Submitted URL: http://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news
Effective URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Submission: On November 21 via manual from US — Scanned from DE

Summary

This website contacted 75 IPs in 11 countries across 49 domains to perform 247 HTTP transactions. The main IP is 2606:4700:10::6816:4a8, located in United States and belongs to CLOUDFLARENET, US. The main domain is bestlifeonline.com. The Cisco Umbrella rank of the primary domain is 66716.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 22nd 2022. Valid for: a year.
This is the only time bestlifeonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 18 2606:4700:10:... 13335 (CLOUDFLAR...)
1 65.9.61.60 16509 (AMAZON-02)
2 192.0.76.3 2635 (AUTOMATTIC)
1 54.164.3.34 14618 (AMAZON-AES)
1 63.34.81.234 16509 (AMAZON-02)
1 2a04:fa87:fff... 2635 (AUTOMATTIC)
2 2600:9000:205... 16509 (AMAZON-02)
1 2600:9000:206... 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:205... 16509 (AMAZON-02)
3 172.64.151.162 13335 (CLOUDFLAR...)
1 5 13.32.28.197 16509 (AMAZON-02)
1 2600:9000:205... 16509 (AMAZON-02)
1 2600:9000:206... 16509 (AMAZON-02)
1 1 2600:1f18:730... 14618 (AMAZON-AES)
1 3.218.4.10 14618 (AMAZON-AES)
3 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 3.33.220.150 16509 (AMAZON-02)
1 54.158.154.2 14618 (AMAZON-AES)
1 34.120.133.55 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 99.86.3.236 16509 (AMAZON-02)
6 12 37.252.171.22 29990 (ASN-APPNEX)
1 18.157.127.232 16509 (AMAZON-02)
2 104.18.33.19 13335 (CLOUDFLAR...)
3 18.156.195.47 16509 (AMAZON-02)
1 185.64.189.112 62713 (AS-PUBMATIC)
1 2602:803:c003... 26667 (RUBICONPR...)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
25 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 99.86.4.12 16509 (AMAZON-02)
17 2a00:1450:400... 15169 (GOOGLE)
1 4 3.210.106.149 14618 (AMAZON-AES)
1 20.40.202.0 8075 (MICROSOFT...)
1 65.9.58.186 16509 (AMAZON-02)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 3 185.29.132.245 30419 (MEDIAMATH...)
4 4 18.159.93.136 16509 (AMAZON-02)
1 1 141.94.240.143 16276 (OVH)
1 1 146.59.148.16 16276 (OVH)
2 52.49.181.242 16509 (AMAZON-02)
2 3 3.248.127.202 16509 (AMAZON-02)
1 2 104.111.215.191 16625 (AKAMAI-AS)
2 2 52.19.19.146 16509 (AMAZON-02)
1 2620:1ec:22::14 8068 (MICROSOFT...)
1 2a04:4e42:600... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.32.27.65 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 54.191.92.193 16509 (AMAZON-02)
3 6 34.241.76.101 16509 (AMAZON-02)
20 2a00:1450:400... 15169 (GOOGLE)
13 16 142.250.186.66 15169 (GOOGLE)
6 13 185.80.39.216 27381 (CASALE-MEDIA)
1 2a00:1450:400... 15169 (GOOGLE)
6 172.217.18.2 15169 (GOOGLE)
8 2600:9000:214... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
19 2600:1f13:800... 16509 (AMAZON-02)
2 23.35.236.201 16625 (AKAMAI-AS)
2 23.205.235.133 16625 (AKAMAI-AS)
1 151.101.129.108 54113 (FASTLY)
1 34.98.67.61 396982 (GOOGLE-CL...)
2 172.64.154.237 13335 (CLOUDFLAR...)
1 185.64.190.78 62713 (AS-PUBMATIC)
1 2 52.46.130.91 16509 (AMAZON-02)
2 2a05:d018:d29... 16509 (AMAZON-02)
1 2a05:d018:cc3... 16509 (AMAZON-02)
5 6 37.157.5.141 198622 (ADFORM)
2 2 18.156.0.31 16509 (AMAZON-02)
2 2 213.155.156.168 1299 (TWELVE99 ...)
5 185.64.190.80 62713 (AS-PUBMATIC)
2 185.64.190.81 62713 (AS-PUBMATIC)
1 1 141.94.170.77 16276 (OVH)
1 35.204.74.118 396982 (GOOGLE-CL...)
1 69.173.144.138 26667 (RUBICONPR...)
247 75
Apex Domain
Subdomains
Transfer
46 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 101
cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 136
288 KB
33 adsafeprotected.com
fw.adsafeprotected.com — Cisco Umbrella Rank: 729
static.adsafeprotected.com — Cisco Umbrella Rank: 546
dt.adsafeprotected.com — Cisco Umbrella Rank: 518
293 KB
33 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
googleads.g.doubleclick.net — Cisco Umbrella Rank: 41
cm.g.doubleclick.net — Cisco Umbrella Rank: 203
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 294
290 KB
20 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 262
561 KB
19 bestlifeonline.com
bestlifeonline.com — Cisco Umbrella Rank: 66716
219 KB
17 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 491
as-sec.casalemedia.com — Cisco Umbrella Rank: 1339
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 512
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 418
14 KB
13 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 209
acdn.adnxs.com — Cisco Umbrella Rank: 579
28 KB
11 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 449
ads.pubmatic.com — Cisco Umbrella Rank: 458
image6.pubmatic.com — Cisco Umbrella Rank: 662
image2.pubmatic.com — Cisco Umbrella Rank: 882
simage2.pubmatic.com — Cisco Umbrella Rank: 671
image4.pubmatic.com — Cisco Umbrella Rank: 822
simage4.pubmatic.com — Cisco Umbrella Rank: 1110
26 KB
10 lightboxcdn.com
www.lightboxcdn.com — Cisco Umbrella Rank: 5944
s3.lightboxcdn.com — Cisco Umbrella Rank: 15766
353 KB
8 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 290
aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 503
s.amazon-adsystem.com — Cisco Umbrella Rank: 279
6 KB
8 liadm.com
b-code.liadm.com — Cisco Umbrella Rank: 3046
rp.liadm.com — Cisco Umbrella Rank: 1515
rp4.liadm.com — Cisco Umbrella Rank: 6981
i.liadm.com — Cisco Umbrella Rank: 551
21 KB
7 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1118
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 416
ups.analytics.yahoo.com — Cisco Umbrella Rank: 280
2 KB
6 adform.net
c1.adform.net — Cisco Umbrella Rank: 582
3 KB
5 bidswitch.net
grid.bidswitch.net — Cisco Umbrella Rank: 899
x.bidswitch.net — Cisco Umbrella Rank: 281
1 KB
5 cloudfront.net
d30qdagvt44524.cloudfront.net
d3div1mtym39ic.cloudfront.net
d9jj3mjthpub.cloudfront.net
dc8xl0ndzn2cb.cloudfront.net
d31qbv1cthcecs.cloudfront.net
42 KB
4 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 439
eus.rubiconproject.com — Cisco Umbrella Rank: 541
token.rubiconproject.com — Cisco Umbrella Rank: 544
12 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
region1.google-analytics.com — Cisco Umbrella Rank: 2536
20 KB
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 185
142 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 197
3 KB
3 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 446
2 KB
3 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4166
consentcdn.cookiebot.com — Cisco Umbrella Rank: 4764
100 KB
3 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 341
919 B
3 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 587
cdn.indexww.com — Cisco Umbrella Rank: 1490
15 KB
3 parsely.com
cdn.parsely.com — Cisco Umbrella Rank: 2489
api.parsely.com — Cisco Umbrella Rank: 9206
p1.parsely.com — Cisco Umbrella Rank: 1889
22 KB
2 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 4495
562 B
2 narrative.io
io.narrative.io — Cisco Umbrella Rank: 2142
932 B
2 addthis.com
x.dlx.addthis.com — Cisco Umbrella Rank: 1192
1 KB
2 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 714
531 B
2 onaudience.com
pixel-eu.onaudience.com — Cisco Umbrella Rank: 13081
pixel.onaudience.com — Cisco Umbrella Rank: 3206
1 KB
2 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 146
2 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 72
www.google.com — Cisco Umbrella Rank: 2
2 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 53
129 KB
2 wp.com
stats.wp.com — Cisco Umbrella Rank: 2615
pixel.wp.com — Cisco Umbrella Rank: 2437
3 KB
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 752
610 B
1 adroll.com
d.adroll.com — Cisco Umbrella Rank: 1431
181 B
1 mookie1.com
odr.mookie1.com — Cisco Umbrella Rank: 929
356 B
1 gstatic.com
fonts.gstatic.com
16 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43
1 KB
1 a2z.com
redirect.prod.experiment.routing.cloudfront.aws.a2z.com
48 B
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 636
367 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 355
807 B
1 erne.co
green.erne.co — Cisco Umbrella Rank: 16063
342 B
1 azurewebsites.net
lightboxapi.azurewebsites.net — Cisco Umbrella Rank: 9718
792 B
1 google.de
adservice.google.de — Cisco Umbrella Rank: 8709
792 B
1 rlcdn.com
api.rlcdn.com — Cisco Umbrella Rank: 762
361 B
1 rkdms.com
id.sv.rkdms.com — Cisco Umbrella Rank: 4157
168 B
1 mdpcdn.com
karma.mdpcdn.com — Cisco Umbrella Rank: 21809
109 KB
1 gravatar.com
secure.gravatar.com — Cisco Umbrella Rank: 1744
423 B
0 alexametrics.com Failed
certify.alexametrics.com Failed
247 49
Domain Requested by
25 pagead2.googlesyndication.com securepubads.g.doubleclick.net
cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
s0.2mdn.net
www.googletagservices.com
20 s0.2mdn.net bestlifeonline.com
s0.2mdn.net
cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
19 dt.adsafeprotected.com cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
19 bestlifeonline.com 2 redirects bestlifeonline.com
17 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
s0.2mdn.net
16 cm.g.doubleclick.net 13 redirects googleads.g.doubleclick.net
13 dsum-sec.casalemedia.com 6 redirects googleads.g.doubleclick.net
ssum-sec.casalemedia.com
12 ib.adnxs.com 6 redirects karma.mdpcdn.com
googleads.g.doubleclick.net
acdn.adnxs.com
8 static.adsafeprotected.com fw.adsafeprotected.com
cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
8 www.lightboxcdn.com bestlifeonline.com
www.lightboxcdn.com
6 c1.adform.net 5 redirects ads.pubmatic.com
6 googleads4.g.doubleclick.net bestlifeonline.com
6 fw.adsafeprotected.com 3 redirects bestlifeonline.com
6 googleads.g.doubleclick.net cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
bestlifeonline.com
5 c.amazon-adsystem.com 1 redirects c.amazon-adsystem.com
4 x.bidswitch.net 4 redirects
4 i.liadm.com 1 redirects b-code.liadm.com
i.liadm.com
4 cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com securepubads.g.doubleclick.net
4 securepubads.g.doubleclick.net karma.mdpcdn.com
securepubads.g.doubleclick.net
3 image2.pubmatic.com ads.pubmatic.com
3 www.googletagservices.com cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
3 dpm.demdex.net 2 redirects ssum-sec.casalemedia.com
3 sync.mathtag.com 3 redirects
3 c2shb.ssp.yahoo.com karma.mdpcdn.com
3 match.adsrvr.org js-sec.indexww.com
i.liadm.com
ssum-sec.casalemedia.com
3 www.google-analytics.com bestlifeonline.com
2 simage2.pubmatic.com ads.pubmatic.com
2 d5p.de17a.com 2 redirects
2 ups.analytics.yahoo.com 2 redirects
2 pr-bh.ybp.yahoo.com ssum-sec.casalemedia.com
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 ssum-sec.casalemedia.com js-sec.indexww.com
ssum-sec.casalemedia.com
2 eus.rubiconproject.com karma.mdpcdn.com
eus.rubiconproject.com
2 ads.pubmatic.com karma.mdpcdn.com
2 s3.lightboxcdn.com www.lightboxcdn.com
s3.lightboxcdn.com
2 io.narrative.io 2 redirects
2 x.dlx.addthis.com 1 redirects i.liadm.com
2 sync.crwdcntrl.net i.liadm.com
2 consent.cookiebot.com www.googletagmanager.com
consent.cookiebot.com
2 sb.scorecardresearch.com bestlifeonline.com
2 www.googletagmanager.com bestlifeonline.com
2 js-sec.indexww.com karma.mdpcdn.com
2 b-code.liadm.com bestlifeonline.com
b-code.liadm.com
1 simage4.pubmatic.com ads.pubmatic.com
1 token.rubiconproject.com eus.rubiconproject.com
1 um.simpli.fi
1 pixel.onaudience.com 1 redirects
1 image4.pubmatic.com
1 cdn.indexww.com ssum-sec.casalemedia.com
1 d.adroll.com ssum-sec.casalemedia.com
1 image6.pubmatic.com ads.pubmatic.com
1 odr.mookie1.com
1 acdn.adnxs.com karma.mdpcdn.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com www.lightboxcdn.com
1 redirect.prod.experiment.routing.cloudfront.aws.a2z.com
1 d31qbv1cthcecs.cloudfront.net bestlifeonline.com
1 www.google.com tpc.googlesyndication.com
1 trc.taboola.com i.liadm.com
1 px.ads.linkedin.com i.liadm.com
1 pixel-eu.onaudience.com 1 redirects
1 green.erne.co 1 redirects
1 consentcdn.cookiebot.com consent.cookiebot.com
1 dc8xl0ndzn2cb.cloudfront.net bestlifeonline.com
1 lightboxapi.azurewebsites.net www.lightboxcdn.com
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.de securepubads.g.doubleclick.net
1 as-sec.casalemedia.com js-sec.indexww.com
1 region1.google-analytics.com www.googletagmanager.com
1 fastlane.rubiconproject.com karma.mdpcdn.com
1 hbopenbid.pubmatic.com karma.mdpcdn.com
1 htlb.casalemedia.com karma.mdpcdn.com
1 grid.bidswitch.net karma.mdpcdn.com
1 aax-dtb-cf.amazon-adsystem.com c.amazon-adsystem.com
1 stats.g.doubleclick.net www.google-analytics.com
1 api.rlcdn.com js-sec.indexww.com
karma.mdpcdn.com
1 id.sv.rkdms.com js-sec.indexww.com
1 rp4.liadm.com
1 rp.liadm.com 1 redirects
1 d9jj3mjthpub.cloudfront.net
1 d3div1mtym39ic.cloudfront.net
1 d30qdagvt44524.cloudfront.net karma.mdpcdn.com
1 karma.mdpcdn.com bestlifeonline.com
1 pixel.wp.com bestlifeonline.com
1 secure.gravatar.com bestlifeonline.com
1 p1.parsely.com bestlifeonline.com
1 api.parsely.com bestlifeonline.com
1 stats.wp.com bestlifeonline.com
1 cdn.parsely.com bestlifeonline.com
0 certify.alexametrics.com Failed
247 90

