www.ducks.ca Open in urlscan Pro
192.124.249.12 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://support.ducks.ca/
Effective URL:
https://www.ducks.ca/
Submission: On November 21 via automatic, source certstream-suspicious (November 21st 2024, 4:39:12 am UTC) — Scanned from CA

Summary HTTP 117 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 26 IPs in 2 countries across 19 domains to perform 117 HTTP transactions. The main IP is 192.124.249.12, located in Menifee, United States and belongs to SUCURI-SEC, US. The main domain is www.ducks.ca.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on November 12th 2024. Valid for: a year.

This is the only time www.ducks.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700::68... 2606:4700::6812:7c49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
52	192.124.249.12 192.124.249.12	30148 (SUCURI-SEC) (SUCURI-SEC)
8	2607:f8b0:400... 2607:f8b0:4006:821::2008	15169 (GOOGLE) (GOOGLE)
3	57.144.180.128 57.144.180.128	32934 (FACEBOOK) (FACEBOOK)
1	13.33.252.127 13.33.252.127	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700:10:... 2606:4700:10::ac43:1408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2600:141b:f00... 2600:141b:f000:2c::17db:a198	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
3	2606:4700:10:... 2606:4700:10::6816:e17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:be27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	54.229.214.125 54.229.214.125	16509 (AMAZON-02) (AMAZON-02)
3	2607:f8b0:400... 2607:f8b0:4006:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2600:141b:1c0... 2600:141b:1c00:8::1728:b323	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	2606:4700::68... 2606:4700::6811:1fae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.164.96.87 18.164.96.87	16509 (AMAZON-02) (AMAZON-02)
2	142.251.32.104 142.251.32.104	15169 (GOOGLE) (GOOGLE)
4	142.251.40.174 142.251.40.174	15169 (GOOGLE) (GOOGLE)
1 1	2001:4860:480... 2001:4860:4802:32::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c19::9c	15169 (GOOGLE) (GOOGLE)
2	142.250.80.99 142.250.80.99	15169 (GOOGLE) (GOOGLE)
2	142.250.81.228 142.250.81.228	15169 (GOOGLE) (GOOGLE)
1	142.251.40.162 142.251.40.162	15169 (GOOGLE) (GOOGLE)
4	31.13.71.36 31.13.71.36	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:80d8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	208.95.112.2 208.95.112.2	53334 (TUT-AS) (TUT-AS)
1	2606:4700:440... 2606:4700:4400::6812:22d6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.226.94.107 13.226.94.107	16509 (AMAZON-02) (AMAZON-02)
2	13.226.103.91 13.226.103.91	16509 (AMAZON-02) (AMAZON-02)
117	26

1 2606:4700::6812:7c49 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

support.ducks.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 192.124.249.12 (Menifee, United States)

ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10012.sucuri.net

www.ducks.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:821::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 57.144.180.128 (Ireland)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-03-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.252.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-252-127.jfk50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:10::ac43:1408 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-cookieyes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:141b:f000:2c::17db:a198 (Edison, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:e17 (United States)

ASN13335 (CLOUDFLARENET, US)

my.hellobar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:be27 (United States)

ASN13335 (CLOUDFLARENET, US)

ducks.donordrive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.229.214.125 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-214-125.eu-west-1.compute.amazonaws.com

log.cookieyes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80e::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:8::1728:b323 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:1fae (United States)

ASN13335 (CLOUDFLARENET, US)

diffuser-cdn.app-us1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.96.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-87.jfk50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.32.104 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.40.174 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::181 (United States) 1 redirects

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c19::9c (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.99 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f3.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.81.228 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.162 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 31.13.71.36 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-lga3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:80d8 (United States)

ASN13335 (CLOUDFLARENET, US)

prism.app-us1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.95.112.2 (United States)

ASN53334 (TUT-AS, US)

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22d6 (United States)

ASN13335 (CLOUDFLARENET, US)

trackcmp.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.226.94.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-94-107.jfk52.r.cloudfront.net

beacon-v2.helpscout.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.103.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-103-91.jfk52.r.cloudfront.net

d3hb14vkzrxvla.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	ducks.ca 1 redirects support.ducks.ca www.ducks.ca	6 MB
10	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	903 KB
9	typekit.net use.typekit.net — Cisco Umbrella Rank: 460 p.typekit.net — Cisco Umbrella Rank: 571	230 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	22 KB
7	cdn-cookieyes.com cdn-cookieyes.com — Cisco Umbrella Rank: 6717	79 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	419 B
3	helpscout.net beacon-v2.helpscout.net — Cisco Umbrella Rank: 11391	36 KB
3	google.com 1 redirects analytics.google.com — Cisco Umbrella Rank: 142 www.google.com — Cisco Umbrella Rank: 3	1 KB
3	hellobar.com my.hellobar.com — Cisco Umbrella Rank: 28551	86 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	76 KB
2	cloudfront.net d3hb14vkzrxvla.cloudfront.net	9 KB
2	google.ca www.google.ca — Cisco Umbrella Rank: 11557	127 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 135 td.doubleclick.net Failed googleads.g.doubleclick.net — Cisco Umbrella Rank: 43	3 KB
2	app-us1.com diffuser-cdn.app-us1.com — Cisco Umbrella Rank: 9072 prism.app-us1.com — Cisco Umbrella Rank: 9104	8 KB
2	cookieyes.com log.cookieyes.com — Cisco Umbrella Rank: 7310	437 B
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 888 script.hotjar.com — Cisco Umbrella Rank: 1185	61 KB
1	trackcmp.net trackcmp.net — Cisco Umbrella Rank: 9858	315 B
1	ip-api.com pro.ip-api.com — Cisco Umbrella Rank: 7020	312 B
1	donordrive.com ducks.donordrive.com	1 KB
117	19

	Domain	Requested by
52	www.ducks.ca	www.ducks.ca
10	www.googletagmanager.com	www.ducks.ca www.googletagmanager.com
8	use.typekit.net	www.ducks.ca use.typekit.net
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.ducks.ca
7	cdn-cookieyes.com	www.ducks.ca cdn-cookieyes.com
4	www.facebook.com	www.ducks.ca
3	beacon-v2.helpscout.net	www.ducks.ca beacon-v2.helpscout.net
3	my.hellobar.com	www.ducks.ca my.hellobar.com
3	connect.facebook.net	www.ducks.ca connect.facebook.net www.googletagmanager.com
2	d3hb14vkzrxvla.cloudfront.net	beacon-v2.helpscout.net
2	www.google.com	www.googletagmanager.com www.ducks.ca
2	www.google.ca	www.ducks.ca
2	log.cookieyes.com	cdn-cookieyes.com
1	trackcmp.net	diffuser-cdn.app-us1.com
1	pro.ip-api.com	my.hellobar.com
1	prism.app-us1.com	diffuser-cdn.app-us1.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	1 redirects
1	script.hotjar.com	static.hotjar.com
1	diffuser-cdn.app-us1.com	www.ducks.ca
1	p.typekit.net	use.typekit.net
1	ducks.donordrive.com	www.ducks.ca
1	static.hotjar.com	www.ducks.ca
1	support.ducks.ca	1 redirects
0	td.doubleclick.net Failed	www.googletagmanager.com
117	26

This site contains links to these domains. Also see Links.

Domain
www.instagram.com
facebook.com
www.youtube.com
x.com
www.linkedin.com
www.canards.ca
iwwr.ducks.ca
ag.ducks.ca
shop.ducks.ca
help.ducks.ca
ducks.donordrive.com
ducks.ca

Subject Issuer	Validity	Valid
*.ducks.ca Go Daddy Secure Certificate Authority - G2	`2024-11-12` - `2025-12-14`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-30` - `2024-11-28`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
cdn-cookieyes.com WE1	`2024-11-20` - `2025-02-18`	3 months	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-17` - `2025-11-17`	a year	crt.sh
my.hellobar.com WE1	`2024-11-20` - `2025-02-18`	3 months	crt.sh
*.donordrive.com Thawte TLS RSA CA G1	`2024-02-14` - `2025-03-05`	a year	crt.sh
log.cookieyes.com Amazon RSA 2048 M02	`2024-03-26` - `2025-04-25`	a year	crt.sh
diffuser-cdn.app-us1.com WE1	`2024-11-01` - `2025-01-30`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google.ca WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
prism.app-us1.com WE1	`2024-11-01` - `2025-01-30`	3 months	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-21` - `2025-01-20`	a year	crt.sh
trackcmp.net WE1	`2024-09-23` - `2024-12-22`	3 months	crt.sh
*.helpscout.net Amazon RSA 2048 M03	`2024-03-18` - `2025-04-15`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.ducks.ca/
Frame ID: 777A61283FF0058CB7A2D5EC03FCC7C2
Requests: 116 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-398XHC6YN5&gacid=1351198422.1732163943&gtm=45je4bk0v9138487833za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=203286900
Frame ID: 6D8970A4CA949F1438949A3836BEBBCF
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/1011148027?random=1732163943435&cv=11&fst=1732163943435&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bk0za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.ducks.ca%2F&hn=www.googleadservices.com&frm=0&tiba=Conserving%20Canada%E2%80%99s%20Wetlands%20%7C%20Ducks%20Unlimited%20Canada&npa=0&pscdl=noapi&auid=1729664653.1732163943&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 754805326A209FE3BD65C459575EB005
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fwww.ducks.ca
Frame ID: A9063A5168628CDA3DCCE3DB99914386
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Conserving Canada’s Wetlands | Ducks Unlimited Canada

Page URL History Show full URLs

https://support.ducks.ca/ HTTP 301
https://www.ducks.ca/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

117
Requests

97 %
HTTPS

48 %
IPv6

19
Domains

26
Subdomains

26
IPs

2
Countries

7641 kB
Transfer

30506 kB
Size

15
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.instagram.com/ducksunlimitedcanada/
Title: Follow us on Instagram

Search URL Search Domain Scan URL

URL: http://facebook.com/ducksunlimitedcanada
Title: Follow us Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCR5V5lumfBOHkGOYxKbghsg
Title: Subscribe to us on YouTube

Search URL Search Domain Scan URL

URL: https://x.com/ducanada
Title: Follow us on X

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/ducks-unlimited-canada/
Title: Follow us on LinkedIn

Search URL Search Domain Scan URL

URL: https://www.canards.ca/
Title: Français

Search URL Search Domain Scan URL

URL: http://iwwr.ducks.ca/
Title: Institute for Wetland & Waterfowl Research

Search URL Search Domain Scan URL

URL: https://ag.ducks.ca/
Title: Agriculture Programs

Search URL Search Domain Scan URL

URL: https://shop.ducks.ca/
Title: Shop DUCGear

Search URL Search Domain Scan URL

URL: https://help.ducks.ca/
Title: Frequently Asked Questions

Search URL Search Domain Scan URL

URL: https://ducks.donordrive.com/index.cfm?fuseaction=donate.event&eventID=592&donationAmount=20
Title: Give a duck

Search URL Search Domain Scan URL

URL: http://ducks.ca/biodiversity
Title: Learn more

Search URL Search Domain Scan URL

URL: https://ducks.donordrive.com/?fuseaction=donate.event&eventID=619&language=en
Title: Make a monthly donation

