYnNIMk8rT3ZLVzJQTHdGRWVPbzh0VlBNR1pGYWpoNER3YmgwQ0w0WkpBTVlNSjlzVEY5L2pMcUhYMkg1RkdpU3ZZSXRYOW9COTMwYnFtQnRUSCswZkpXRkk5ckJHNmVrb3hFcTRFZTUydm9xSTI3QnlEM21mQ2VEcXA0cER3Z3FsY0pYTzA1S2cyeTN3bENYTWlmNVkra240cTBNeE9NQXdYR2FpeUNuTCtvVnZrMlFUN3BENUtQNkFnVHFuTjlrRDBDSnpURzUzcDVNNDdjVm1OSkkycnBWQjRya05Gb3B6WVJhbnR1eWM5MmxTVi9iV2g4ajA1NFBkUDgrQ21Yb252T0NxQnMxN3I1VzBpcERqaWUydVJzczFZa1h6ZVJhN3pPaGNIMU5WdWk4bDJPM2VyRzVKajZLanp6cE1nMEpiZlhMYmY0VnN0RWx4bnRPcjRub0FubGllejBiU3QyczRKaWZsNWRiWHVGbzJVcG5NbWp3dFVja3JLOEhFS3M2WUo4K1VsU2VlTlQrZW84WWJtRXRPanBLN1BJaUlmdHpLeGRjWVlrdlNrSzBUd3g4TE03S1ZNdmRoNHZUTW9uR0M5Zng0aG9OUWZMcy9TOVZhcjkySTlkdFRQL1Eyc3JJZz0tLWduQmY5aUJaSjJjSm9ONWRQV2JWNFE9PQ%3D%3D--9b3b27f834407a8b4fca729d88649e72a3847c03
secure.winred.com/ Name: origin_url
Value: https://secure.winred.com/nrsc/christmas-card-rs-cc?utm_medium=email&utm_source=rs_nrsc_cc&utm_campaign=20211216_na_trumpchristmascard-v1_cc_nrsc_nrsc&utm_content=donate-recgvYyaD37Rsu6bA-10504&amount=50
.winred.com/ Name: _ga
Value: GA1.2.1668169841.1640091667
.winred.com/ Name: _gid
Value: GA1.2.952362482.1640091667
.winred.com/ Name: _gat
Value: 1
.revv.co/ Name: _revv_v3_session
Value: UmZBR0haWW52NlNmR2V0Sm5uWkdzWGtFY2Z4ZXhtclZmYjZ6dFpwbnlzV0d5ak9BSjBKejlrL2x2S01tWklROFN6aE9LZm1PZ2htNHo4UCtjM3RKQUE9PS0tQjFCWGJTeUpkalRKT3FwN2VpZi91QT09--ac8780297d5bacf3f98dcbf271dd7a8c2744e1a2
.revv.co/ Name: __cf_bm
Value: HnRSCAqwNeRV2Vfyzwm8ihzDAdEXGkDzvf1WkGyUl2k-1640091667-0-AfMy+YJC9oW6hhi2cDc7ZaZ8hnzZqLeEhTMtMpOByry7lWnEYC+au6a7dbJGQPOYnY+2Kp3Kx2R+8x1pQ+jg1W3E+tz27o1io11ZYVV67aJz
secure.winred.com/ Name: sso_tries
Value: 1
secure.winred.com/ Name: rvid
Value: 8275640a-b253-4946-813e-e6279f1d4f3e
.winred.com/ Name: _gcl_au
Value: 1.1.694662879.1640091667
.winred.com/ Name: _dc_gtm_UA-73658561-7
Value: 1
.google.com/ Name: NID
Value: 511=KSw0e4r80HQbjtN6-vJLMzAwXAdP9NkjkwBffcuNIEBhQA93noJJABjl9E6wq0X4ElUz8Uz1X6AKucrIKzDZSxy7JLFz21EdUI-JsuY3slKx1Wh-MjYkPPdErxBbGuPqYXNrSGQ3i57cLC6aZDtJJdJLKQcxqL7wGmPUG-ho84Y