This site contains links to these domains. Also see Links.

Domain
integralads.com
www.stroeer.de
www.crazyegg.com
policies.google.com
www.cookiebot.com
www.parse.ly
crimtan.com
www.dailymail.co.uk
script.dotmetrics.net
www.id5.io
www.linkedin.com
www.sportradar.com
www.admedo.com
www.bidswitch.com
www.internedservices.nl
www.outbrain.com
automattic.com
www.nativo.com
www.redditinc.com
www.tiktok.com
www.jwplayer.com
betweendigital.ru
help.instagram.com
www.home.neustar
www.indexexchange.com
www.casalemedia.com
www.media.net
pubmatic.com
www.quantcast.com
yandex.com
www.rhythmone.com
unruly.co
improvedigital.com
www.demandbase.com
triplelift.com
www.acuityads.com
www.oracle.com
site.adform.com
www.we-are-adot.com
www.criteo.com
www.amobee.com
adgear.com
www.adition.com
adkernel.com
admanmedia.com
admixer.com
www.appnexus.com
www.rockerbox.com
www.mediamath.com
www.antvoice.com
travelaudience.com
www.thetradedesk.com
www.amazon.com
policies.oath.com
liveintent.com
www.beeswax.com
www.bidtheatre.com
www.blis.com
brand-display.com
www.appier.com
www.alexa.com
pulsepoint.com
www.deltaprojects.com
www.adobe.com
freewheel.tv
www.melia.com
www.sovrn.com
www.xaxis.com
privacy.nrich.ai
www.openx.com
zetaglobal.com
rubiconproject.com
www.scorecardresearch.com
www.freewheel.com
simpli.fi
www.simpli.fi
smadex.com
smartadserver.com
www.taptapnetworks.com
sonobi.com
www.spotx.tv
www.stackadapt.com
www.tapad.com
exponential.com
twitter.com
www.vidoomy.com
www.dataxu.com
policies.yahoo.com
yieldmo.com
www.zemanta.com
www.adroll.com
www.facebook.com
www.pinterest.com
www.tsa.gov
www.instagram.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-22 -
2023-08-22
a year crt.sh
*.parsely.com
Amazon
2022-06-05 -
2023-07-04
a year crt.sh
*.wp.com
Sectigo ECC Domain Validation Secure Server CA
2022-11-14 -
2023-12-15
a year crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA
2022-10-23 -
2023-11-23
a year crt.sh
*.liadm.com
Amazon
2022-01-31 -
2023-03-01
a year crt.sh
karma.mdpcdn.com
Amazon
2022-05-02 -
2023-05-31
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
*.cloudfront.net
Amazon
2022-02-01 -
2023-01-31
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh
securedvisit.com
Amazon
2022-10-29 -
2023-11-26
a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2022-02-03 -
2023-02-25
a year crt.sh
c.amazon-adsystem.com
Amazon
2022-05-09 -
2023-04-18
a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon
2022-06-15 -
2023-06-15
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2022-02-11 -
2023-03-14
a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA
2022-04-05 -
2023-05-04
a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-08-02 -
2023-01-25
6 months crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2022-06-13 -
2023-07-14
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-08 -
2023-04-04
a year crt.sh
*.google.de
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
*.google.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
*.scorecardresearch.com
Amazon
2022-01-29 -
2023-02-27
a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
*.azurewebsites.net
Microsoft Azure TLS Issuing CA 01
2022-03-14 -
2023-03-09
a year crt.sh
consent.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1
2022-06-04 -
2023-06-06
a year crt.sh
*.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1
2022-06-15 -
2023-06-17
a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1
2021-11-28 -
2022-12-29
a year crt.sh
www.google.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
*.prod.experiment.routing.cloudfront.aws.a2z.com
Amazon
2022-09-13 -
2023-10-12
a year crt.sh
fw.adsafeprotected.com
Amazon
2022-04-28 -
2023-05-27
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
static.adsafeprotected.com
Amazon
2022-08-06 -
2023-09-04
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
dt.adsafeprotected.com
Amazon
2022-11-04 -
2023-12-03
a year crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1
2022-03-11 -
2023-04-11
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-11-08 -
2023-05-03
6 months crt.sh
*.demdex.com
DigiCert TLS RSA SHA256 2020 CA1
2022-09-26 -
2023-10-27
a year crt.sh
d.adroll.com
Amazon RSA 2048 M01
2022-11-08 -
2023-12-07
a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2022-09-20 -
2023-09-20
a year crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1
2022-11-07 -
2023-12-08
a year crt.sh