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://support.ducks.ca/ HTTP 301
https://www.ducks.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 78

https://analytics.google.com/g/collect?v=2&tid=G-398XHC6YN5&gtm=45je4bk0v9138487833za200&_p=1732163942549&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1351198422.1732163943&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1732163943&sct=1&seg=0&dl=https%3A%2F%2Fwww.ducks.ca%2F&dt=Conserving%20Canada%E2%80%99s%20Wetlands%20%7C%20Ducks%20Unlimited%20Canada&en=page_view&_fv=1&_ss=1&_c=1&tfd=1642 HTTP 302
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1351198422.1732163943&dbk=11337546404929461856&dma=0&en=page_view&gtm=45je4bk0v9138487833za200&npa=0&tid=G-398XHC6YN5&dl=https%3A%2F%2Fwww.ducks.ca%3F

117 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.ducks.ca/
Redirect Chain

https://support.ducks.ca/
https://www.ducks.ca/

156 KB
157 KB

191ms
32ms

Document
text/html

192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

f479481669c7d19aba2740363aba2a26dff6decabd265923ecac1fd430738d8e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: help.ducks.ca
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
date: Thu, 21 Nov 2024 04:39:02 GMT
link: <https://www.ducks.ca/wp-json/>; rel="https://api.w.org/", <https://www.ducks.ca/wp-json/wp/v2/pages/805>; rel="alternate"; type="application/json", <https://www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider.min.css?ver=76b60e7d>; rel=preload; as=style
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN SAMEORIGIN
x-sucuri-cache: HIT
x-sucuri-id: 14012
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

cache-control: max-age=300
cf-ray: 8e5dfe5da997a2c6-YUL
content-length: 0
date: Thu, 21 Nov 2024 04:39:02 GMT
location: https://www.ducks.ca/
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 smartslider.min.css
www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/ 22 KB
4 KB 61ms
60ms Stylesheet
text/css 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider.min.css?ver=76b60e7d

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

92b3f4acfaebc2783b3278da66519618a5dfc33d413ebcfe846a270e73eb1c1c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 21 May 2024 16:21:02 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 4047
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
80 KB 110ms
47ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-5817337-29

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

961d657f78046eda0c3c71e839f8c91a9b2fb84249140b01446dc331413a45a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 04:39:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 81366
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
80 KB 57ms
56ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-156587635-6

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c2cf401fd0305814dc8e7f0d50caf0f54891f6a02a43993029e3dbf7221a375f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 04:39:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 81348
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
89 KB 60ms
60ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1011148027

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

34eea854a92599b7e9e42c97be4d0104e708cfaf8a1e08db89694d213008dc64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 04:39:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 90868
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 386 KB
118 KB 103ms
96ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T76C2Z7

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

17bae00ef49929d71b1b6d7af780e33848375ad3f6cfc89b67923d726ad93b9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 21 Nov 2024 04:39:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 120688
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 77ms
30ms Script
application/x-javascript 57.144.180.128
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.180.128 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-03-lga3.fbcdn.net

Software

Resource Hash

527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-4AOyWwBl' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-4AOyWwBl' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=23, mss=1232, tbw=4460, tp=9, tpl=0, uplat=3, ullat=-1
pragma: public
x-fb-debug: VKXZB7bXqQwg4Yak+FFgbw9kDcRLYC60F+FHpE3JuaUJeUNWHODXeMfGnGQcFFUr0Y0VKIZuJQAkLSzUwRuuEQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62107
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 hotjar-859241.js Show response
static.hotjar.com/c/ 13 KB
6 KB 208ms
102ms Script
application/javascript 13.33.252.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-859241.js?sv=6

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.252.127 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-252-127.jfk50.r.cloudfront.net

Software

Resource Hash

370c20d117b5b5df30915c16d33eddd9f0777446ae0a06ff94e9caba991ff5de

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
content-encoding: br
etag: W/cc2a168c524f4dbdb874b028323a1b2a
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-cache-hit: 1
via: 1.1 c6f8ebe3e9184b5af4e1db5847736f9c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amz-cf-id: GKpFOnt_b937a0E_xY4Sy-ZsbOVDpPqgAVefHzn7bqa0O3B2S2nzmA==
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: JFK50-P10

GET
H2 200 script.js Show response
cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/ 100 KB
35 KB 76ms
25ms Script
application/javascript 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/script.js
Requested by: Host: www.ducks.ca
URL: https://www.ducks.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63922fb83d6487a8b5ae3418dd094aa3bd2daed2f83468d4f5f7832273da9699

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: "1918e-6228271bb6794-gzip"
age: 485755
access-control-allow-methods: GET, OPTIONS
cf-ray: 8e5dfe61497ca302-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 35259
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/javascript
last-modified: Fri, 20 Sep 2024 00:51:49 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 style.min.css
www.ducks.ca/wp-includes/css/dist/block-library/ 102 KB
14 KB 47ms
46ms Stylesheet
text/css 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-includes/css/dist/block-library/style.min.css?ver=6.3.5

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 03 Nov 2023 19:03:30 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 13841
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 d438e446304ea3b3d27d77d96641f5d9.css
www.ducks.ca/assets/hummingbird-assets/ 109 B
552 B 47ms
46ms Stylesheet
text/css 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/hummingbird-assets/d438e446304ea3b3d27d77d96641f5d9.css

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

e5df7236dd99e061a39dc02418170062a6e807829afd5e1b683d1b4eea7afcbc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 14:33:10 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 84
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 ce86f530dc02706edd340fe14b5d1b36.css
www.ducks.ca/assets/hummingbird-assets/ 2 KB
1 KB 53ms
51ms Stylesheet
text/css 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/hummingbird-assets/ce86f530dc02706edd340fe14b5d1b36.css

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

fb4eaa04b4e471705026e27577227b787117605ca4aa48f203bcfec1503af3fa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 14:31:57 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 608
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 uds6bcz.css
use.typekit.net/ 12 KB
2 KB 212ms
36ms Stylesheet
text/css 2600:141b:f000:2c::17db:a198
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/uds6bcz.css

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:f000:2c::17db:a198 Edison, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

nginx /

Resource Hash

f50c3c8126205132077e808fb8c8ba20ede201e51a543c96777473cdbc7c4946

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-encoding: gzip
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1393
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/css;charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H2 200 8f8e8e8ab978bcf96538fe34eeedd02d.css
www.ducks.ca/assets/hummingbird-assets/ 416 KB
63 KB 53ms
52ms Stylesheet
text/css 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

39b49bf838709c9ee4941c05494be311c9cd0222e5935922f725c00aefe58782

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 14:33:11 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
access-control-allow-origin: help.ducks.ca
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 7cc9408b729fa5a4813a09798300d1e7.css
www.ducks.ca/assets/hummingbird-assets/ 198 KB
23 KB 53ms
52ms Stylesheet
text/css 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/hummingbird-assets/7cc9408b729fa5a4813a09798300d1e7.css

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

2b3e3ca396669757773ada0eb9c6588fd132955b7bcbfc7a7373a7abeb8ec0b8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 14:33:13 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 22673
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 8f943793edb262603d384e9e3afc6cb0.js Show response
www.ducks.ca/assets/hummingbird-assets/ 99 KB
34 KB 46ms
46ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/hummingbird-assets/8f943793edb262603d384e9e3afc6cb0.js

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

0cf06b9a7ddb392b40aee567af3e440496ca5b9f03f95a6b47167a518c17c317

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 14:31:59 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 34607
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 jquery.json.min.js Show response
www.ducks.ca/wp-content/plugins/gravityforms/js/ 2 KB
1 KB 36ms
29ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.7.16

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

998a575c7b376128a98e6d67e29c42e1726aac3489cf2c0b2aaebf6f6ad0b546

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Fri, 03 Nov 2023 18:44:55 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 899
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 gravityforms.min.js Show response
www.ducks.ca/wp-content/plugins/gravityforms/js/ 46 KB
14 KB 41ms
35ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.7.16

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

5829bd353f174161be7db1c4451d0ef7991da02ee832b4b092e849ee3395a0bb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Fri, 03 Nov 2023 18:44:55 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 13785
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 utils.min.js Show response
www.ducks.ca/wp-content/plugins/gravityforms/assets/js/dist/ 38 KB
12 KB 39ms
33ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=59d951b75d934ae23e0ea7f9776264aa

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

7734306b24719e59158e81abe7849cd4323df1fcee4364b190808b8e761a3255

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Fri, 03 Nov 2023 18:44:55 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 11761
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 xdomain-data.js Show response
www.ducks.ca/wp-content/plugins/sitepress-multilingual-cms/res/js/ 3 KB
2 KB 40ms
34ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/sitepress-multilingual-cms/res/js/xdomain-data.js?ver=4.6.10

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

68b324a6179651d56917d3b1f3f5d0a1e71b08550b1468790826dde5e22b2b56

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Fri, 03 May 2024 18:43:05 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 1307
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 n2.min.js Show response
www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/ 90 KB
33 KB 40ms
34ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/n2.min.js?ver=76b60e7d

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

a8f421eca8ecccd58f74b3f62d8a2455226674f70145fba065f04f21cbedc67c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 21 May 2024 16:21:02 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 33533
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 smartslider-frontend.min.js Show response
www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/ 215 KB
49 KB 43ms
39ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider-frontend.min.js?ver=76b60e7d

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

d7fbbfd43ae4c0389a762d54e40252f893e0dcd400a09027da84e81fad8f851d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 21 May 2024 16:21:02 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 49486
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 ss-simple.min.js Show response
www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Slider/SliderType/Simple/Assets/dist/ 13 KB
4 KB 46ms
42ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Slider/SliderType/Simple/Assets/dist/ss-simple.min.js?ver=76b60e7d

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

b57188864db8cbe1f4c6094fcb18d4cfe8e067626c44a511382898a950bae40a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 21 May 2024 16:21:02 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 3201
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 w-arrow-image.min.js Show response
www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Widget/Arrow/ArrowImage/Assets/dist/ 1 KB
1 KB 48ms
44ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Widget/Arrow/ArrowImage/Assets/dist/w-arrow-image.min.js?ver=76b60e7d

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

11f4b1c5b48fa0100ba180a2e7ffc3296a59ecd4b210351bb452130979c8582c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 21 May 2024 16:21:02 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 669
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 w-bullet.min.js Show response
www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Widget/Bullet/Assets/dist/ 5 KB
2 KB 49ms
45ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Widget/Bullet/Assets/dist/w-bullet.min.js?ver=76b60e7d

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

cb8860e86bd3e88095ab5a439a4fb8081a61b1e4243b2bf720608fcf91e91742

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 21 May 2024 16:21:02 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 1981
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 boreal-wetland-forest-2015-duc-620x410-c-default.jpg
www.ducks.ca/assets/2023/02/ 82 KB
82 KB 31ms
30ms Image
image/jpeg 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2023/02/boreal-wetland-forest-2015-duc-620x410-c-default.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

93f5fb79158105d49940d82bea1bd734b47d6ad461dbb4e7bb9c0fde8c0ab5aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: image/jpeg
last-modified: Thu, 14 Nov 2024 15:08:45 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 83587
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 brick-ponds-450x600-c-default.jpg
www.ducks.ca/assets/2019/12/ 70 KB
71 KB 39ms
38ms Image
image/jpeg 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2019/12/brick-ponds-450x600-c-default.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