.secure.winred.com/ Name: __cf_bm
Value: 5hbnKbnSA.IHXt._LC.RwzIaHU7jt06s8jXLPvBIQGI-1640091667-0-AQZIlxcc8aUL8rUmj/n5OBzgXTRe5awuCQC0HyZSK68b/Q4zhSF1yNZQ00n82ObZ8ViLPF9qyhsvD+l1pXUw0CqYDrcDQjfF4kr4PBMg9CWdcHyv+LIcWRfronPKV24DMOt/V5s6eqsRydn/kvWSj8niqJ8zCD4wvHAcmRom/lN3NqDUBHDVwbVbOZsreEw/8g==
.bing.com/ Name: MUID
Value: 0919D49EB946689521CFC58AB890691E
.bat.bing.com/ Name: MR
Value: 0
.taboola.com/ Name: t_gid
Value: 38a6827b-43ec-43fc-b4c7-28e6b7e692dc-tuct8bb5593
.winred.com/ Name: _li_dcdm_c
Value: .winred.com
.winred.com/ Name: _lc2_fpi
Value: 5fe568a6c8fd--01fqeh9k6grxrk08xqqqskrvzx
.winred.com/ Name: _uetsid
Value: 10054b60625e11ecadc679a421d18965
.winred.com/ Name: _uetvid
Value: 10056dc0625e11ec96baf9acbd405496
.winred.com/ Name: _scid
Value: d5d01276-d97f-4663-8e6b-ca6668d1a1a3
secure.winred.com/ Name: outbrain_cid_fetch
Value: true
.liadm.com/ Name: lidid
Value: 5afd0d57-9d72-45c7-a655-486e2e03ba64
.winred.com/ Name: _fbp
Value: fb.1.1640091667896.343904404
.twitter.com/ Name: personalization_id
Value: "v1_wIFIr489vbvTgF69AP/eng=="
.yahoo.com/ Name: A3
Value: d=AQABBBPQwWECEJL7fOteDrcu9fNNT-Ch_7MFEgEBAQEhw2HLYQAAAAAA_eMAAA&S=AQAAAjju0UlD0ykuiwSUSemof1U
.facebook.com/ Name: fr
Value: 09hfZwxlK7Iv2aYBd..BhwdAT...1.0.BhwdAT.
.doubleclick.net/ Name: IDE
Value: AHWqTUkoKqTPXkQOCcr3IrftZsoMFlm-9vZtGlAVZR6FuCPF_3hgEgZ0sYEuMIMm
.snapchat.com/ Name: sc_at
Value: v2|H4sIAAAAAAAAAE3GyQ0AIAgEwIpIFoPr0Q1RqMLijT/nNbSohFPSdxeLpPjaKlnQAuHA0KOGqbR3sp+vuEaQ1OxAAAAA
.tapad.com/ Name: TapAd_TS
Value: 1640091668287
.tapad.com/ Name: TapAd_DID
Value: c779c73c-5c93-42dd-99f3-501ccd4643b5
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
m.stripe.com/ Name: m
Value: f0f91766-5b7c-4576-945c-e96701e34eace49051
.secure.winred.com/ Name: __stripe_mid
Value: 10eb9b3d-2d1e-420a-b8cc-f7b192d43332215164
.secure.winred.com/ Name: __stripe_sid
Value: 03c68beb-00f0-4a21-9f8c-c0584e13330c6178d2
.winred.com/ Name: _sctr
Value: 1|1640044800000

4 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='".