This page contains 33 frames:

Primary Page: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Frame ID: 8D5DE8EF9B2038796DD8F4C65D9F2403
Requests: 88 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/lightbox.js?mb=1669054974174&lv=1
Frame ID: CDEC353AB12AEFD78FC2567035ACCE6E
Requests: 2 HTTP requests in this frame

Frame: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 12F579BE46511802F97574757579C613
Requests: 1 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-01ao?s=&cim=&ps=true&ls=true&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Frame ID: 0FFD939AA58ACC21397870F917F02A85
Requests: 8 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 1F828B2449B10E2C7AB3D683B6F256E8
Requests: 1 HTTP requests in this frame

Frame: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B86E31A3BB4AD010379B49B2CF2C3299
Requests: 23 HTTP requests in this frame

Frame: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E2529ACEAB179EACE6F37338499FBA22
Requests: 23 HTTP requests in this frame

Frame: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 47E82989039270B39F949BDEFC722FA5
Requests: 22 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E9ADB70208D20EE8AE8025F79C716F0E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F1355C0E5FD18DB3005A3C6F7E78B4B9
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYu8ejzAEwAQ&v=APEucNWIUgtjFdsIfXooRu798sz6tgUyJCMcWQUBmBBZQBM4023kDAG0o7ClAUrMJEKqDlz2Tmy8wGE4AiBJ3cOZrkEbOresYIGcjzA3nWUGSUjONc-JrF4kRb8eSz3MvaFQQ2hs54SYnilX0wwWzuFN2KANtGsOUkDvaXKO_EoNgZZu6x4pmZ1ccclYNQ52sSisJXhtDbUKbyDiH-XfypZ76UR7mho48w
Frame ID: 4500804F677A7B381881A00C4D4A052C
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY8qr32AEwAQ&v=APEucNVTfFZxKaOzml0LiFmNkEedanut3vZ-YKqiIo0sfJnKqW2Bn6SglskPSvnpYEn_sVIocaImZTx9G_KKWHjFS3fzL5SmLIlTqT86DOkv8YSYTtwvEZ8-14cQ9HAPZIWpYltyLEJynkhsS5qQpOl-qPQEvkLJGFc8JSQQo6D1bYeqi4GbphTgFAueYjRzfui5GxajZlLnP2vQSa7VBBN93sBZs_5pmA
Frame ID: B0EC29E1B09D641EA99B114E6E384DB3
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYhsajzAEwAQ&v=APEucNVsZS1DzGUlvNJX3WwVwp4lvZrJ31DUO09YUxTgZsa1_OzOFcqOjMJ-Vs24lJEQ7KRjuMS_N5R_lg-AIUKip333U6d8hv5Chx_Cyoj0geI2zi6RO0JPXt1HZTUf9FBiHl8RVMtBojiPd9R4TMS0ya8_YZeN7ewJG1dth4A11UIVvbR3swfI380GVjYugelJUQYawpwOvLkGLCibZcCTeLX_wgzjsg
Frame ID: D4B845594E37EA70828293702B28D8F1
Requests: 5 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/lightbox_builder.js?cb=637908759194514824
Frame ID: 886BF2B5605A92E3EE4DF1C9143BFB22
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13149555382649913209/index.html
Frame ID: 8A207681F36BC0B62FCF43CA631D9940
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/18323139811780221838/index.html?e=69&leftOffset=0&topOffset=0&c=ukLlAfiS7c&t=1&renderingType=2&ev=01_247
Frame ID: 31B84A0B54BB72EB74C2FA3FCB31107B
Requests: 8 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: C88151BC8D18AC27442717C02FF85F4B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CD1F52C0294182A31F308615E913E9C1
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12067022830250736275/index.html?e=69&leftOffset=0&topOffset=0&c=lBWikGQ9Yb&t=1&renderingType=2&ev=01_247
Frame ID: E887D0D41D2D55BF01B686C04358D163
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C7682B4D82883F9B20316011A912D4D9
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2F8E03C14F04818E02154D2A64A31005
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 3D5EE02FDEF927BD344F1781BE2DB7C8
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: D9C4857882FA763D37EB49BF3CECCB04
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
Frame ID: 97B8E48E08FFCD4FB0595FFA14F2A16E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
Frame ID: A1C8620DBFD1D62A9E58B394C36E33AB
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158139
Frame ID: ADCC35546F6DB6570A5850AF5145C099
Requests: 10 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 9D9C3A0DA8E8635A6863EB8E563AEACA
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 73F5DCAB33F748D6CB66A3857E065694
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E2207D93EC0B4056B64E9907F463A1E0
Requests: 3 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 288B517AB386F58E4597A95AD937EA16
Requests: 10 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=FCC8C67B-1105-421F-A611-A84758C2F41E&gdpr=0&gdpr_consent=
Frame ID: EFE3721E314E57E29AAA64207D21A220
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=9042871758847304345
Frame ID: 96EA1BB20110E212490C3B67387FB240
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d49a637b-c200-4600-8870-dd03b591bae3&gdpr=0&gdpr_consent=
Frame ID: 13EFF9F06786055555648778ADDE834D
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

TSA Issues New Alert on What Food You Can't Pack in Carry-On

Page URL History Show full URLs

  1. http://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news HTTP 301
    https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news HTTP 301
    https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • <iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