3f68164b027ff40a3f90cf02fef265a2e0c4ef094b1b5fd840f2ab8b17f4e1dc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: image/jpeg
last-modified: Mon, 23 Oct 2023 20:48:56 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 71704
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 lena-gallant-450x600-c-default.jpg
www.ducks.ca/assets/2020/12/ 48 KB
48 KB 31ms
30ms Image
image/jpeg 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2020/12/lena-gallant-450x600-c-default.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

3d757a659bc5590e41fd3c60d3be6b9cfae8604841c622c8ad44b230ffe87b23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: image/jpeg
last-modified: Mon, 23 Oct 2023 22:17:38 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 48728
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 future-biodiversity-450x600-c-default.jpg
www.ducks.ca/assets/2023/06/ 34 KB
34 KB 31ms
30ms Image
image/jpeg 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2023/06/future-biodiversity-450x600-c-default.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

d60f18eb9305421e4251812de02413ea448fb3e5c8d6f115287b8a0656924c73

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: image/jpeg
last-modified: Tue, 24 Oct 2023 02:51:55 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 34419
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 raising-roof-intro-450x600-c-default.jpg
www.ducks.ca/assets/2023/06/ 77 KB
78 KB 32ms
31ms Image
image/jpeg 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2023/06/raising-roof-intro-450x600-c-default.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

507d5200350e05ed546632ded04d261107b47db1d7e487bc4f62843750e8659e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: image/jpeg
last-modified: Tue, 24 Oct 2023 02:51:55 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 79257
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 3a51606d223208a94acacef7a4700e6f.js Show response
www.ducks.ca/assets/hummingbird-assets/ 1 KB
1 KB 32ms
31ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/hummingbird-assets/3a51606d223208a94acacef7a4700e6f.js

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

4fc883f7a9605520c08a98517823fc186356c6f4ad443affbdaadadd5fa529b9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 14:33:14 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 571
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 main.21ea5f10.js Show response
www.ducks.ca/wp-content/themes/duc/dist/static/js/ 289 KB
90 KB 30ms
30ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/themes/duc/dist/static/js/main.21ea5f10.js

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

f01437673e72399e4bca1ec0be3ae0885a98ad24a498532b102c936eef1bdaee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Mon, 15 Jan 2024 17:49:51 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
access-control-allow-origin: help.ducks.ca
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 4a7f9e667ce833bf10472ccdd922fa72.js Show response
www.ducks.ca/assets/hummingbird-assets/ 14 KB
5 KB 30ms
30ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/hummingbird-assets/4a7f9e667ce833bf10472ccdd922fa72.js

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

97613efe15da32355d912f7d1958ec86306184e245c9bf8c3451c71ec97fddfe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 14:31:59 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 4830
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 wp-polyfill.min.js Show response
www.ducks.ca/wp-includes/js/dist/vendor/ 16 KB
6 KB 32ms
31ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Fri, 03 Nov 2023 19:03:30 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 5889
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 8673bd8abc8e597ff26c229c9914f9a2.js Show response
www.ducks.ca/assets/hummingbird-assets/ 14 KB
5 KB 30ms
30ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/hummingbird-assets/8673bd8abc8e597ff26c229c9914f9a2.js

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

e71add29e7812882dd4f0da91fe58706315acbcde9a46c3d7555e3d07c04aedb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 14:33:08 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 5130
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 a11y.min.js Show response
www.ducks.ca/wp-includes/js/dist/ 2 KB
1 KB 32ms
31ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-includes/js/dist/a11y.min.js?ver=7032343a947cfccf5608

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

d35faa1c0b45cc142295ae07a0c6e6e7824e0e64b58b81a83e7850251586e0df

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Fri, 03 Nov 2023 19:03:30 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 960
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 e483f2b98d226aabde6bc5b9a7c64d6e.js Show response
www.ducks.ca/assets/hummingbird-assets/ 25 KB
10 KB 30ms
30ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/hummingbird-assets/e483f2b98d226aabde6bc5b9a7c64d6e.js

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

1ffe77d6de7930a2df2c5d1a896f402c331dae1b3e242279d49d399350a33e04

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 19 Nov 2024 14:34:17 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 9583
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 scripts-theme.min.js Show response
www.ducks.ca/wp-content/plugins/gravityforms/assets/js/dist/ 4 KB
2 KB 50ms
46ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=f4d12a887a23a8c5755fd2b956bc8fcf

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

a894dbb6e181fc9a70bf4453dc3571e0b5a0b068356310b3139abd081cb80d24

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Fri, 03 Nov 2023 18:44:55 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 1752
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 new-tab.js Show response
www.ducks.ca/wp-content/plugins/page-links-to/dist/ 24 KB
9 KB 32ms
32ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.6

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Fri, 04 Mar 2022 19:56:38 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 8819
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 smush-lazy-load-native.min.js Show response
www.ducks.ca/wp-content/plugins/wp-smush-pro/app/assets/js/ 9 KB
5 KB 31ms
31ms Script
text/javascript 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load-native.min.js?ver=3.15.0

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

be6782a8a0617c64e1eaf887f6771ac1e4ead25232ffcf133e5cba77b7379e76

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Fri, 03 Nov 2023 18:19:01 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 4156
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 a55138b7269cff6cd54d267e38fb48b41779f9a2.js Show response
my.hellobar.com/ 42 KB
6 KB 189ms
88ms Script
text/javascript 2606:4700:10::6816:e17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.hellobar.com/a55138b7269cff6cd54d267e38fb48b41779f9a2.js
Requested by: Host: www.ducks.ca
URL: https://www.ducks.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:e17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d925fa185075de5d0bb0d7b5694e31bb0f152f2d8b0e9a51e8beb3c6ee93999

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-amz-id-2: Ao8jmpzIozSFRNyYTpkPYLa3b+VLjepD7p9LIqg00XPTAdrkx4rn9B0ZLu/qxDLUZ1XmoP6YVHE=
cache-control: max-age=86400, must-revalidate, proxy-revalidate, s-maxage=10
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: "33376163438c5d2a4db9ca8823f3f1a0"
x-amz-request-id: HWVDGP6NMQPR8TFZ
cf-ray: 8e5dfe63da7da29e-YUL
accept-ranges: bytes
content-length: 5329
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: text/javascript
last-modified: Wed, 20 Nov 2024 15:04:04 GMT
vary: Accept-Encoding
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 embed-donate.js Show response
ducks.donordrive.com/resources/js/ 2 KB
1 KB 172ms
30ms Script
application/javascript 2606:4700::6812:be27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ducks.donordrive.com/resources/js/embed-donate.js?v=20240325113912

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:be27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22f7ffc9da943ce5577932acc5d4e548b9bb93ad9f4e2601836ec2f66a81d799

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

strict-transport-security: max-age=31536000
cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"673e064c-72d"
age: 25168
x-content-type-options: nosniff
cf-ray: 8e5dfe641b4ba2df-YUL
expires: Thu, 21 Nov 2024 08:39:03 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/javascript
last-modified: Wed, 20 Nov 2024 15:54:52 GMT
vary: Accept-Encoding
server: cloudflare

POST
H2 200 log
log.cookieyes.com/api/v1/ 2 B
219 B 323ms
110ms Ping
text/plain 54.229.214.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://log.cookieyes.com/api/v1/log
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.214.125 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-214-125.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYh1H64ANCTfuYV2g
Referer: https://www.ducks.ca/

Response headers

x-robots-tag: noindex, nofollow
link: <https://www.cookieyes.com>; rel="canonical"
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-origin: *
content-length: 2
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/plain; charset=utf-8
x-powered-by: Express

GET
H2 200 banner.js Show response
cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/ 100 KB
33 KB 27ms
25ms Script
application/javascript 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/banner.js
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8279ce5e964c392091d4ac2df0216ca142471183af87ef59feb748d6329b4fba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: "18e23-6228271bb6794-gzip"
age: 96530
access-control-allow-methods: GET, OPTIONS
cf-ray: 8e5dfe633b67a302-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33377
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/javascript
last-modified: Fri, 20 Sep 2024 00:51:49 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 386 KB
124 KB 91ms
89ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-398XHC6YN5&l=dataLayer&cx=c&gtm=457e4bk0za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-5817337-29

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d7744276e39efd885966f3740024a79820df9fa210dc6c4b84080b8d4104b054

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 04:39:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 127070
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 147ms
26ms Script
text/javascript 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-5817337-29

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: gzip
age: 1815
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 21 Nov 2024 06:08:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:08:48 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
80 KB 54ms
52ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-156587635-6&l=dataLayer&cx=c&gtm=457e4bk0za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-5817337-29

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c5aa03d481de2abd7170e2cfe9a8f5389b26d5322d10658fc3868ff31a9c99bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 04:39:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 81358
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
89 KB 91ms
90ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1011148027&l=dataLayer&cx=c&gtm=457e4bk0za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-5817337-29

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2594ddf8030f0497adc18932351089e6d1084d0ecf94987b22237bd515225842

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 04:39:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 90855
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 118ms
24ms Stylesheet
text/css 2600:141b:1c00:8::1728:b323
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=uds6bcz&ht=tk&f=10954.13453.13454.13464.13465.13466.13467.18480.18481.18482.18483.18488.18489.24349.24350.24351.24354&a=107013823&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/uds6bcz.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:8::1728:b323 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://use.typekit.net/

Response headers

cache-control: public, max-age=604800
etag: "64b14571-5"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: text/css
last-modified: Fri, 14 Jul 2023 12:54:09 GMT
server: nginx

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 377 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7dbd67a716699b9050be0fcf74cd8421d2439439fd52b02e98771a9fe13162f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 385 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50e1ba679b1131a2a56d9478d56c7ce17d93a844799a83b0dfd3d0203fdc8b26

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 x-logo.svg
www.ducks.ca/wp-content/themes/duc/dist/images/ 430 B
869 B 37ms
32ms Image
image/svg+xml 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/wp-content/themes/duc/dist/images/x-logo.svg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

dd46f96b6f47fcd33683b79ddfaf3daca1d4f8aeba3c0f2bde1584c69cc699d4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.ducks.ca
Referer: https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Jan 2024 17:49:45 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 430
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 maple-leaf.svg
www.ducks.ca/wp-content/themes/duc/dist/images/ 2 KB
2 KB 37ms
33ms Image
image/svg+xml 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/wp-content/themes/duc/dist/images/maple-leaf.svg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

032e3c1bfe3408c36ea47292f5f0ef72bedaf1911a1cc0d6f4d9ca2af5c8064a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Jan 2024 17:49:45 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 1928
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 help-hands.svg
www.ducks.ca/wp-content/themes/duc/dist/images/ 795 B
1 KB 38ms
35ms Image
image/svg+xml 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/wp-content/themes/duc/dist/images/help-hands.svg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

34a04e0f1b9a0ba5c447ba518329c10e00576a337188203f51e322605605156f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Jan 2024 17:49:45 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 795
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 leaf.svg
www.ducks.ca/wp-content/themes/duc/dist/images/ 577 B
1016 B 38ms
36ms Image
image/svg+xml 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/wp-content/themes/duc/dist/images/leaf.svg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