deprecation warning URL: https://js.stripe.com/v3/fingerprinted/js/payment-request-inner-browser-f2a776258b5d03fabd63ccb663dcf89a.js
Message:
The 'basic-card' payment method is deprecated and will be removed in M100, around March 2022. See https://www.chromestatus.com/features/5730051011117056 for more details.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

855967303.privacysandbox.googleadservices.com
acdn.adnxs.com
amplify.outbrain.com
analytics.twitter.com
app.revv.co
b-code.liadm.com
bat.bing.com
cdn.taboola.com
connect.facebook.net
d35ligi1n5bgzc.cloudfront.net
googleads.g.doubleclick.net
ib.adnxs.com
js.stripe.com
m.stripe.com
m.stripe.network
maps.googleapis.com
pay.google.com
pixel.tapad.com
play.google.com
q.stripe.com
r.stripe.com
rp.liadm.com
rp4.liadm.com
s.yimg.com
sc-static.net
secure.winred.com
sp.analytics.yahoo.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tr.outbrain.com
tr.snapchat.com
trc-events.taboola.com
trc.taboola.com
trk.cp20.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
104.244.42.131
104.244.42.69
107.178.246.49
13.225.210.10
13.225.63.109
13.225.63.61
141.226.224.48
142.250.80.66
151.101.129.44
172.217.165.130
199.232.64.157
2001:4998:14:800::1001
216.24.224.100
23.52.160.130
23.52.162.190
2600:1f18:730:b140:3161:8a8b:ea8c:5d8b
2600:9000:210b:e600:8:8845:1500:93a1
2600:9000:21ea:c800:19:7d10:bd80:93a1
2606:4700::6812:9b15
2606:4700::6812:9c15
2607:f8b0:4006:806::200a
2607:f8b0:4006:806::200e
2607:f8b0:4006:809::2003
2607:f8b0:4006:81d::2004
2607:f8b0:4006:81e::2003
2607:f8b0:4006:821::200e
2607:f8b0:4006:822::2008
2607:f8b0:4006:824::2002
2607:f8b0:400d:c08::5c
2607:f8b0:4023:1404::9a
2620:1ec:c11::200
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
34.238.14.155
35.186.226.184
44.238.75.245
54.186.23.98
68.67.160.134
70.42.32.31
76.13.32.146
058d6bb45f407a87de0e1aafd110a5e3422d7d35f6c8b33b4f43e577fd1e0281
094e1ad586648c7405b1dfd1a5c540e79e18f9bf12d1f57c1bf2cbfa629a3f8c
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
111f1700ccb35898fa18b3bbf8eb1d0b0f6e7f744cf9fa6e59e5a2723dd9f20f
122690b32ed1a45c5e2eed195f3d8eb74eccef96755ce498ae3380a7a9ba414e
15ee5bb729c7241692e808ebc1c5a1c299c22f3f94921ed10cc002aa65cebef7
17beff14c8c89d003a2eb1696cd5f48ed01deb2045d4c0190e80b722b0829df9
1969520bd7b0ea7b84b1cbdda4a8ae93c321abe6eaeff82b5fa496680bf88a0f
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2f42bb7340fd21481c3d5316650aea407892c5256c299f24e6236680670f4951
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284
3ec663de33990b67d63068df41438ed4f4acfed8e240054952681b92679397ea
3f7fb4c1f2d3ee57a3767048afa62cdf8d4187c4f85ee32bdf91976c2bc72ad6
40a3be1a3422a8d3afc05bc4cf5b8a559ccc414022040153343dac7060335c0c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
49b5daac714d35c45fdf53aacc3b322f3e98c8d26a3237ee185e0c648573bcb2
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5340aa7ab7328008e54f93d83814fb0bf56b4ea3be496bea96cda6cff5715810
5785c083b1cf0a752958975ebf6365d60896c3e809e7fd9bd94dc6e11bc75004
5851faa09c1a329179229032ff1e58c9df1e7798af33fa1a90c4d6ba9a2766ae