247
Requests

86 %
HTTPS

42 %
IPv6

49
Domains

90
Subdomains

75
IPs

11
Countries

2709 kB
Transfer

7607 kB
Size

71
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news HTTP 301
    https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news HTTP 301
    https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32
  • https://c.amazon-adsystem.com/aax2/apstag.js HTTP 301
  • https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
Request Chain 34
  • https://rp.liadm.com/j?dtstmp=1669054973931&aid=a-01ao&se=e30&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&tna=v2.5.1&pu=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&wpn=lc-bundle&c=PHRpdGxlPlRTQSBJc3N1ZXMgTmV3IEFsZXJ0IG9uIFdoYXQgRm9vZCBZb3UgQ2FuJ3QgUGFjayBpbiBDYXJyeS1PbjwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkFoZWFkIG9mIFRoYW5rc2dpdmluZywgVFNBIG91dGxpbmVkIHdoaWNoIGZvb2QgaXRlbXMgeW91IGNhbiBhbmQgY2Fubm90IHBhY2sgaW4geW91ciBjYXJyeS1vbiBhbmQgdGFrZSB0aHJvdWdoIHNlY3VyaXR5LiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vYmVzdGxpZmVvbmxpbmUuY29tL3RzYS10aGFua3NnaXZpbmctZm9vZC1jYXJyeS1vbi1uZXdzLyI-PGgxIGNsYXNzPSJwb3N0LXRpdGxlIGNlbnRlci1ibG9jayI-VFNBIElzc3VlcyBOZXcgQWxlcnQgb24gV2hhdCBZb3UgQ2FuJ3QgQ2FycnkgVGhyb3VnaCBTZWN1cml0eTwvaDE- HTTP 302
  • https://rp4.liadm.com/j?dtstmp=1669054973931&aid=a-01ao&se=e30&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&tna=v2.5.1&pu=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&wpn=lc-bundle&c=PHRpdGxlPlRTQSBJc3N1ZXMgTmV3IEFsZXJ0IG9uIFdoYXQgRm9vZCBZb3UgQ2FuJ3QgUGFjayBpbiBDYXJyeS1PbjwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkFoZWFkIG9mIFRoYW5rc2dpdmluZywgVFNBIG91dGxpbmVkIHdoaWNoIGZvb2QgaXRlbXMgeW91IGNhbiBhbmQgY2Fubm90IHBhY2sgaW4geW91ciBjYXJyeS1vbiBhbmQgdGFrZSB0aHJvdWdoIHNlY3VyaXR5LiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vYmVzdGxpZmVvbmxpbmUuY29tL3RzYS10aGFua3NnaXZpbmctZm9vZC1jYXJyeS1vbi1uZXdzLyI-PGgxIGNsYXNzPSJwb3N0LXRpdGxlIGNlbnRlci1ibG9jayI-VFNBIElzc3VlcyBOZXcgQWxlcnQgb24gV2hhdCBZb3UgQ2FuJ3QgQ2FycnkgVGhyb3VnaCBTZWN1cml0eTwvaDE-&i6=MjAwMTphYzg6MjA6M2IwMDoxMDExOmNiODg6M2U0Nzo3NjY3&n3pc=true
Request Chain 83
  • https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-01ao%2F0%2F2a4bad162f674f1a8053ed87ecd54e20%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&1d5ac322-c95e-4efa-874b-ccfe0379b259 HTTP 302
  • https://i.liadm.com/s/e/a-01ao/0/2a4bad162f674f1a8053ed87ecd54e20?mpid=7156&muid=d49a637b-c200-4600-8870-dd03b591bae3
Request Chain 85
  • https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=1d5ac322-c95e-4efa-874b-ccfe0379b259&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=1d5ac322-c95e-4efa-874b-ccfe0379b259&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
  • https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=cb7d5e9d-85ab-4d3d-bfde-e38bcd3bc37f HTTP 303
  • https://x.bidswitch.net/sync?ssp=liveintent&user_id=1d5ac322-c95e-4efa-874b-ccfe0379b259 HTTP 302
  • https://green.erne.co/bidswitch/cm?bidswitch_ssp_id=liveintent&gdpr=&gdpr_consent= HTTP 302
  • https://pixel-eu.onaudience.com/?partner=273&smartmap=1&gdpr=&gdpr_consent=&redirect=x.bidswitch.net%2Fsync%3Fdsp_id%3D270%26expires%3D10%26user_id%3D%25_rid%26ssp%3Dliveintent HTTP 302
  • https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fx.bidswitch.net%252Fsync%253Fdsp_id%253D270%2526expires%253D10%2526user_id%253DHHt10NrrgRMQhYYUTYgTWTTT%2526ssp%253Dliveintent
Request Chain 86
  • https://dpm.demdex.net/ibs:dpid=127444&dpuuid=1d5ac322-c95e-4efa-874b-ccfe0379b259&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-01ao%2F0%2F2a4bad162f674f1a8053ed87ecd54e20%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=1d5ac322-c95e-4efa-874b-ccfe0379b259&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-01ao%2F0%2F2a4bad162f674f1a8053ed87ecd54e20%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
  • https://i.liadm.com/s/e/a-01ao/0/2a4bad162f674f1a8053ed87ecd54e20?mpid=82775&muid=73624032271129805270050695444475813725
Request Chain 87
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=1d5ac322-c95e-4efa-874b-ccfe0379b259 HTTP 302
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=1d5ac322-c95e-4efa-874b-ccfe0379b259&rd=Y
Request Chain 88
  • https://io.narrative.io/?companyId=82&id=li_id:1d5ac322-c95e-4efa-874b-ccfe0379b259&id=md5_email:&id=sha1_email:&id=sha256_email:&red=https%3A%2F%2Fpx.ads.linkedin.com%2Fdb_sync%3Fpid%3D16223%26puuid%3D%24%7Bnarrative.id.value%7D%26rand%3D1669054974 HTTP 302
  • https://io.narrative.io/?io.narrative.guid.v2=849147d0-69c9-11ed-a183-06192a72c749&companyId=82&id=li_id:1d5ac322-c95e-4efa-874b-ccfe0379b259&id=md5_email:&id=sha1_email:&id=sha256_email:&red=https%3A%2F%2Fpx.ads.linkedin.com%2Fdb_sync%3Fpid%3D16223%26puuid%3D%24%7Bnarrative.id.value%7D%26rand%3D1669054974 HTTP 302
  • https://px.ads.linkedin.com/db_sync?pid=16223&puuid=849147d0-69c9-11ed-a183-06192a72c749&rand=1669054974
Request Chain 132
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
Request Chain 133
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y3vB-0.nQACYvEJDl6cjMQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
Request Chain 134
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
Request Chain 135
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
Request Chain 136
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
Request Chain 137
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y3vB-0.nQACYvEJDl6cjMQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
Request Chain 138
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
Request Chain 139
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
Request Chain 140
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
Request Chain 141
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y3vB-0.nQACYvEJDl6cjMQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
Request Chain 142
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
Request Chain 143
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
Request Chain 160
  • https://fw.adsafeprotected.com/rfw/st/1222871/67063675/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1009402791&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=18669544255&bidurl=https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hSHFlkQDduRImK-vODw5MR&adContainerId=brand_safety__8F7Y5eSC7O7x_APv5yGWA&cbFunctionName=goog_wrapCb__8F7Y5eSC7O7x_APv5yGWA&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fbestlifeonline.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fbestlifeonline.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fcd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fcd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:61d210bb-e56d-8920-51bd-0deccdd1906e,c:uCXXt8,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-66d8897c75-xwlpk,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tnQAAeW+11%7C12%7C13%7C14%7C15%7C16*.1222871-67063675%7C161%7C162%7C171%7C181%7C182%7C191%7C1a%7C1b,idMap:16*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:21,oid:84b60e23-69c9-11ed-9fc3-c26988302c8a,v:19.8.365,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
Request Chain 177
  • https://fw.adsafeprotected.com/rfw/st/1034476/65087491/skeleton.js?ias_dspID=3&ias_campId=29059254&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=17481969010&bidurl=https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jJ7l8-1cA3URwB-jTbdUJg&adsafe_url=https%3A%2F%2Fbestlifeonline.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fbestlifeonline.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fcd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fcd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:b6e31f26-9de6-e105-be76-0087648f73fe,c:uCXXwZ,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-66d8897c75-8mm5w,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:246,mot:0,app:0,maw:0,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C171%7C172%7C173%7C18*.1034476-65087491%7C181%7C182%7C183%7C191%7C1a%7C1b,idMap:18*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:264,oid:84b635ca-69c9-11ed-bd5e-92ecffce99a4,v:19.8.365,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/skeleton.js
Request Chain 179
  • https://fw.adsafeprotected.com/rfw/st/1034476/65087490/skeleton.js?ias_dspID=3&ias_campId=29059254&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=17481969010&bidurl=https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gk93gkZv3kjNPtd08ijnpV&adsafe_url=https%3A%2F%2Fbestlifeonline.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fbestlifeonline.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fcd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fcd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:afe71c7f-09b4-c128-0170-10aec56ec3e7,c:uCXXxt,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-66d8897c75-5wgxh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:284,mot:0,app:0,maw:0,fm:tnQAAeU+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C17*.1034476-65087490%7C171%7C172%7C173%7C181%7C182%7C183%7C184%7C191%7C1a%7C1b,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:291,oid:84b634fb-69c9-11ed-9851-f65cbd6c5dbc,v:19.8.365,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/skeleton.js
Request Chain 227
  • https://x.bidswitch.net/sync?ssp=themediagrid HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=cb7d5e9d-85ab-4d3d-bfde-e38bcd3bc37f&ssp=themediagrid&gdpr=&gdpr_consent=
Request Chain 232
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESED4O3AeAo1Mld5cFWKcfiE4&google_cver=1
Request Chain 233
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB&dcc=t
Request Chain 237
  • https://c1.adform.net/serving/cookie/match?party=29 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=29 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=953110695174317294&expiration=1670264577
Request Chain 238
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB&gdpr_consent=&us_privacy=&gdpr=&verify=true HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/casale/Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB
Request Chain 240
  • https://c1.adform.net/serving/cookie/match?party=14&cid=FCC8C67B-1105-421F-A611-A84758C2F41E&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=FCC8C67B-1105-421F-A611-A84758C2F41E&gdpr=0&gdpr_consent=
Request Chain 241
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=9042871758847304345
Request Chain 242
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d49a637b-c200-4600-8870-dd03b591bae3&gdpr=0&gdpr_consent=
Request Chain 243
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_MjGexEFQh-mEahHWML0Hg%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Request Chain 244
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=d49a637b-c200-4600-8870-dd03b591bae3
Request Chain 245
  • https://pixel.onaudience.com/?partner=214&mapped=FCC8C67B-1105-421F-A611-A84758C2F41E&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=a9fdb33673a74777/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D
Request Chain 246
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RkNDOEM2N0ItMTEwNS00MjFGLUE2MTEtQTg0NzU4QzJGNDFF&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 247
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMJRAThL-xiFPqQyFL05_Gk&google_cver=1
Request Chain 249
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1609273821351993446

247 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Redirect Chain
  • http://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news
  • https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news
  • https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
140 KB
27 KB
Document
General
Full URL
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordPress VIP <https://wpvip.com>
Resource Hash
f0661a3d40201d85606203046629c365971b4d1fa7cd29e25e9b28622ef1620c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=14400, must-revalidate
cf-apo-via
origin,miss
cf-cache-status
EXPIRED
cf-edge-cache
cache,platform=wordpress
cf-ray
76db7409882f9bdc-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 21 Nov 2022 18:22:53 GMT
host-header
a9130478a60e5f9135f765b23f26593b
last-modified
Mon, 21 Nov 2022 17:16:04 GMT
link
<https://bestlifeonline.com/wp-json/>; rel="https://api.w.org/", <https://bestlifeonline.com/wp-json/wp/v2/posts/408031>; rel="alternate"; type="application/json", <https://bestlifeonline.com/?p=408031>; rel=shortlink
server
cloudflare
vary
Accept-Encoding
x-cache
miss
x-hacker
If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by
WordPress VIP <https://wpvip.com>
x-rq
hhn1 0 4 9980