01c8a16999c28817d96d89fb0bf37990ca6da03d00f3ef32d6896081482a90fd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Jan 2024 17:49:45 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 577
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 goose-icon.svg
www.ducks.ca/wp-content/themes/duc/dist/images/ 994 B
1 KB 36ms
35ms Image
image/svg+xml 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/wp-content/themes/duc/dist/images/goose-icon.svg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

72a0f2acf42ef7005c85f459f7656248ecdb3412ea4260f8c1c0c7359aff5544

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/assets/hummingbird-assets/8f8e8e8ab978bcf96538fe34eeedd02d.css

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Jan 2024 17:49:45 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 994
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 l
use.typekit.net/af/1709eb/000000000000000000010b60/27/ 31 KB
31 KB 103ms
32ms Font
application/font-woff2 2600:141b:f000:2c::17db:a198
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1709eb/000000000000000000010b60/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/uds6bcz.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:f000:2c::17db:a198 Edison, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 8b87f68e11485a97091ca246e20406fb58aa627bb5d8fe9c8451be9a3f980c05

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.ducks.ca
Referer: https://use.typekit.net/uds6bcz.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "1e6fba0f6749f0f4d655f48653813eff46fe2e2a"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 31400
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 fontello.woff2
www.ducks.ca/wp-content/themes/duc/dist/fonts/ 6 KB
6 KB 33ms
29ms Font
font/woff2 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/themes/duc/dist/fonts/fontello.woff2?79526452

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

5ccab72d7341e1c256d8e3b5d646a7d9cee9ffdd61731a8b854e2bd758bcb5ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.ducks.ca
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: font/woff2
last-modified: Thu, 11 Aug 2022 21:30:38 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 6032
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 l
use.typekit.net/af/442215/000000000000000000010b5a/27/ 30 KB
30 KB 125ms
55ms Font
application/font-woff2 2600:141b:f000:2c::17db:a198
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/442215/000000000000000000010b5a/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/uds6bcz.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:f000:2c::17db:a198 Edison, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 5153dcdd92287fc7014a3a4610c6714b94da7cbdf5df3d5947179419868be9ca

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.ducks.ca
Referer: https://use.typekit.net/uds6bcz.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "2022472bf1f127ce6fb8eca653e355a7d2498f09"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 30216
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/ac6334/000000000000000000012059/27/ 36 KB
37 KB 150ms
80ms Font
application/font-woff2 2600:141b:f000:2c::17db:a198
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/ac6334/000000000000000000012059/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/uds6bcz.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:f000:2c::17db:a198 Edison, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 74c5874adefb264e299942f86f07a1e36da99223933c2612ffdcc36e05387c76

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.ducks.ca
Referer: https://use.typekit.net/uds6bcz.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "a9584cd1dff14f617679e757fe0ece2393559e38"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 37280
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/650441/000000000000000077359f96/30/ 30 KB
30 KB 108ms
38ms Font
application/font-woff2 2600:141b:f000:2c::17db:a198
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/650441/000000000000000077359f96/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/uds6bcz.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:f000:2c::17db:a198 Edison, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: a29bd28623630b2f573a62ea55880f6762120f081305f5b4d4dfa7db343d0a9b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.ducks.ca
Referer: https://use.typekit.net/uds6bcz.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "030ee7d57ca9eb85f7e0fd158eea209071f0e328"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 30280
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/a91824/000000000000000077359f9d/30/ 28 KB
28 KB 142ms
72ms Font
application/font-woff2 2600:141b:f000:2c::17db:a198
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/a91824/000000000000000077359f9d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/uds6bcz.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:f000:2c::17db:a198 Edison, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 2ec777f2100d609871dcc11b7c2a2ba25e993de36065caea5d2c2e176b51b65f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.ducks.ca
Referer: https://use.typekit.net/uds6bcz.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "9f5cd0d33f9035395e683d8a70b68f1ea7fc2f0b"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 28500
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/04ec74/00000000000000000001205b/27/ 36 KB
36 KB 150ms
80ms Font
application/font-woff2 2600:141b:f000:2c::17db:a198
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/04ec74/00000000000000000001205b/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/uds6bcz.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:f000:2c::17db:a198 Edison, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 775871982d4a6e5ce130a7bfe4aef3e7ecc9b16bf290a593800a8ac5f3c5910f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.ducks.ca
Referer: https://use.typekit.net/uds6bcz.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "cdc369c75195a38445fd0106d43c70ff0e373dd8"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 36688
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/5464d5/00000000000000000001205a/27/ 37 KB
37 KB 131ms
62ms Font
application/font-woff2 2600:141b:f000:2c::17db:a198
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/5464d5/00000000000000000001205a/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/uds6bcz.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:f000:2c::17db:a198 Edison, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: c7b8cc6bae254c5cb333bb3bbc504f2b983af359003db57ba2bbdf55fa48e02d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.ducks.ca
Referer: https://use.typekit.net/uds6bcz.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "31a391671144f4a8e6b64969af5f0f769427e3bf"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 37892
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/font-woff2
server: nginx

GET
H2 206 duc-water.mp4
www.ducks.ca/wp-content/themes/duc/dist/video/ 2 MB
2 MB 31ms
30ms Media
video/mp4 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/wp-content/themes/duc/dist/video/duc-water.mp4

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

5d6a304e3ef945cce216ddb832d62534549f367afa50447fbcc3273607652c2f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://www.ducks.ca/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: video/mp4
last-modified: Thu, 11 Aug 2022 21:30:19 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
Content-Range: bytes 0-1749345/1749346
access-control-allow-origin: help.ducks.ca
Content-Length: 1749346
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 diffuser.js Show response
diffuser-cdn.app-us1.com/diffuser/ 32 KB
8 KB 91ms
30ms Script
application/javascript 2606:4700::6811:1fae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://diffuser-cdn.app-us1.com/diffuser/diffuser.js

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/assets/hummingbird-assets/3a51606d223208a94acacef7a4700e6f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:1fae , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26db36707844fa367f47c47b4b614db27a608286fe71d9ff8c3012dbe71c5499

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"234346615b452270c8ee1158258c83bb"
age: 277
x-cache: Hit from cloudfront
x-amz-cf-id: I4Ufor0np8p9gvJw36GMLdK9oVCwbRM_klDSjGqjjVunMZBorpyTZg==
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 15:47:53 GMT
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public, max-age=300
via: 1.1 266ac52f1cf22bd836a3ed8dfdd6f30c.cloudfront.net (CloudFront)
cf-ray: 8e5dfe64bde6a260-YUL
x-amz-cf-pop: ATL59-P4
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 1307598842655627 Show response
connect.facebook.net/signals/config/ 77 KB
15 KB 83ms
82ms Script
application/x-javascript 57.144.180.128
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1307598842655627?v=2.9.176&r=stable&domain=www.ducks.ca&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.180.128 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-03-lga3.fbcdn.net

Software

Resource Hash

e4c28c7a487f93ab9abc820822e9bd8db6aca2b6845f20258273ade837cdb352

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-JA89asZt' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-JA89asZt' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=24, rtx=0, c=70, mss=1232, tbw=70332, tp=66, tpl=0, uplat=58, ullat=0
pragma: public
x-fb-debug: oxp7UYCMqSrZ9mc3j21T73Pd1Gulptr5h6RShoP0mX9sC0SOv2IUVr8cwlEXvNXOMPjY3rfaUg0txcjX78/EeA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 smush-lazyloader-2.gif
www.ducks.ca/wp-content/plugins/wp-smush-pro/app/assets/images/ 6 KB
6 KB 31ms
30ms Image
image/gif 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/wp-content/plugins/wp-smush-pro/app/assets/images/smush-lazyloader-2.gif

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

6bb4f9f946f5c4451ae843398c2db24fc84180325bd9c524d52e22f73431d341

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: image/gif
last-modified: Fri, 03 Nov 2023 18:19:01 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 5842
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
417 B 41ms
40ms XHR
text/plain 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=617940638&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ducks.ca%2F&ul=en-ca&de=UTF-8&dt=Conserving%20Canada%E2%80%99s%20Wetlands%20%7C%20Ducks%20Unlimited%20Canada&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1366823040&gjid=1543463772&cid=1351198422.1732163943&tid=UA-5817337-29&_gid=990803073.1732163943&_r=1&gtm=457e4bk0za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&jsscut=1&z=601376558

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.ducks.ca/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:03 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.ducks.ca
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H2 200 duc-logo-en.svg
www.ducks.ca/wp-content/themes/duc/dist/images/ 11 KB
12 KB 34ms
29ms Image
image/svg+xml 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/wp-content/themes/duc/dist/images/duc-logo-en.svg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

ddeaa5e0d316737100fbbb41456d7c53a5ee83c2d7d1b7f189dcdf510d251f79

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Jan 2024 17:49:45 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 11702
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 boreal-wetland-forest-2015-duc-620x410-c-default.jpg
www.ducks.ca/assets/2023/02/ 82 KB
0 4ms
4ms Image
image/jpeg 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2023/02/boreal-wetland-forest-2015-duc-620x410-c-default.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

93f5fb79158105d49940d82bea1bd734b47d6ad461dbb4e7bb9c0fde8c0ab5aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 83587
date: Thu, 21 Nov 2024 04:39:02 GMT
x-xss-protection: 1; mode=block, 1; mode=block
content-type: image/jpeg
last-modified: Thu, 14 Nov 2024 15:08:45 GMT
server: nginx
x-frame-options: SAMEORIGIN, SAMEORIGIN

GET
H2 200 fall2024-cover-EN.jpg
www.ducks.ca/assets/2024/11/ 96 KB
96 KB 34ms
30ms Image
image/webp 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2024/11/fall2024-cover-EN.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

a89d39a1a2f356399f1b3c0fbb5298cf3d125fc080d639ca8132c8e083c64e01

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: image/webp
vary: Accept
last-modified: Wed, 13 Nov 2024 21:42:48 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 97880
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 hero_wetlands-840x670-c-default.jpg
www.ducks.ca/assets/2024/02/ 129 KB
130 KB 36ms
32ms Image
image/jpeg 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2024/02/hero_wetlands-840x670-c-default.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

92a7e8048bdf43fa053f28b42afd22c6703d4b54536b96fe40f394436526b690

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: image/jpeg
last-modified: Thu, 08 Feb 2024 17:26:26 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 132601
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 hero_approach_education-840x670-c-default.jpg
www.ducks.ca/assets/2024/02/ 141 KB
142 KB 38ms
36ms Image
image/jpeg 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2024/02/hero_approach_education-840x670-c-default.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

c71ca41d619ce8e6b1920a96c9b58ecdaea194f2ed8c72726a327cb44f150c4c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: image/jpeg
last-modified: Thu, 08 Feb 2024 15:05:26 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 144363
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 modules.86621fa4aeada5bcf025.js Show response
script.hotjar.com/ 222 KB
55 KB 94ms
27ms Script
application/javascript 18.164.96.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.86621fa4aeada5bcf025.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-859241.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-87.jfk50.r.cloudfront.net