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
5f791f2065a8c9e1ae008b593f64979cc77557ca7bae21b47eb2177a25a69a52
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
69f5cce133b2f1a38396e72a66a4091fb471a5f4642903393f028c1e362ff9b2
6b27c8d189fa02734a7ac010a5c59dc7631ebc4a213a41e11520838c9af5d39e
6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8
6f688e7295480921d6bc7f3bc1ad03cd2874ae3f04315efc95d3ca439c0436f2
6fb41b1243fc6402e40b924f76f3103e7e255bb41ddc239dd362f12f5ce7fde0
71a55578d53e666ef644669139972f47092d97114a67c8b251f155ef6c19c15d
7317a02358b2b617ba0934b570c313ee76f29176c4821a9a5fd1656413e5f41b
7526f8a344eb37a7785c1e8b21f8b53ed5b0bbc07f1a247eb03075d3694ebdd6
759d6f0c1292d86d24d7abe7ad9a2cd1d86df0041260f98186ccfa26c7daab62
7a1932aa34ccfff4e12c70801d4552b48dd2ba496538bfba9ed6decbc6969ade
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
833d81909818642ed47e9303a681c75314a6b10477d1d7b1b0803052977c04cb
8664390f269923cfc07cec5a2f94704ff85786a0ee80ebf564654041e822fd3d
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
86cef2add30bc2d72060cfa9bac755d279fbab4894012fac0db3aed74ef96dd4
90bd855f92aec63cef7a79cd868ffc8b0923a4eded158336fc3eb213fbe90166
93ce72e716dd07139bda56b0046e33564b1a8515821c67b4bdb19eac05b00f62
95606fd79e5ed034243c781bbfdacc97d7fbc04174981a4a45cd4ad63008afed
96b04ef160f8b50520a48707a452fecdd6e6771c643706d5949020a2dea15962
998d9415269d92557b561a936955f7590d5052865044a9191a528b5a36f3afc9
a145b900c6bc1b00f67ab00a36f47c0988e147ba4a19edf0168700abd2b2f427
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af34a7c112231439d5ee0d083e2d36ebd4edd2ecd5a34fc7b99bde8112646664
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b59860ba7f4430aad856fe57aa9550316deb2bdbc8ead7780bc97f3eb5bba92b
bbe935971411b547760ad22c28a55c7573abd06b49bcd13a361444dc94fa1c0e
bfbf4aef175aaf8bcb29e886599695cbb631cdfec3d4abc2c17de5e601177be6
c2d1c1bde03b00b550ade5bb8da528021d17b57d0a1eede0db854b3209a5ccec
c4085301bd7590ff1b1acc9db4322e08b3f13155b6975acb198e3ce67aaf91b2
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d077435f1bd9a91259bb1b6539038df97d5e4775ce00514db1d595604f994fb5
d0c4620ce8318742733f6d4b9ff6881018b9b2c51b2ae13f16dfc284461faa73
d2faeda140d9ebdb133e44b31a5174a0c8864bb2be4caada87f7616895a90c05
d515eaea56c39ee639f3d3fdf631d0216452b574aa1395797ecb2651068f0773
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
d8a148e1b9d6521e624ac4a4019a30a1095aaa74e0d45b419d858d6db4ca06f3
d9f33ed9fdd936a670993b9a8e6ca44e7a358d0f7b217b6c6638b502f66a8015
ddd2d4b48fd6c3547c236f881fa2a246b6ec91146fde4925d59fdba17b202024
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6507c106fde348af04562d47f32bc7918c5ada9ef472723ad9702d1d251ad8c
eb7ee9a5cc25f702210cf4d6401143b4d173db35c0c9d8e2caf50f203d3a3cbc
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd
ee3085de58c8ed1a0a5da77fee1429a83998fe96cc21b1232f6d2e2157e01b44
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e
f12ea31f2de03adcf62f4f3e57f6fa95454fde4a55e5f9cfe4989d6724af7358
f2d9f427387d66c1e47f6fc9338e3877a8493526fbcf277cdb7f3e55d77cd85a
f38456ec82ed63fda4f038cb5f6cf4afcb11b28825242c0b1a1000a6b35bea23