Redirect headers

cache-control
max-age=14400
cf-apo-via
origin,resnok
cf-cache-status
MISS
cf-edge-cache
cache,platform=wordpress
cf-ray
76db7406da069bdc-FRA
content-type
text/html; charset=UTF-8
date
Mon, 21 Nov 2022 18:22:52 GMT
expires
Mon, 21 Nov 2022 19:22:52 GMT
host-header
a9130478a60e5f9135f765b23f26593b
location
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
server
cloudflare
vary
Accept-Encoding
x-cache
miss
x-hacker
If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by
WordPress VIP <https://wpvip.com>
x-redirect-by
WordPress
x-rq
hhn1 0 4 9980
shutterstock_2055194492.jpg
bestlifeonline.com/wp-content/uploads/sites/3/2022/11/
17 KB
17 KB
Image
General
Full URL
https://bestlifeonline.com/wp-content/uploads/sites/3/2022/11/shutterstock_2055194492.jpg?quality=82&strip=1&resize=640%2C360
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0fceb515f303c6a5d1153bf041d622fa4b9899cd97162a23b3d0d41208f88ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
x-rq
hhn1 109 30 443
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Nov 2022 23:48:46 GMT
server
cloudflare
etag
"af52788974380994"
vary
Accept
x-cache
HIT
content-type
image/webp
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
76db740edcdd9bdc-FRA
content-length
17018
expires
Fri, 17 Nov 2023 23:48:46 GMT
main-concat.css
bestlifeonline.com/wp-content/themes/bestlife/css/
82 KB
16 KB
Stylesheet
General
Full URL
https://bestlifeonline.com/wp-content/themes/bestlife/css/main-concat.css?ver=1668705532
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8ecd971b32de0b983a3d4d0a20061b4aaceba5959e44642887aad6f9fd1697c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
age
349048
x-cache
hit
content-length
15955
x-rq
hhn1 0 4 9980
last-modified
Thu, 17 Nov 2022 17:18:52 GMT
server
cloudflare
etag
W/"63766cfc-149e6"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
76db740edcdf9bdc-FRA
expires
Fri, 17 Nov 2023 17:25:25 GMT
roboto-condensed-v19-latin-regular.woff2
bestlifeonline.com/wp-content/themes/bestlife/fonts/
15 KB
15 KB
Font
General
Full URL
https://bestlifeonline.com/wp-content/themes/bestlife/fonts/roboto-condensed-v19-latin-regular.woff2
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f

Request headers

Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Origin
https://bestlifeonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
age
949647
x-cache
hit
content-length
15743
x-rq
ams7 0 4 9980
last-modified
Tue, 08 Nov 2022 16:02:26 GMT
server
cloudflare
etag
W/"636a7d92-3d68"
vary
X-Mobile-Class, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
76db740edce49bdc-FRA
expires
Fri, 10 Nov 2023 18:35:26 GMT
roboto-v20-latin-700.woff2
bestlifeonline.com/wp-content/themes/bestlife/fonts/
15 KB
16 KB
Font
General
Full URL
https://bestlifeonline.com/wp-content/themes/bestlife/fonts/roboto-v20-latin-700.woff2
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae

Request headers

Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Origin
https://bestlifeonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
age
949647
x-cache
hit
content-length
15839
x-rq
hhn1 0 4 9980
last-modified
Tue, 08 Nov 2022 16:02:26 GMT
server
cloudflare
etag
W/"636a7d92-3dc8"
vary
X-Mobile-Class, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
76db740edce59bdc-FRA
expires
Fri, 10 Nov 2023 18:35:26 GMT
classic-themes.min.css
bestlifeonline.com/wp-includes/css/
217 B
290 B
Stylesheet
General
Full URL
https://bestlifeonline.com/wp-includes/css/classic-themes.min.css?ver=1
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
x-rq
hhn1 0 4 9980
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 02 Nov 2022 01:44:18 GMT
server
cloudflare
age
949647
etag
W/"6361cb72-d9"
vary
Accept-Encoding
x-cache
hit
content-type
text/css
cache-control
max-age=31536000
cf-ray
76db740edce29bdc-FRA
expires
Fri, 10 Nov 2023 18:35:26 GMT
jetpack.css
bestlifeonline.com/wp-content/mu-plugins/jetpack-11.5/css/
84 KB
16 KB
Stylesheet
General
Full URL
https://bestlifeonline.com/wp-content/mu-plugins/jetpack-11.5/css/jetpack.css?ver=11.5.1
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96852267480e97e11f1058af3c56a86368b3c6647c2c4de7a69de2a693be9f68

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
x-rq
hhn1 0 4 9980
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 10 Nov 2022 18:35:32 GMT
server
cloudflare
age
945712
etag
W/"636d4474-14f92"
vary
Accept-Encoding
x-cache
miss
content-type
text/css
cache-control
max-age=31536000
cf-ray
76db740edce69bdc-FRA
expires
Fri, 10 Nov 2023 19:41:01 GMT
email-decode.min.js
bestlifeonline.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
848 B
Script
General
Full URL
https://bestlifeonline.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 15 Nov 2022 18:10:02 GMT
server
cloudflare
etag
W/"6373d5fa-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
76db740f2d659bdc-FRA
expires
Wed, 23 Nov 2022 18:22:53 GMT
regenerator-runtime.min.js
bestlifeonline.com/wp-includes/js/dist/vendor/
6 KB
3 KB
Script
General
Full URL
https://bestlifeonline.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
age
949647
x-cache
hit
content-length
2457
x-rq
hhn1 0 4 9980
last-modified
Tue, 18 Oct 2022 13:30:39 GMT
server
cloudflare
etag
W/"634eaa7f-194b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
76db740f2d7d9bdc-FRA
expires
Fri, 10 Nov 2023 18:35:26 GMT
wp-polyfill.min.js
bestlifeonline.com/wp-includes/js/dist/vendor/
17 KB
7 KB
Script
General
Full URL
https://bestlifeonline.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
age
949647
x-cache
hit
content-length
6532
x-rq
hhn1 0 4 9980
last-modified
Wed, 02 Nov 2022 01:44:19 GMT
server
cloudflare
etag
W/"6361cb73-459f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
76db740f2d809bdc-FRA
expires
Fri, 10 Nov 2023 18:35:26 GMT
hooks.min.js
bestlifeonline.com/wp-includes/js/dist/
5 KB
2 KB
Script
General
Full URL
https://bestlifeonline.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
age
949647
x-cache
hit
content-length
1661
x-rq
hhn1 0 4 9980
last-modified
Tue, 01 Nov 2022 19:35:11 GMT
server
cloudflare
etag
W/"636174ef-132e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
76db740f2d839bdc-FRA
expires
Fri, 10 Nov 2023 18:35:26 GMT
loader.js
bestlifeonline.com/wp-content/plugins/wp-parsely/build/
2 KB
1 KB
Script
General
Full URL
https://bestlifeonline.com/wp-content/plugins/wp-parsely/build/loader.js?ver=eba15df5f79bd7d0de45
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f832a3f9fb50dfb245accbfe1f55d83f4330332a2a1b1640888d253398b95bb9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
age
949647
x-cache
hit
content-length
1024
x-rq
hhn1 0 4 9980
last-modified
Thu, 27 Oct 2022 19:23:36 GMT
server
cloudflare
etag
W/"635adab8-9c2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
76db740f2d879bdc-FRA
expires
Fri, 10 Nov 2023 18:35:26 GMT
p.js
cdn.parsely.com/keys/bestlifeonline.com/
56 KB
21 KB
Script
General
Full URL
https://cdn.parsely.com/keys/bestlifeonline.com/p.js?ver=3.5.2
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.61.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-61-60.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
82fc7415ed2df389cb26bd29f6f73e4fb63677f3cc5f0b35a1a1ded5da17b5e0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
public
date
Mon, 21 Nov 2022 01:19:27 GMT
content-encoding
gzip
via
1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront)
last-modified
Wed, 24 Feb 2021 16:21:20 GMT
server
nginx
x-amz-cf-pop
FRA56-C1
age
66751
etag
W/"60367d00-e166"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400, public
x-amz-cf-id
1M1KHFlagLUGwDaXIsXTkuQW0UjXly4Vtpzv1nR9VAJ8qec-ILxSSA==
expires
Mon, 21 Nov 2022 23:50:22 GMT
bundle.min.js
bestlifeonline.com/wp-content/themes/bestlife/js/
15 KB
6 KB
Script
General
Full URL
https://bestlifeonline.com/wp-content/themes/bestlife/js/bundle.min.js?ver=1668705532
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8436c7297967e0e046154bf4a7f2052169399e6c29089277906e6988bfb1d2d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
age
349048
x-cache
hit
content-length
5946
x-rq
hhn1 0 4 9980
last-modified
Thu, 17 Nov 2022 17:18:52 GMT
server
cloudflare
etag
W/"63766cfc-3cf3"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
76db740f2d8b9bdc-FRA
expires
Fri, 17 Nov 2023 17:25:25 GMT
e-202247.js
stats.wp.com/
9 KB
3 KB
Script
General
Full URL
https://stats.wp.com/e-202247.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nc
HIT ams
date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
br
server
nginx
etag
W/"62f6b688-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Mon, 13 Nov 2023 04:58:20 GMT
roboto-v20-latin-regular.woff2
bestlifeonline.com/wp-content/themes/bestlife/fonts/
15 KB
16 KB
Font
General
Full URL
https://bestlifeonline.com/wp-content/themes/bestlife/fonts/roboto-v20-latin-regular.woff2
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Request headers

Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Origin
https://bestlifeonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
age
949561
x-cache
hit
content-length
15759
x-rq
hhn1 0 4 9980
last-modified
Tue, 08 Nov 2022 16:02:26 GMT
server
cloudflare
etag
W/"636a7d92-3d78"
vary
X-Mobile-Class, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
76db740f3dac9bdc-FRA
expires
Fri, 10 Nov 2023 18:36:52 GMT
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ffcf7cefdea7119a342c37b42c7bc14dfe4fe68cf908836af2313449db5490a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aa489d710311bc7f70a3df774a783ec2195adc39daac94a4cd23d5589b24043e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95d4c35944949980c11b56c7abcd96d0632c3281a6ffd54bb236d501643558bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb5f765b9f99d9ea48a3777fa0d725ea4e402892d0195990764689a09bdd5d60

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dc2f03640c55d7361dc950b90f842e5e0f5d670d27bd10d750c6ba5dfea2e49d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
roboto-v20-latin-300.woff2
bestlifeonline.com/wp-content/themes/bestlife/fonts/
15 KB
16 KB
Font
General
Full URL
https://bestlifeonline.com/wp-content/themes/bestlife/fonts/roboto-v20-latin-300.woff2
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29f6da0a8c21c5681511bb9b08663d3fd2c5d09c9bd8054ec354c563b8c8b7c1

Request headers

Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Origin
https://bestlifeonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
age
948890
x-cache
hit
content-length
15807
x-rq
hhn1 0 4 9980
last-modified
Tue, 08 Nov 2022 16:02:26 GMT
server
cloudflare
etag
W/"636a7d92-3da8"
vary
X-Mobile-Class, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
76db740f7e7b9bdc-FRA
expires
Fri, 10 Nov 2023 18:48:03 GMT
profile
api.parsely.com/v2/
281 B
387 B
Fetch
General
Full URL
https://api.parsely.com/v2/profile?apikey=bestlifeonline.com&uuid=pid%3Df9cfb1b700b8388e5a15bb4f62e34ad1&url=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/wp-content/plugins/wp-parsely/build/loader.js?ver=eba15df5f79bd7d0de45
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.164.3.34 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-164-3-34.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6c1daa5e2fd8ad536bb1e02e51a2c795d0ea9df215df735b1884a3bd76a1a27e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 21 Nov 2022 18:22:53 GMT
server
nginx
content-length
281
content-type
application/json
/
p1.parsely.com/plogger/
43 B
257 B
Image
General
Full URL
https://p1.parsely.com/plogger/?rand=1669054973375&plid=69381539&idsite=bestlifeonline.com&url=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&sref=&sts=1669054973371&slts=0&title=TSA+Issues+New+Alert+on+What+Food+You+Can%27t+Pack+in+Carry-On&date=Mon+Nov+21+2022+18%3A22%3A53+GMT%2B0000+(GMT)&action=pageview&pvid=32105566&u=pid%3Df9cfb1b700b8388e5a15bb4f62e34ad1
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.34.81.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-34-81-234.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 18:22:53 GMT
Cache-Control
no-cache
Last-Modified
Monday, 21-Nov-2022 18:22:53 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
75e743ccbfbef037470a05344433b941
secure.gravatar.com/avatar/
146 B
423 B
Image
General
Full URL
https://secure.gravatar.com/avatar/75e743ccbfbef037470a05344433b941?s=96&d=blank&r=g
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
9891443922f3308f109272f30ac5e06397f084add2d14f4373fa718ceeb7c834

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Mon, 21 Nov 2022 18:22:53 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="75e743ccbfbef037470a05344433b941.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/75e743ccbfbef037470a05344433b941?s=96&d=blank&r=g>; rel="canonical"
content-length
146
expires
Mon, 21 Nov 2022 18:27:53 GMT
g.gif
pixel.wp.com/
50 B
93 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&blog=148740148&post=408031&tz=-5&srv=bestlifeonline.com&hp=vip&j=1%3A11.5.1&host=bestlifeonline.com&ref=&fcp=1581&rand=0.6881250707271447
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 21 Nov 2022 18:22:53 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
michael-main-e1669051625410.png
bestlifeonline.com/wp-content/uploads/sites/3/2022/11/
26 KB
26 KB
Image
General
Full URL
https://bestlifeonline.com/wp-content/uploads/sites/3/2022/11/michael-main-e1669051625410.png?resize=183,133
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5733b862a5e2bafe7ab05f510fdc916cb7cbc8e8b7d800ca7fb9cef5b8e2dc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
x-rq
hhn1 109 195 443
cf-cache-status
DYNAMIC
last-modified
Mon, 21 Nov 2022 18:02:15 GMT
server
cloudflare
etag
"cb5fecf170f38f1c"
vary
Accept
x-cache
HIT
content-type
image/webp
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
76db741099139bdc-FRA
content-length
26936
expires
Tue, 21 Nov 2023 18:02:15 GMT
a-01ao.min.js
b-code.liadm.com/
30 KB
11 KB
Script
General
Full URL
https://b-code.liadm.com/a-01ao.min.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:c800:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
59cb97a4e767151488e2ad56cddaa76f81ce07285d80a81be954314fd5285017

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 08:03:02 GMT
content-encoding
gzip
via
1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
37191
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
"public, max-age=86400"
x-amz-cf-id
TRgmDXr1zYQVBZ63xvzNqQFc83EBd2oEXL4iXTTIEJtLrT3ODVc98w==
karma_revshare.bestlifeonline.com.js
karma.mdpcdn.com/service/js-min/
348 KB
109 KB
Script
General
Full URL
https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:1a00:d:2820:3bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
eff473cf679cd4f89c61f0f0889fc582be4fb30f9d980bb15ae2abe731ebfaaa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id
TtCe2.sie8eRr8UYM1xTFW4ffcunEOWd
content-encoding
gzip
via
1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
date
Mon, 21 Nov 2022 18:22:53 GMT
last-modified
Mon, 01 Aug 2022 19:56:50 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
age
126
etag
W/"218ae923f4c8e0d436af6b9cbdff5593"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
DYSjb63aP8ly3_OZZv02xHtsvCClhHI_6MFmTQ4th086J9eE8oX67w==
sync-container.js
b-code.liadm.com/
6 KB
6 KB
Script
General
Full URL
https://b-code.liadm.com/sync-container.js
Requested by
Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-01ao.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:c800:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id
WIo1DFPCLgnYZuB8yv1dFIDWe1bYBj2G
date
Fri, 04 Nov 2022 20:20:54 GMT
via
1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
1461720
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
5904
last-modified
Tue, 10 May 2022 11:48:07 GMT
server
AmazonS3
etag
"ae5e94de938b0387eda6df8f20da811a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
x-amz-cf-id
idCdHdpAKrtnTijT31Kc-p0YJctPUfl7WTC3vCRzv7M7dQEnrj6dOw==
gpt.js
securepubads.g.doubleclick.net/tag/js/
78 KB
27 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f43973ee0ee121287cca23c16a48de9fce9a5701eaa6724be93d702654a9677f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27247
x-xss-protection
0
server
sffe
etag
"1398 / 110 of 1000 / last-modified: 1669032597"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Mon, 21 Nov 2022 18:22:53 GMT
segments
d30qdagvt44524.cloudfront.net/production/
15 B
358 B
Script
General
Full URL
https://d30qdagvt44524.cloudfront.net/production/segments?muid=6167aa10-4997-41dc-844f-2386df521ed5
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:600:19:bcbe:a700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
727b3ff0c716fa8e38788e3dab83691b06edf37ca523b826f9ef67700021516b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
via
1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amzn-trace-id
Root=1-637bc1fe-4577d6c15121fafc2e3dc6b1;Sampled=0
x-amzn-requestid
837f77ea-a947-4f19-957d-bf1ef72f32a2
x-cache
Miss from cloudfront
content-type
text/javascript
x-amz-apigw-id
b9s_vFPcIAMFoOQ=
content-length
15
x-amz-cf-id
CXQ91-gG-1xbhNY6y4uYkoUyJOGur8ptoSYNDB1s3GX_e_nJCiwkBg==
184003-52190608802424.js
js-sec.indexww.com/ht/p/
39 KB
13 KB
Script
General
Full URL
https://js-sec.indexww.com/ht/p/184003-52190608802424.js
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5800f312944709b8d8e2e638a4c64704be610892c2fd06e962ac74b222615e19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:53 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 21 Nov 2022 18:11:34 GMT
server
cloudflare
age
534
etag
W/"da0088-9a4c-5edfefc519931"
vary
Accept-Encoding
content-type
text/javascript
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=14400
cf-ray
76db74130c7790bb-FRA
expires
Mon, 21 Nov 2022 22:22:53 GMT
apstag.js
d3div1mtym39ic.cloudfront.net/aax2/
Redirect Chain
  • https://c.amazon-adsystem.com/aax2/apstag.js
  • https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
178 KB
39 KB
Script
General
Full URL
https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
Protocol
H2
Server
2600:9000:2057:8a00:11:1ed0:3900:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bd8b521307332fcb0a59ff2cbfe324322d6f4108b24363b6c8d26a0ec8be50da