Software

Resource Hash

feb5c0ee05ef970a3cf34bac95d465e96ccb3a3df353b3a641d9391c168e68ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-robots-tag: none
content-encoding: br
etag: "ff8702986a1c41356391628a5f5d6f03"
age: 52016
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: bWM52cKvbZx2_bjb8g_Ofmpdzh8pJ4dIeFhd2SKvL36X0uu94fzJew==
date: Wed, 20 Nov 2024 14:12:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 20 Nov 2024 14:11:55 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 e80aeefdda01afc3c41fc332ff42e7ac.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56243
x-amz-cf-pop: JFK50-P5

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 359 KB
120 KB 55ms
54ms Script
application/javascript 142.251.32.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X72X8TM4ZF&l=dataLayer&cx=c&gtm=457e4bk0za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-156587635-6

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.104 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

17606fe89e0923403d7b56fa090859e3c10fd0ff1aa8658a7dd353f2f8b3fa46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 04:39:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 122877
x-xss-protection: 0
server: Google Tag Manager

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
24 B 38ms
38ms XHR
text/plain 142.251.40.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=617940638&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ducks.ca%2F&ul=en-ca&de=UTF-8&dt=Conserving%20Canada%E2%80%99s%20Wetlands%20%7C%20Ducks%20Unlimited%20Canada&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAACAAI~&jid=1484181386&gjid=1195890340&cid=1351198422.1732163943&tid=UA-156587635-6&_gid=990803073.1732163943&_r=1&gtm=457e4bk0za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&jsscut=1&z=1430372484

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.174 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.ducks.ca/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:03 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.ducks.ca
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
0 1ms
0ms Script
text/javascript 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-156587635-6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: gzip
age: 1815
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 21 Nov 2024 06:08:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:08:48 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H3

204

https://analytics.google.com/g/collect?v=2&tid=G-398XHC6YN5&gtm=45je4bk0v9138487833za200&_p=1732163942549&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~1020814...
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1351198422.1732163943&dbk=11337546404929461856&dma=0&en=page_view&gtm=45je4bk0v9138487833za200&npa=0&tid=G-398XHC6YN5&d...

0
0

40ms
39ms

Fetch
text/plain

142.251.40.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1351198422.1732163943&dbk=11337546404929461856&dma=0&en=page_view&gtm=45je4bk0v9138487833za200&npa=0&tid=G-398XHC6YN5&dl=https%3A%2F%2Fwww.ducks.ca%3F
Requested by: Host: www.ducks.ca
URL: https://www.ducks.ca/
Protocol: H3
Server: 142.251.40.174 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s81-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
attribution-reporting-info: preferred-platform=os
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgnc:90:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgnc:90:0
attribution-reporting-register-os-trigger: "https://www.google-analytics.com/privacy-sandbox/register-os-conversion?_c=1&cid=1351198422.1732163943&dbk=11337546404929461856&dma=0&en=page_view&gtm=45je4bk0v9138487833za200&npa=0&tid=G-398XHC6YN5&dl=https%3A%2F%2Fwww.ducks.ca%3F"
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
attribution-reporting-register-trigger: {"aggregatable_trigger_data":[{"key_piece":"0xce3fcf7017e8909e","source_keys":["1"]},{"key_piece":"0xe79850aca26b0932","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"11337546404929461856","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"}],"filters":{"2":["1011148027","10812772195"],"5":["11-21","11-20","11-19"]}}
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: text/plain
server: Golfe2

Redirect headers

cache-control: no-cache, no-store, must-revalidate
location: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1351198422.1732163943&dbk=11337546404929461856&dma=0&en=page_view&gtm=45je4bk0v9138487833za200&npa=0&tid=G-398XHC6YN5&dl=https%3A%2F%2Fwww.ducks.ca%3F
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 457
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: text/html; charset=UTF-8
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
543 B 107ms
39ms Ping
text/plain 2607:f8b0:4004:c19::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-398XHC6YN5&cid=1351198422.1732163943&gtm=45je4bk0v9138487833za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-398XHC6YN5&l=dataLayer&cx=c&gtm=457e4bk0za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c19::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.ducks.ca
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: text/plain
server: Golfe2

GET rul
td.doubleclick.net/td/ga/ Frame 6D89 0
0

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 132ms
93ms Image
image/gif 142.250.80.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-398XHC6YN5&cid=1351198422.1732163943&gtm=45je4bk0v9138487833za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&tag_exp=101925629~102067555~102067808~102077855~102081485&z=527865303

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.99 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 21 Nov 2024 04:39:03 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H3 200 collect
www.google.com/ccm/ 0
0 99ms
45ms Ping
text/plain 142.250.81.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.ducks.ca%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=299663090.1732163943&auid=1729664653.1732163943&npa=0&gtm=45be4bk0za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&tft=1732163943441&tfd=1665&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1011148027
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.81.228 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s74-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1011148027/ 5 KB
2 KB 106ms
50ms Script
text/javascript 142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1011148027/?random=1732163943435&cv=11&fst=1732163943435&bg=ffffff&guid=ON&async=1&gtm=45be4bk0za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.ducks.ca%2F&hn=www.googleadservices.com&frm=0&tiba=Conserving%20Canada%E2%80%99s%20Wetlands%20%7C%20Ducks%20Unlimited%20Canada&npa=0&pscdl=noapi&auid=1729664653.1732163943&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1011148027

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

cafe /

Resource Hash

19086cd1c9278b60f7fe3adbf3fd99a4d6687cece24df6cc16d5f2733ea86925

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2347
date: Thu, 21 Nov 2024 04:39:03 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET 1011148027
td.doubleclick.net/td/rul/ Frame 7548 0
0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 376 KB
124 KB 53ms
53ms Script
application/javascript 142.251.32.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RFDJN393CL&l=dataLayer&cx=c&gtm=45He4bk0v812358153za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T76C2Z7

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.104 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

4711ad407342d244999b8a9e1e8fb9f455943fe6242c91a92fb89fd16ec2dd10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 04:39:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 126475
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
0 0ms
0ms Script
application/x-javascript 57.144.180.128
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T76C2Z7

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.180.128 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-03-lga3.fbcdn.net

Software

Resource Hash

527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-4AOyWwBl' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 04:39:02 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-4AOyWwBl' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=23, mss=1232, tbw=4460, tp=9, tpl=0, uplat=3, ullat=-1
pragma: public
x-fb-debug: VKXZB7bXqQwg4Yak+FFgbw9kDcRLYC60F+FHpE3JuaUJeUNWHODXeMfGnGQcFFUr0Y0VKIZuJQAkLSzUwRuuEQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62107
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 modules-v2.js Show response
my.hellobar.com/ 321 KB
80 KB 27ms
27ms Script
text/javascript 2606:4700:10::6816:e17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.hellobar.com/modules-v2.js
Requested by: Host: my.hellobar.com
URL: https://my.hellobar.com/a55138b7269cff6cd54d267e38fb48b41779f9a2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:e17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 128c3ee7c42f05696b5447590496729f52c6f69e03600edd7de55620033d99ac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "ae42217a2181bbdcd1bd4b2c622de49a"
age: 3739
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: text/javascript
last-modified: Tue, 19 Nov 2024 07:34:16 GMT
vary: Accept-Encoding
x-amz-id-2: yRAD8vN3GeC1yL3y4vbvQTg4zkEed2Mmz+UIQSj8p/1De87wlzrr9mzGeD+UbCKFhttMaEHURmk=
cache-control: max-age=14400
x-amz-request-id: ZCWETDQ76CPT0Z81
cf-ray: 8e5dfe66fdcda29e-YUL
accept-ranges: bytes
content-length: 81958
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4bj0/ Frame A906 0
0 80ms
25ms Document
text/html 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fwww.ducks.ca

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1011148027

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 113355
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Nov 2024 21:09:48 GMT
expires: Wed, 19 Nov 2025 21:09:48 GMT
last-modified: Tue, 19 Nov 2024 10:38:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 57ms
26ms Image
text/plain 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1307598842655627&ev=PageView&dl=https%3A%2F%2Fwww.ducks.ca%2F&rl=&if=false&ts=1732163943570&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12318&fbp=fb.1.1732163943566.326451807674056320&cs_est=true&ler=empty&cdl=API_unavailable&it=1732163943214&coo=false&rqm=GET

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=23, mss=1232, tbw=4840, tp=13, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
195 B 126ms
97ms Image
image/png 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1307598842655627&ev=PageView&dl=https%3A%2F%2Fwww.ducks.ca%2F&rl=&if=false&ts=1732163943570&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12318&fbp=fb.1.1732163943566.326451807674056320&cs_est=true&ler=empty&cdl=API_unavailable&it=1732163943214&coo=false&rqm=FGET

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7439587488552386785"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: 4AUjp16WG7KYmba+XOuujvTzJaLKOs/h/H49fot8vTjARh7sHccuekP99mPJY7qFbm99q/tmNU/JHZD40s2WpQ==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7439587488552386785", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=22, rtx=0, c=24, mss=1232, tbw=5103, tp=17, tpl=0, uplat=62, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 54ms
25ms Image
text/plain 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1307598842655627&ev=PageView&dl=https%3A%2F%2Fwww.ducks.ca%2F&rl=&if=false&ts=1732163943572&sw=1600&sh=1200&v=2.9.176&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=12318&fbp=fb.1.1732163943566.326451807674056320&cs_est=true&ler=empty&cdl=API_unavailable&it=1732163943214&coo=false&tm=1&rqm=GET

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=23, mss=1232, tbw=4568, tp=12, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
192 B 126ms
97ms Image
image/png 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1307598842655627&ev=PageView&dl=https%3A%2F%2Fwww.ducks.ca%2F&rl=&if=false&ts=1732163943572&sw=1600&sh=1200&v=2.9.176&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=12318&fbp=fb.1.1732163943566.326451807674056320&cs_est=true&ler=empty&cdl=API_unavailable&it=1732163943214&coo=false&tm=1&rqm=FGET

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7439587488512404972"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: 60xp4GhyrryFzgJ7jTC7oiJcZgPkLsCFAyMGe0LwBXh2luqEd3nMh6YJNgaHOaUBGeG87w5mvltRXWwhrF16DQ==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7439587488512404972", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=22, rtx=0, c=24, mss=1232, tbw=8287, tp=20, tpl=0, uplat=66, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 / Show response
prism.app-us1.com/ 246 B
495 B 159ms
113ms Script
application/javascript 2606:4700::6812:80d8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://prism.app-us1.com/?a=68518862&u=https%3A%2F%2Fwww.ducks.ca%2F

Requested by

Host: diffuser-cdn.app-us1.com
URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:80d8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.1.29

Resource Hash

afce9f573983d8c76d8534d50ed489f659acacc28cf12a0ad45f498e3b6639bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: no-cache, private
content-encoding: gzip
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 64
cf-ray: 8e5dfe67cfb0a28b-YUL
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/javascript
x-powered-by: PHP/8.1.29
server: cloudflare

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 43ms
41ms Fetch
text/plain 142.251.40.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-X72X8TM4ZF&gtm=45je4bk0v9117277502za200&_p=1732163942549&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1351198422.1732163943&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1732163943&sct=1&seg=0&dl=https%3A%2F%2Fwww.ducks.ca%2F&dt=Conserving%20Canada%E2%80%99s%20Wetlands%20%7C%20Ducks%20Unlimited%20Canada&en=page_view&_fv=1&_ss=1&tfd=1923
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X72X8TM4ZF&l=dataLayer&cx=c&gtm=457e4bk0za200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.174 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s81-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.ducks.ca
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: text/plain
server: Golfe2