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:12:46 GMT
content-encoding
br
via
1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 20:51:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
608
x-amz-server-side-encryption
AES256
etag
W/"e675a6dfe90787fca79a6c96fd29c2d8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-id
VnFk7izRPp5p5rGfQXPkMUZLsrPYJ6Dfq0ZKLvttHzUzqqeYk86Jkw==

Redirect headers

date
Sun, 20 Nov 2022 22:41:15 GMT
via
1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront), 1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA2-C1, FRA56-C2
age
70898
x-cache
Hit from cloudfront
content-type
text/html
location
https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
content-length
167
x-amz-cf-id
SWmEFyJ7RRbEuD1py-k2gsE1JkqPWMKCkKH76bly4MRpnt9bFYMmGg==
x.gif
d9jj3mjthpub.cloudfront.net/
35 B
462 B
Image
General
Full URL
https://d9jj3mjthpub.cloudfront.net/x.gif?pulse=-1&v=l1.0.21&type=karma&globalTI_SID=6167aa10-4997-41dc-844f-2386df521ed5&request_id=136c69a7-8000-4388-85dd-2ddc3dbb6108&url=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&host=bestlifeonline.com&ua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F107.0.5304.110%20safari%2F537.36&muuid_origin=bestlifeonline.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:c800:11:e0c9:84c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 16:47:10 GMT
via
1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront)
last-modified
Sun, 24 Feb 2019 04:40:26 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
age
5744
etag
"28d6814f309ea289f847c69cf91194c6"
x-cache
Hit from cloudfront
content-type
image/gif
accept-ranges
bytes
content-length
35
x-amz-cf-id
Ze9H_6erFCKfZvrbT42auJrmZkXWklJeendt3k7aUJgpqcsTzVuuPQ==
j
rp4.liadm.com/
Redirect Chain
  • https://rp.liadm.com/j?dtstmp=1669054973931&aid=a-01ao&se=e30&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&tna=v2.5.1&pu=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&w...
  • https://rp4.liadm.com/j?dtstmp=1669054973931&aid=a-01ao&se=e30&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&tna=v2.5.1&pu=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&...
13 B
552 B
XHR
General
Full URL
https://rp4.liadm.com/j?dtstmp=1669054973931&aid=a-01ao&se=e30&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&tna=v2.5.1&pu=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&wpn=lc-bundle&c=PHRpdGxlPlRTQSBJc3N1ZXMgTmV3IEFsZXJ0IG9uIFdoYXQgRm9vZCBZb3UgQ2FuJ3QgUGFjayBpbiBDYXJyeS1PbjwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkFoZWFkIG9mIFRoYW5rc2dpdmluZywgVFNBIG91dGxpbmVkIHdoaWNoIGZvb2QgaXRlbXMgeW91IGNhbiBhbmQgY2Fubm90IHBhY2sgaW4geW91ciBjYXJyeS1vbiBhbmQgdGFrZSB0aHJvdWdoIHNlY3VyaXR5LiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vYmVzdGxpZmVvbmxpbmUuY29tL3RzYS10aGFua3NnaXZpbmctZm9vZC1jYXJyeS1vbi1uZXdzLyI-PGgxIGNsYXNzPSJwb3N0LXRpdGxlIGNlbnRlci1ibG9jayI-VFNBIElzc3VlcyBOZXcgQWxlcnQgb24gV2hhdCBZb3UgQ2FuJ3QgQ2FycnkgVGhyb3VnaCBTZWN1cml0eTwvaDE-&i6=MjAwMTphYzg6MjA6M2IwMDoxMDExOmNiODg6M2U0Nzo3NjY3&n3pc=true
Protocol
H2
Server
3.218.4.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-218-4-10.compute-1.amazonaws.com
Software
/
Resource Hash
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
x-pixel-event-id
dacf2849-c8fc-4a7a-b25b-52d7a91797b6
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
strict-transport-security
max-age=31536000; includeSubDomains
x-frame-options
DENY
vary
Origin
content-type
application/json
request-time
0
access-control-allow-origin
null
access-control-allow-credentials
true
trace-id
c75a58078374ca49
content-length
13
x-xss-protection
1; mode=block

Redirect headers

date
Mon, 21 Nov 2022 18:22:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
x-frame-options
DENY
vary
Origin
location
https://rp4.liadm.com/j?dtstmp=1669054973931&aid=a-01ao&se=e30&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&tna=v2.5.1&pu=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&wpn=lc-bundle&c=PHRpdGxlPlRTQSBJc3N1ZXMgTmV3IEFsZXJ0IG9uIFdoYXQgRm9vZCBZb3UgQ2FuJ3QgUGFjayBpbiBDYXJyeS1PbjwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkFoZWFkIG9mIFRoYW5rc2dpdmluZywgVFNBIG91dGxpbmVkIHdoaWNoIGZvb2QgaXRlbXMgeW91IGNhbiBhbmQgY2Fubm90IHBhY2sgaW4geW91ciBjYXJyeS1vbiBhbmQgdGFrZSB0aHJvdWdoIHNlY3VyaXR5LiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vYmVzdGxpZmVvbmxpbmUuY29tL3RzYS10aGFua3NnaXZpbmctZm9vZC1jYXJyeS1vbi1uZXdzLyI-PGgxIGNsYXNzPSJwb3N0LXRpdGxlIGNlbnRlci1ibG9jayI-VFNBIElzc3VlcyBOZXcgQWxlcnQgb24gV2hhdCBZb3UgQ2FuJ3QgQ2FycnkgVGhyb3VnaCBTZWN1cml0eTwvaDE-&i6=MjAwMTphYzg6MjA6M2IwMDoxMDExOmNiODg6M2U0Nzo3NjY3&n3pc=true
access-control-allow-origin
https://bestlifeonline.com
request-time
0
access-control-allow-credentials
true
trace-id
a8ed53d91dadb784
content-length
0
x-xss-protection
1; mode=block
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 21 Nov 2022 17:15:54 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
4019
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Mon, 21 Nov 2022 19:15:54 GMT
js
www.googletagmanager.com/gtag/
211 KB
75 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-NYD0HKHMHR
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2af34f4743fa5655d47a46922268ab2bf5c012db3d3956b0be1d0e5db8908890
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75983
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 21 Nov 2022 18:22:54 GMT
pubads_impl_2022111501.js
securepubads.g.doubleclick.net/gpt/
381 KB
129 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a4c7748a8849068a7262049472b6b640aea77d843c16a57de3e34d3c47e4a01f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:15:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
449
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
132177
x-xss-protection
0
last-modified
Tue, 15 Nov 2022 09:35:23 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 21 Nov 2023 18:15:24 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
145 B
103 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=bestlifeonline.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25f8f637daa99a551b158f2794034c771c83f2d448c7b0afc7d4165144efcf60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
78
x-xss-protection
0
expires
Mon, 21 Nov 2022 18:22:54 GMT
rid
match.adsrvr.org/track/
63 B
391 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=184003
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184003-52190608802424.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
b6827488d949de4dd4df300dfe9280cad36c4558ce57296aa5d95c87a0af4744