GET
H/1.1 200
OK json Show response
pro.ip-api.com/ 156 B
312 B 174ms
41ms Fetch
application/json 208.95.112.2
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/json?key=pAcPOWCUJWo5Gcp&fields=status,country,countryCode,regionName,region,city,timezone,mobile
Requested by: Host: my.hellobar.com
URL: https://my.hellobar.com/modules-v2.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 208.95.112.2 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: c3e22b3259fb10a7fe983e703a406f99aff383bcb57533d001f9ee079e203725

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

Access-Control-Allow-Origin: *
Content-Length: 156
Date: Thu, 21 Nov 2024 04:39:03 GMT
Content-Type: application/json; charset=utf-8

GET
H3 200 /
www.google.com/pagead/1p-user-list/1011148027/ 42 B
64 B 47ms
47ms Image
image/gif 142.250.81.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1011148027/?random=1732163943435&cv=11&fst=1732161600000&bg=ffffff&guid=ON&async=1&gtm=45be4bk0za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.ducks.ca%2F&hn=www.googleadservices.com&frm=0&tiba=Conserving%20Canada%E2%80%99s%20Wetlands%20%7C%20Ducks%20Unlimited%20Canada&npa=0&pscdl=noapi&auid=1729664653.1732163943&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dbiZCrgm8Yi8yS_RfzLf6VxxXgDMifA&random=3064353527&rmt_tld=0&ipr=y

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.228 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 21 Nov 2024 04:39:03 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.ca/pagead/1p-user-list/1011148027/ 42 B
64 B 48ms
47ms Image
image/gif 142.250.80.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/1011148027/?random=1732163943435&cv=11&fst=1732161600000&bg=ffffff&guid=ON&async=1&gtm=45be4bk0za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.ducks.ca%2F&hn=www.googleadservices.com&frm=0&tiba=Conserving%20Canada%E2%80%99s%20Wetlands%20%7C%20Ducks%20Unlimited%20Canada&npa=0&pscdl=noapi&auid=1729664653.1732163943&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dbiZCrgm8Yi8yS_RfzLf6VxxXgDMifA&random=3064353527&rmt_tld=1&ipr=y

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.99 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 21 Nov 2024 04:39:03 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 39ms
38ms Fetch
text/plain 142.251.40.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-RFDJN393CL&gtm=45je4bk0v9127142201z8812358153za200zb812358153&_p=1732163942549&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1351198422.1732163943&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&cs=&cm=&cn=&sid=1732163943&sct=1&seg=0&dl=https%3A%2F%2Fwww.ducks.ca%2F&dt=Conserving%20Canada%E2%80%99s%20Wetlands%20%7C%20Ducks%20Unlimited%20Canada&en=page_view&_fv=1&_ss=1&tfd=2096
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RFDJN393CL&l=dataLayer&cx=c&gtm=45He4bk0v812358153za200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.174 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s81-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.ducks.ca
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 t_prism_sitemessages.php Show response
trackcmp.net/ 0
315 B 117ms
64ms Script
text/javascript 2606:4700:4400::6812:22d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trackcmp.net/t_prism_sitemessages.php?trackid=68518862&prismid=a50fa5fa-a55f-438b-b99c-f9261f6da67b&url=https%3A%2F%2Fwww.ducks.ca%2F
Requested by: Host: diffuser-cdn.app-us1.com
URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22d6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.1.30
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: no-cache, private
x-privacy-policy: You can find our privacy policy here: https://www.activecampaign.com/help/privacy-policy/
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 11
cf-ray: 8e5dfe69a98fa261-YUL
content-length: 0
p3p: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: text/javascript;charset=UTF-8
x-powered-by: PHP/8.1.30
server: cloudflare

GET
H2 200 HolidayGiving_Masthead_option3.jpg
www.ducks.ca/assets/2024/11/ 82 KB
83 KB 36ms
35ms Image
image/webp 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2024/11/HolidayGiving_Masthead_option3.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

9495e74f83d52a39f6c6806dd0eaa325c64635f6a573f12b80a531403632c877

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: image/webp
vary: Accept
last-modified: Thu, 14 Nov 2024 20:30:44 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 84036
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 beaverton-marsh-wren.jpg
www.ducks.ca/assets/2024/11/ 155 KB
156 KB 53ms
52ms Image
image/webp 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ducks.ca/assets/2024/11/beaverton-marsh-wren.jpg

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

3991a1f175a1078117ff750bc86a5a477efe43cd5c735411e8d45cea95939afc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: image/webp
vary: Accept
last-modified: Fri, 15 Nov 2024 21:29:17 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 158828
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 206 SPBG-Video-Hero_1.mp4
www.ducks.ca/assets/2024/11/ 35 KB
0 49ms
49ms Media
video/mp4 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/2024/11/SPBG-Video-Hero_1.mp4

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://www.ducks.ca/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: video/mp4
last-modified: Thu, 14 Nov 2024 15:34:48 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
Content-Range: bytes 0-21886462/21886463
access-control-allow-origin: help.ducks.ca
Content-Length: 21886463
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 clever_ads.js Show response
my.hellobar.com/ 45 B
307 B 44ms
44ms Script
application/javascript 2606:4700:10::6816:e17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.hellobar.com/clever_ads.js
Requested by: Host: my.hellobar.com
URL: https://my.hellobar.com/modules-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:e17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d56e59e18b0e0e164b8bc8c202eb7d6338e11e3b50965440a1e060b7661365f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-amz-id-2: MkMS+2MWuRr/mKTjkVMprtlUmJS7GodazjTNeqKG63Djnqp7fPc5I2tlJr48zb7peWrd9fallN/XOssRB6+EIEBrZSQsSRb8vfnx1Amp+Kg=
cache-control: max-age=14400
cf-cache-status: HIT
etag: "7e9ec97ef70197804a968a2b2c74d155"
age: 5834
x-amz-request-id: BVSFAQ8A8KZ9TRA3
cf-ray: 8e5dfe69f820a29e-YUL
accept-ranges: bytes
content-length: 45
date: Thu, 21 Nov 2024 04:39:04 GMT
content-type: application/javascript
last-modified: Fri, 04 Aug 2023 07:47:23 GMT
vary: Accept-Encoding
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 206 SPBG-Video-Hero_1.mp4
www.ducks.ca/assets/2024/11/ 29 KB
30 KB 176ms
175ms Media
video/mp4 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/2024/11/SPBG-Video-Hero_1.mp4

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

23042ea21ed5cfd3778a6e9bf9be1575df4cb09fd3d38b277d786cb657c348a0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://www.ducks.ca/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=21856256-

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:03 GMT
last-modified: Thu, 14 Nov 2024 15:34:48 GMT
content-type: video/mp4
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
Content-Range: bytes 21856256-21886462/21886463
access-control-allow-origin: help.ducks.ca
Content-Length: 30207
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 206 SPBG-Video-Hero_1.mp4
www.ducks.ca/assets/2024/11/ 16 MB
0 0ms
0ms Media
video/mp4 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/2024/11/SPBG-Video-Hero_1.mp4

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://www.ducks.ca/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=32768-

Response headers

x-sucuri-cache: HIT
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
Content-Range: bytes 32768-21886462/21886463
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: help.ducks.ca
Content-Length: 21853695
date: Thu, 21 Nov 2024 04:39:03 GMT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Thu, 14 Nov 2024 15:34:48 GMT
content-type: video/mp4
server: nginx
x-frame-options: SAMEORIGIN, SAMEORIGIN

GET
H2 200 I4pgBnmw.json Show response
cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/ 43 B
335 B 73ms
26ms Fetch
application/json 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/I4pgBnmw.json
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6a8f08a25fdca7284d51d50b0360fed017c47857048e04e17984bf9d63a92c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"2b-6228271bb6794"
age: 455341
access-control-allow-methods: GET, OPTIONS
cf-ray: 8e5dfe6cfbeaa29c-YUL
access-control-allow-origin: *
date: Thu, 21 Nov 2024 04:39:04 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
last-modified: Fri, 20 Sep 2024 00:51:49 GMT

GET
H2 200 / Show response
beacon-v2.helpscout.net/ 372 B
872 B 95ms
23ms Script
application/javascript 13.226.94.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon-v2.helpscout.net/

Requested by

Host: www.ducks.ca
URL: https://www.ducks.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.94.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-94-107.jfk52.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

9392c1915742c8c271ca4ed182bbe13adc80d9fa0582cb1b639fe97d7c7d0456

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: gzip
etag: "bbf3efc302019bd7f59ad7c9d352817a"
age: 55
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: tVjlFN9-LKRzEpDVJfO6aN3lZvHVQd_fd6li1JEeQqqKtp-JGU0Kdg==
date: Thu, 21 Nov 2024 04:38:19 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Wed, 20 Nov 2024 12:38:39 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cache-control: max-age=120, s-maxage=120, public
referrer-policy: strict-origin-when-cross-origin
via: 1.1 1af9f97779e52f512a1145b7da36be50.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 287
x-xss-protection: 1; mode=block
x-amz-cf-pop: JFK52-P10
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 favicon-32x32.png
www.ducks.ca/ 2 KB
2 KB 293ms
292ms Other
image/png 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

011e3a6ff7e1d5bb318dc2da14268320ace55f2087dd440339c74f418187d213

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

x-sucuri-cache: HIT
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Thu, 21 Nov 2024 04:39:04 GMT
content-type: image/png
last-modified: Wed, 13 Dec 2023 17:35:05 GMT
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
accept-ranges: bytes
access-control-allow-origin: help.ducks.ca
content-length: 1936
x-xss-protection: 1; mode=block, 1; mode=block
server: nginx

GET
H2 200 8AH2d1k6.json Show response
cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/config/ 32 KB
5 KB 25ms
24ms Fetch
application/json 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/config/8AH2d1k6.json
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61c10f91a3e2f1d771201c5b4a1ed4c01778bf68fe274971f85bc7c37be0b01b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"7f56-6228271bb6794"
age: 455341
access-control-allow-methods: GET, OPTIONS
cf-ray: 8e5dfe6d2c12a29c-YUL
access-control-allow-origin: *
date: Thu, 21 Nov 2024 04:39:04 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
last-modified: Fri, 20 Sep 2024 00:51:49 GMT

GET
H2 200 vendor.5fe8f3bc.js Show response
beacon-v2.helpscout.net/static/js/ 62 KB
23 KB 28ms
27ms Script
application/javascript 13.226.94.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon-v2.helpscout.net/static/js/vendor.5fe8f3bc.js

Requested by

Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.94.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-94-107.jfk52.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c615d03cee52e9673053fd8588d0e124a318245eb3e831e8f3a9204c6d3c99f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: gzip
etag: "a3d10a46a82feffc1fa974df28b56f57"
age: 2395
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: T8NPlaPMqKoUEbHkBHpH-ATHG8ZrFPgh6aEFCZeG9oHGSfvPGr5vgg==
date: Thu, 21 Nov 2024 03:59:10 GMT
content-type: application/javascript
last-modified: Wed, 20 Nov 2024 12:38:40 GMT
vary: Origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cache-control: max-age=315360000, s-maxage=7200, public
referrer-policy: strict-origin-when-cross-origin
via: 1.1 1af9f97779e52f512a1145b7da36be50.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 22572
x-xss-protection: 1; mode=block
x-amz-cf-pop: JFK52-P10
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 main.480426b8.js Show response
beacon-v2.helpscout.net/static/js/ 31 KB
13 KB 31ms
31ms Script
application/javascript 13.226.94.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon-v2.helpscout.net/static/js/main.480426b8.js

Requested by

Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.94.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-94-107.jfk52.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

cef7010902b5bab9d40601b18061e7124432c6da60b182ce837f5ec024cf8fa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

content-encoding: gzip
etag: "4e4be0733cf5d4979ce1ea571d28c266"
age: 7135
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: OksdN6NdqC-iGxGwDNzApmUFeirIxZ3b4-dyWBkEUZMu6zF2SePGnA==
date: Thu, 21 Nov 2024 02:40:10 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Wed, 20 Nov 2024 12:38:40 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cache-control: max-age=315360000, s-maxage=7200, public
referrer-policy: strict-origin-when-cross-origin
via: 1.1 1af9f97779e52f512a1145b7da36be50.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 12424
x-xss-protection: 1; mode=block
x-amz-cf-pop: JFK52-P10
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 5z6BpmpJ.json Show response
cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/translations/ 2 KB
849 B 27ms
26ms Fetch
application/json 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/translations/5z6BpmpJ.json
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 545d17de5e8f8f30f91b2e49749b90fd35b6101297f72e1b3ff0c15453e437d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6fe-6228271bb7734"
age: 581259
access-control-allow-methods: GET, OPTIONS
cf-ray: 8e5dfe6d6c3aa29c-YUL
access-control-allow-origin: *
date: Thu, 21 Nov 2024 04:39:04 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
last-modified: Fri, 20 Sep 2024 00:51:49 GMT

GET
H2 200 TR2ephiF.json Show response
cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/audit-table/ 15 KB
4 KB 26ms
24ms Fetch
application/json 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/audit-table/TR2ephiF.json
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96ccff1f09d396dc37d1123bf92deef4b6015e2478dcb013decba2d5fea5509e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"3d08-6228271bb6794"
age: 455341
access-control-allow-methods: GET, OPTIONS
cf-ray: 8e5dfe6d8c63a29c-YUL
access-control-allow-origin: *
date: Thu, 21 Nov 2024 04:39:04 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
last-modified: Fri, 20 Sep 2024 00:51:49 GMT

GET
H2 200 45ecdc53-66fd-4801-8e58-4226a059686c Show response
d3hb14vkzrxvla.cloudfront.net/v1/ 9 KB
9 KB 43ms
42ms XHR
application/json 13.226.103.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/45ecdc53-66fd-4801-8e58-4226a059686c

Requested by

Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/static/js/vendor.5fe8f3bc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.103.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-103-91.jfk52.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fc9da0ee5acd01df8222227a975e549b052ecf59d6dbc6f5a520af2d86f9faf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Beacon-Device-ID: 983af83b-feaa-4ef7-ba87-43fb0025967b
correlationId: 25f150a9-de3c-4754-9e58-d3cd38eb98d5
Referer: https://www.ducks.ca/
Beacon-Device-Instance-ID: 53c23c71-142a-43f5-a01c-e712d543f936
Helpscout-Origin: Beacon-Embed
Helpscout-Release: 2.2.229
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-expose-headers: Resource-ID
cache-control: max-age=300
x-envoy-upstream-service-time: 4
access-control-allow-credentials: true
via: 1.1 4184c55a8c6148d4c2081dc674c1874e.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.ducks.ca
x-cache: Miss from cloudfront
x-amz-cf-id: A30iPwiC37PNMHFEOiUB4zXvhsic1g949x39siPFDY8_T8J-EbEQNQ==
date: Thu, 21 Nov 2024 04:39:03 GMT
content-type: application/json
vary: Origin,Access-Control-Request-Method
server: istio-envoy
x-amz-cf-pop: JFK52-P10

OPTIONS
H2 200 45ecdc53-66fd-4801-8e58-4226a059686c
d3hb14vkzrxvla.cloudfront.net/v1/ Frame 0
0 115ms
38ms Preflight 13.226.103.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/45ecdc53-66fd-4801-8e58-4226a059686c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.103.91 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-103-91.jfk52.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: beacon-device-id,beacon-device-instance-id,correlationid,helpscout-origin,helpscout-release
Access-Control-Request-Method: GET
Origin: https://www.ducks.ca
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: beacon-device-id, beacon-device-instance-id, correlationid, helpscout-origin, helpscout-release
access-control-allow-methods: GET
access-control-allow-origin: https://www.ducks.ca
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, PATCH
content-length: 0
date: Thu, 21 Nov 2024 04:39:04 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin,Access-Control-Request-Method
via: 1.1 4184c55a8c6148d4c2081dc674c1874e.cloudfront.net (CloudFront)
x-amz-cf-id: R5EQrS7Hof6Pp_NDL4OO0bqWq5UYJ5x6wyYuBZxWRk6Ysa-e8a42wg==
x-amz-cf-pop: JFK52-P10
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 3

GET
H2 200 close.svg
cdn-cookieyes.com/assets/images/ 1 KB
840 B 24ms
24ms Image
image/svg+xml 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cookieyes.com/assets/images/close.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a049e1abe441835a2bcf35258936072189a0a52d0000c4ed2094e59d2afd189b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.ducks.ca/

Response headers

cache-control: max-age=0, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"541-5da3a66c769d4"
age: 72670
cf-ray: 8e5dfe6dfe06a302-YUL
access-control-allow-origin: *
date: Thu, 21 Nov 2024 04:39:04 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: cloudflare
last-modified: Tue, 15 Mar 2022 04:40:50 GMT

POST
H2 200 log
log.cookieyes.com/api/v1/ 2 B
218 B 105ms
104ms Ping
text/plain 54.229.214.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://log.cookieyes.com/api/v1/log
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/5334ec02d5456ff7ca9b73bf/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.214.125 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-214-125.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryWj3cncTjlKPGVgQ0
Referer: https://www.ducks.ca/

Response headers

x-robots-tag: noindex, nofollow
link: <https://www.cookieyes.com>; rel="canonical"
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-origin: *
content-length: 2
date: Thu, 21 Nov 2024 04:39:04 GMT
content-type: text/plain; charset=utf-8
x-powered-by: Express

GET
H2 206 SPBG-Video-Hero_1.mp4
www.ducks.ca/assets/2024/11/ 5 MB
3 MB 0ms
0ms Media
video/mp4 192.124.249.12
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ducks.ca/assets/2024/11/SPBG-Video-Hero_1.mp4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.12 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10012.sucuri.net

Software

nginx /

Resource Hash

e0340911c977856c265ee8cfa7685c3ccfe499dd7172bc67bc5d09abc361658c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://www.ducks.ca/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range: bytes=16809984-

Response headers

x-sucuri-cache: HIT
x-sucuri-id: 14012
content-security-policy: upgrade-insecure-requests;
cache-control: max-age=315360000
Content-Range: bytes 16809984-21886462/21886463
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: help.ducks.ca
Content-Length: 5076479
date: Thu, 21 Nov 2024 04:39:03 GMT
x-xss-protection: 1; mode=block, 1; mode=block
last-modified: Thu, 14 Nov 2024 15:34:48 GMT
content-type: video/mp4
server: nginx
x-frame-options: SAMEORIGIN, SAMEORIGIN

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/ga/rul?tid=G-398XHC6YN5&gacid=1351198422.1732163943&gtm=45je4bk0v9138487833za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=203286900

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/rul/1011148027?random=1732163943435&cv=11&fst=1732163943435&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bk0za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.ducks.ca%2F&hn=www.googleadservices.com&frm=0&tiba=Conserving%20Canada%E2%80%99s%20Wetlands%20%7C%20Ducks%20Unlimited%20Canada&npa=0&pscdl=noapi&auid=1729664653.1732163943&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Verdicts & Comments Add Verdict or Comment

147 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.support.ducks.ca/	1970-01-21 01:09:25	Name: __cf_bm Value: Unwa1Cr0hb4PJqu_xumZH5NcugXtHqNDVtZmIoiY_Ck-1732163942-1.0.1.1-4ETGjcFrGmsf2WTkAIJqSaa2YaWZ4bGn_amii6kB3IEB9Ag2yi62ToA_DAOqTuXnIJOOimPChmSttDbgqUhr8A
.support.ducks.ca/	1969-12-31 23:59:59	Name: _cfuvid Value: XrLVq_V7CNPxzjJoXQpdqnOAS7F7tmIa7V.LiWU7._U-1732163942315-0.0.1.1-604800000
.donordrive.com/	1970-01-21 01:09:25	Name: __cf_bm Value: wEPPieuJ.myVI7zacYcM0YcQtnoDP9w6ItgMklc8Cdw-1732163943-1.0.1.1-R.p5TjjoV4q7qccGh9mPUVsoBHBfhsGTGoh0xY08TCaxBFPM0.fnB0jp0hB9cno9fVC3SwDkaBqKygPEA6JMDA
.donordrive.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 5QRaWue01.dGxLpzo6jhaE4lwHFibQfKelSD_u3ZaSU-1732163943071-0.0.1.1-604800000
www.ducks.ca/	1970-01-21 01:52:07	Name: ac_enable_tracking Value: 1
.ducks.ca/	1970-01-21 10:45:23	Name: _ga_398XHC6YN5 Value: GS1.1.1732163943.1.0.1732163943.60.0.0
.doubleclick.net/	1970-01-21 01:09:24	Name: test_cookie Value: CheckForPermission
.www.google-analytics.com/	1970-01-21 03:18:59	Name: ar_debug Value: 1
.ducks.ca/	1970-01-21 09:54:59	Name: _hjSessionUser_859241 Value: eyJpZCI6IjEyMGM4Nzk3LTUwNmMtNTQyYy05M2M0LWExMGIxZTQ2OGEyZSIsImNyZWF0ZWQiOjE3MzIxNjM5NDM2MzgsImV4aXN0aW5nIjpmYWxzZX0=
.ducks.ca/	1970-01-21 01:09:25	Name: _hjSession_859241 Value: eyJpZCI6IjkwMGJhYWM3LTc1YTQtNGFiNC04ODBmLTZkOGIxMGYwMjM1MyIsImMiOjE3MzIxNjM5NDM2MzksInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.ducks.ca/	1970-01-21 10:45:23	Name: _ga_X72X8TM4ZF Value: GS1.1.1732163943.1.0.1732163943.0.0.0
prism.app-us1.com/	1970-01-21 01:52:35	Name: prism_68518862 Value: a50fa5fa-a55f-438b-b99c-f9261f6da67b
.ducks.ca/	1970-01-21 10:45:23	Name: _ga_RFDJN393CL Value: GS1.1.1732163943.1.0.1732163943.0.0.0
.ducks.ca/	1970-01-21 01:52:35	Name: prism_68518862 Value: a50fa5fa-a55f-438b-b99c-f9261f6da67b
www.ducks.ca/	1970-01-21 09:54:59	Name: cookieyes-consent Value: consentid:NW5lUjJ4ZjZBVURjOEUzaVFkV1g4QU1hUTJSaTkyRzY,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no,other:no

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
beacon-v2.helpscout.net
cdn-cookieyes.com
connect.facebook.net
d3hb14vkzrxvla.cloudfront.net
diffuser-cdn.app-us1.com
ducks.donordrive.com
googleads.g.doubleclick.net
log.cookieyes.com
my.hellobar.com
p.typekit.net
prism.app-us1.com
pro.ip-api.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
support.ducks.ca
td.doubleclick.net
trackcmp.net
use.typekit.net
www.ducks.ca
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
td.doubleclick.net
13.226.103.91
13.226.94.107
13.33.252.127
142.250.80.99
142.250.81.228
142.251.32.104
142.251.40.162
142.251.40.174
18.164.96.87
192.124.249.12
2001:4860:4802:32::181
208.95.112.2
2600:141b:1c00:8::1728:b323
2600:141b:f000:2c::17db:a198
2606:4700:10::6816:e17
2606:4700:10::ac43:1408
2606:4700:4400::6812:22d6
2606:4700::6811:1fae
2606:4700::6812:7c49
2606:4700::6812:80d8
2606:4700::6812:be27
2607:f8b0:4004:c19::9c
2607:f8b0:4006:80e::200e
2607:f8b0:4006:821::2008
31.13.71.36
54.229.214.125
57.144.180.128
011e3a6ff7e1d5bb318dc2da14268320ace55f2087dd440339c74f418187d213
01c8a16999c28817d96d89fb0bf37990ca6da03d00f3ef32d6896081482a90fd
032e3c1bfe3408c36ea47292f5f0ef72bedaf1911a1cc0d6f4d9ca2af5c8064a
0cf06b9a7ddb392b40aee567af3e440496ca5b9f03f95a6b47167a518c17c317
11f4b1c5b48fa0100ba180a2e7ffc3296a59ecd4b210351bb452130979c8582c
128c3ee7c42f05696b5447590496729f52c6f69e03600edd7de55620033d99ac
17606fe89e0923403d7b56fa090859e3c10fd0ff1aa8658a7dd353f2f8b3fa46
17bae00ef49929d71b1b6d7af780e33848375ad3f6cfc89b67923d726ad93b9c
19086cd1c9278b60f7fe3adbf3fd99a4d6687cece24df6cc16d5f2733ea86925
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1ffe77d6de7930a2df2c5d1a896f402c331dae1b3e242279d49d399350a33e04
22f7ffc9da943ce5577932acc5d4e548b9bb93ad9f4e2601836ec2f66a81d799
23042ea21ed5cfd3778a6e9bf9be1575df4cb09fd3d38b277d786cb657c348a0
2594ddf8030f0497adc18932351089e6d1084d0ecf94987b22237bd515225842
26db36707844fa367f47c47b4b614db27a608286fe71d9ff8c3012dbe71c5499
2b3e3ca396669757773ada0eb9c6588fd132955b7bcbfc7a7373a7abeb8ec0b8
2ec777f2100d609871dcc11b7c2a2ba25e993de36065caea5d2c2e176b51b65f
34a04e0f1b9a0ba5c447ba518329c10e00576a337188203f51e322605605156f
34eea854a92599b7e9e42c97be4d0104e708cfaf8a1e08db89694d213008dc64
370c20d117b5b5df30915c16d33eddd9f0777446ae0a06ff94e9caba991ff5de
3991a1f175a1078117ff750bc86a5a477efe43cd5c735411e8d45cea95939afc
39b49bf838709c9ee4941c05494be311c9cd0222e5935922f725c00aefe58782
3d757a659bc5590e41fd3c60d3be6b9cfae8604841c622c8ad44b230ffe87b23
3f68164b027ff40a3f90cf02fef265a2e0c4ef094b1b5fd840f2ab8b17f4e1dc
4711ad407342d244999b8a9e1e8fb9f455943fe6242c91a92fb89fd16ec2dd10
4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032
4fc883f7a9605520c08a98517823fc186356c6f4ad443affbdaadadd5fa529b9
507d5200350e05ed546632ded04d261107b47db1d7e487bc4f62843750e8659e
50e1ba679b1131a2a56d9478d56c7ce17d93a844799a83b0dfd3d0203fdc8b26
5153dcdd92287fc7014a3a4610c6714b94da7cbdf5df3d5947179419868be9ca
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
545d17de5e8f8f30f91b2e49749b90fd35b6101297f72e1b3ff0c15453e437d6
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5829bd353f174161be7db1c4451d0ef7991da02ee832b4b092e849ee3395a0bb
5ccab72d7341e1c256d8e3b5d646a7d9cee9ffdd61731a8b854e2bd758bcb5ef
5d6a304e3ef945cce216ddb832d62534549f367afa50447fbcc3273607652c2f
61c10f91a3e2f1d771201c5b4a1ed4c01778bf68fe274971f85bc7c37be0b01b
63922fb83d6487a8b5ae3418dd094aa3bd2daed2f83468d4f5f7832273da9699
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694
68b324a6179651d56917d3b1f3f5d0a1e71b08550b1468790826dde5e22b2b56
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bb4f9f946f5c4451ae843398c2db24fc84180325bd9c524d52e22f73431d341
72a0f2acf42ef7005c85f459f7656248ecdb3412ea4260f8c1c0c7359aff5544
74c5874adefb264e299942f86f07a1e36da99223933c2612ffdcc36e05387c76
7734306b24719e59158e81abe7849cd4323df1fcee4364b190808b8e761a3255
775871982d4a6e5ce130a7bfe4aef3e7ecc9b16bf290a593800a8ac5f3c5910f
8279ce5e964c392091d4ac2df0216ca142471183af87ef59feb748d6329b4fba
8b87f68e11485a97091ca246e20406fb58aa627bb5d8fe9c8451be9a3f980c05
8d56e59e18b0e0e164b8bc8c202eb7d6338e11e3b50965440a1e060b7661365f
8d925fa185075de5d0bb0d7b5694e31bb0f152f2d8b0e9a51e8beb3c6ee93999
92a7e8048bdf43fa053f28b42afd22c6703d4b54536b96fe40f394436526b690
92b3f4acfaebc2783b3278da66519618a5dfc33d413ebcfe846a270e73eb1c1c
9392c1915742c8c271ca4ed182bbe13adc80d9fa0582cb1b639fe97d7c7d0456
93f5fb79158105d49940d82bea1bd734b47d6ad461dbb4e7bb9c0fde8c0ab5aa
9495e74f83d52a39f6c6806dd0eaa325c64635f6a573f12b80a531403632c877
961d657f78046eda0c3c71e839f8c91a9b2fb84249140b01446dc331413a45a3
96ccff1f09d396dc37d1123bf92deef4b6015e2478dcb013decba2d5fea5509e
97613efe15da32355d912f7d1958ec86306184e245c9bf8c3451c71ec97fddfe
998a575c7b376128a98e6d67e29c42e1726aac3489cf2c0b2aaebf6f6ad0b546
a049e1abe441835a2bcf35258936072189a0a52d0000c4ed2094e59d2afd189b
a29bd28623630b2f573a62ea55880f6762120f081305f5b4d4dfa7db343d0a9b
a6a8f08a25fdca7284d51d50b0360fed017c47857048e04e17984bf9d63a92c5
a894dbb6e181fc9a70bf4453dc3571e0b5a0b068356310b3139abd081cb80d24
a89d39a1a2f356399f1b3c0fbb5298cf3d125fc080d639ca8132c8e083c64e01
a8f421eca8ecccd58f74b3f62d8a2455226674f70145fba065f04f21cbedc67c
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
afce9f573983d8c76d8534d50ed489f659acacc28cf12a0ad45f498e3b6639bf
b57188864db8cbe1f4c6094fcb18d4cfe8e067626c44a511382898a950bae40a
b7dbd67a716699b9050be0fcf74cd8421d2439439fd52b02e98771a9fe13162f
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be6782a8a0617c64e1eaf887f6771ac1e4ead25232ffcf133e5cba77b7379e76
c2cf401fd0305814dc8e7f0d50caf0f54891f6a02a43993029e3dbf7221a375f
c3e22b3259fb10a7fe983e703a406f99aff383bcb57533d001f9ee079e203725
c5aa03d481de2abd7170e2cfe9a8f5389b26d5322d10658fc3868ff31a9c99bb
c615d03cee52e9673053fd8588d0e124a318245eb3e831e8f3a9204c6d3c99f2
c71ca41d619ce8e6b1920a96c9b58ecdaea194f2ed8c72726a327cb44f150c4c
c7b8cc6bae254c5cb333bb3bbc504f2b983af359003db57ba2bbdf55fa48e02d
cb8860e86bd3e88095ab5a439a4fb8081a61b1e4243b2bf720608fcf91e91742
cef7010902b5bab9d40601b18061e7124432c6da60b182ce837f5ec024cf8fa3
d35faa1c0b45cc142295ae07a0c6e6e7824e0e64b58b81a83e7850251586e0df
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
d60f18eb9305421e4251812de02413ea448fb3e5c8d6f115287b8a0656924c73
d7744276e39efd885966f3740024a79820df9fa210dc6c4b84080b8d4104b054
d7fbbfd43ae4c0389a762d54e40252f893e0dcd400a09027da84e81fad8f851d
dd46f96b6f47fcd33683b79ddfaf3daca1d4f8aeba3c0f2bde1584c69cc699d4
ddeaa5e0d316737100fbbb41456d7c53a5ee83c2d7d1b7f189dcdf510d251f79
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0340911c977856c265ee8cfa7685c3ccfe499dd7172bc67bc5d09abc361658c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c28c7a487f93ab9abc820822e9bd8db6aca2b6845f20258273ade837cdb352
e5df7236dd99e061a39dc02418170062a6e807829afd5e1b683d1b4eea7afcbc
e71add29e7812882dd4f0da91fe58706315acbcde9a46c3d7555e3d07c04aedb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01437673e72399e4bca1ec0be3ae0885a98ad24a498532b102c936eef1bdaee
f479481669c7d19aba2740363aba2a26dff6decabd265923ecac1fd430738d8e
f50c3c8126205132077e808fb8c8ba20ede201e51a543c96777473cdbc7c4946
fb4eaa04b4e471705026e27577227b787117605ca4aa48f203bcfec1503af3fa
fc9da0ee5acd01df8222227a975e549b052ecf59d6dbc6f5a520af2d86f9faf6
feb5c0ee05ef970a3cf34bac95d465e96ccb3a3df353b3a641d9391c168e68ad

www.ducks.ca Open in urlscan Pro 192.124.249.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

117 Requests

97 %HTTPS

48 %IPv6

19 Domains

26 Subdomains

26 IPs

2 Countries

7641 kBTransfer

30506 kBSize

15 Cookies

13 Outgoing links

Page URL History

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.ducks.ca Open in urlscan Pro
192.124.249.12 Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

97 %
HTTPS

48 %
IPv6

19
Domains

26
Subdomains

26
IPs

2
Countries

7641 kB
Transfer

30506 kB
Size

15
Cookies

117 HTTP transactions
3 data transactions