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://bestlifeonline.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Wed, 21 Dec 2022 18:22:54 GMT
/
id.sv.rkdms.com/identity/
2 B
168 B
XHR
General
Full URL
https://id.sv.rkdms.com/identity/?vendor=idsv2&sv_cid=5274_04512&sv_pubid=MEREDITH&sv_domain=bestlifeonline.com
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184003-52190608802424.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.158.154.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-154-2.compute-1.amazonaws.com
Software
nginx/1.22.0 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
https://bestlifeonline.com
date
Mon, 21 Nov 2022 18:22:54 GMT
access-control-allow-credentials
true
server
nginx/1.22.0
content-length
2
vary
Origin
content-type
application/json
identity
api.rlcdn.com/api/
44 B
361 B
XHR
General
Full URL
https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184003-52190608802424.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
via
1.1 google
x-content-type-options
nosniff
access-control-allow-methods
GET, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://bestlifeonline.com
access-control-allow-credentials
true
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
44
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
collect
stats.g.doubleclick.net/j/
1 B
440 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-72659260-1&cid=829776827.1669054974&jid=777399247&gjid=1869984606&_gid=759609290.1669054974&_u=YGBAgUABAAAAAEAAI~&z=1010086650
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Mon, 21 Nov 2022 18:22:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bestlifeonline.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j98&aip=1&a=1857212900&t=pageview&_s=1&dl=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&ul=en-us&de=UTF-8&dt=TSA%20Issues%20New%20Alert%20on%20What%20Food%20You%20Can%27t%20Pack%20in%20Carry-On&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgUABAAAAAAAAI~&jid=777399247&gjid=1869984606&cid=829776827.1669054974&tid=UA-72659260-1&_gid=759609290.1669054974&z=2147361190
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 20 Nov 2022 20:42:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
78005
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
config
c.amazon-adsystem.com/cdn/prod/
0
312 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3446&u=https%3A%2F%2Fbestlifeonline.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.28.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-28-197.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 13:45:52 GMT
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C2
age
16621
x-cache
Hit from cloudfront
access-control-allow-origin
https://bestlifeonline.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-id
X76zRGjYoAHYdKuFrgs12nx2_cjmYiRVx5wcNrOL7YDVKT86guxU7w==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.28.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-28-197.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id
vkCJAv2LVCiDvkjoOZrS5s9fefeFFUOq
content-encoding
gzip
via
1.1 0d4b487d54766de7560aa02de852bbf8.cloudfront.net (CloudFront)
date
Mon, 21 Nov 2022 03:07:23 GMT
x-amz-cf-pop
FRA56-C2
age
55016
x-cache
Hit from cloudfront
last-modified
Fri, 18 Nov 2022 03:05:15 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
GXS9Z1C_zP85f7aZ8YOkxqnv6WrJlZPG27CouxZLQIe0WpQ5RjsbXQ==
lightbox_inline.js
www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/
2 KB
1 KB
Script
General
Full URL
https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/lightbox_inline.js?mb=1669054974046
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10559973b2df1031bb021dc84b6e06e835f639518dc6e47ecc07bcfa075c0ffe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
FBJEt5YGu86WgMIGAZuibA==
age
234
cf-polished
origSize=2379
x-ms-lease-status
unlocked
cf-bgj
minify
last-modified
Wed, 15 Jun 2022 07:45:19 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
x-ms-request-id
fdebd7a0-d01e-0066-1aac-c6aa6a000000
x-ms-version
2009-09-19
cf-ray
76db74144df66993-FRA
config
c.amazon-adsystem.com/cdn/prod/
0
312 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3446&u=https%3A%2F%2Fbestlifeonline.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.28.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-28-197.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 13:45:52 GMT
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C2
age
16621
x-cache
Hit from cloudfront
access-control-allow-origin
https://bestlifeonline.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-id
rRfdbl2z-YCx3iHWYDktW_HmEYaGyOt5_KKtJV1THSXgO-EgutpSZQ==
bid
aax-dtb-cf.amazon-adsystem.com/e/dtb/
64 B
503 B
XHR
General
Full URL
https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3446&u=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&pid=jSES8bzZrfQIq&cb=0&ws=1600x1200&v=22.1107.1609&t=1250&slots=%5B%7B%22sd%22%3A%22div-gpt-leaderboard-flex-1%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%223865%2Frevshare.bestlifeonline.com%2Ftier1%2Fstructuredcontent%2Fdiv-gpt-leaderboard-flex-1%22%7D%2C%7B%22sd%22%3A%22div-gpt-square-flex-1%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%223865%2Frevshare.bestlifeonline.com%2Ftier1%2Fstructuredcontent%2Fdiv-gpt-square-flex-1%22%7D%2C%7B%22sd%22%3A%22div-gpt-square-fixed-1%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%223865%2Frevshare.bestlifeonline.com%2Ftier2%2Fstructuredcontent%2Fdiv-gpt-square-fixed-1%22%7D%5D&pj=%7B%22aps_privacy%22%3A%221--%22%2C%22si_pagegroup%22%3A%22travel%22%2C%22adRefresh%22%3A0%7D&schain=1.0%2C1&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.3.236 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-3-236.fra6.r.cloudfront.net
Software
Server /
Resource Hash
159bd804f3a207ce59088ef63f186ba5b3d906d5245b7bfa882a6a6c3f6a9314
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA6-C1
x-amz-rid
1QAPMS1RMDXAFQV7D3G3
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://bestlifeonline.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
64
x-amz-cf-id
Bi1llwFgdEy05NCUvKtH2ElRRBX6wmgugvnmR_PY01dBNjJcNipkFQ==
prebid
ib.adnxs.com/ut/v3/
357 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
91deeb19ddd111e3ae952409f296e74ea6a08d39ec0387a7a3c61ca7765915b2
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:54 GMT
AN-X-Request-Uuid
0164459d-7be4-498d-ab02-b6c7a73caec3
Server
nginx/1.21.3
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://bestlifeonline.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
217.64.151.4; 217.64.151.4; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
357
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
hbjson
grid.bidswitch.net/
23 B
240 B
XHR
General
Full URL
https://grid.bidswitch.net/hbjson?sp=trustx
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.157.127.232 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-157-127-232.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
94d9b487df31c2708f1e4406e1116f1ebd0a9d71daf675ab4d9335023d50622a

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bestlifeonline.com
date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
gzip
access-control-allow-credentials
true
cache-control
no-cache, no-store, must-revalidate
content-length
48
content-type
application/json
cygnus
htlb.casalemedia.com/
36 B
567 B
XHR
General
Full URL
https://htlb.casalemedia.com/cygnus?s=442128&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%229298ebad8f5ec1%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A6%2C%22msi%22%3A6%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%226.23.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2210e3c51189e67df%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22442128%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22442128%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%223865%2Frevshare.bestlifeonline.com%2Ftier1%2Fstructuredcontent%2Fdiv-gpt-leaderboard-flex-1%22%7D%7D%2C%7B%22id%22%3A%22110df0778f77738%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22442136%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22442136%22%2C%22sid%22%3A%22300x600%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A1050%2C%22ext%22%3A%7B%22siteID%22%3A%22442136%22%2C%22sid%22%3A%22300x1050%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%223865%2Frevshare.bestlifeonline.com%2Ftier1%2Fstructuredcontent%2Fdiv-gpt-square-flex-1%22%7D%7D%2C%7B%22id%22%3A%22126b889f0b7b1c2%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22442187%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%223865%2Frevshare.bestlifeonline.com%2Ftier2%2Fstructuredcontent%2Fdiv-gpt-square-fixed-1%22%7D%7D%5D%2C%22at%22%3A1%7D
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.19 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c648c5afd9454de2534fa09567ddf20ca272778ea7fbc50f5521380985aace4

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EtpVifrgPhTW8gU%2F6jR2dfvjw2G4g9bMIZ44KgtjQbM36nV2B2YT33bnYamVizjtPZXnVHbGTesUnTNTvR%2FX8E1A2dsESF5O1kX%2F0%2BDaPrh3JDw2iXx7fDGFGhGiYOYG85TkK9R3"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://bestlifeonline.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
76db74148af99110-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
36
expires
0
bidRequest
c2shb.ssp.yahoo.com/
62 B
294 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96901a017a7ae786e2e89db828002f&pos=bestlife_leadrbrd_flex_tier1_728x90&cmd=bid&secure=1
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
814d3bf1679ff936210378bf6b58b936c8056d52d8bd3f36e42fe55249f7d3e1

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://bestlifeonline.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/
62 B
92 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96901a017a7ae786e2e89db828002f&pos=bestlife_square_flex_tier1_300x250&cmd=bid&secure=1
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
84d1da6a604de1abc1d90800f7c9793122b1364426a9c3fc0d80acd746e41b24

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://bestlifeonline.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/
62 B
92 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96901a017a7ae786e2e89db828002f&pos=bestlife_square_fixed_tier2_300x250&cmd=bid&secure=1
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
ed5925328e1dfab49de1cca08b2a2b8fa32c24cae4f4528fae55fa67e4fc526e

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://bestlifeonline.com
access-control-allow-credentials
true
content-length
62
translator
hbopenbid.pubmatic.com/
0
117 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bestlifeonline.com
date
Mon, 21 Nov 2022 18:22:53 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/
575 B
838 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=7499&site_id=426716&zone_id=2440886%3B2440898%3B2440892&size_id=2%3B15%3B15&alt_size_ids=57%3B10%2C54%3B&rf=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&tg_i.pbadslot=3865%2Frevshare.bestlifeonline.com%2Ftier1%2Fstructuredcontent%2Fdiv-gpt-leaderboard-flex-1%3B3865%2Frevshare.bestlifeonline.com%2Ftier1%2Fstructuredcontent%2Fdiv-gpt-square-flex-1%3B3865%2Frevshare.bestlifeonline.com%2Ftier2%2Fstructuredcontent%2Fdiv-gpt-square-fixed-1&tk_flint=pbjs_lite_v6.23.0&x_source.tid=e0023776-a1ae-4165-bce3-b1bbb2e7a083%3B0665998d-69ab-4005-ad25-a0f96199d2c0%3Be7909280-77ef-4a02-a915-6d4800807cfb&l_pb_bid_id=260c30c5e2c1b2f%3B27268cafb9a8ed3%3B28398986266bf25&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=3865%2Frevshare.bestlifeonline.com%2Ftier1%2Fstructuredcontent%2Fdiv-gpt-leaderboard-flex-1%3B3865%2Frevshare.bestlifeonline.com%2Ftier1%2Fstructuredcontent%2Fdiv-gpt-square-flex-1%3B3865%2Frevshare.bestlifeonline.com%2Ftier2%2Fstructuredcontent%2Fdiv-gpt-square-fixed-1&slots=3&rand=0.7961939372298426
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
967289bf875279db4ff1566492592884e6a406a98640cf3ed884307bf7a2e235

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:54 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://bestlifeonline.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
575
expires
Wed, 17 Sep 1975 21:32:10 GMT
collect
region1.google-analytics.com/g/
0
348 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-NYD0HKHMHR&gtm=2oeb90&_p=1857212900&cid=829776827.1669054974&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1669054974&sct=1&seg=0&dl=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&dt=TSA%20Issues%20New%20Alert%20on%20What%20Food%20You%20Can%27t%20Pack%20in%20Carry-On&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NYD0HKHMHR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:54 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bestlifeonline.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
lightbox.js
www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/ Frame CDEC
399 B
345 B
Script
General
Full URL
https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/lightbox.js?mb=1669054974174&lv=1
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
5cdb8465005469197175f56f3805a57e13596647580a92ac816843defa6583be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 21 Nov 2022 18:05:44 GMT
server
cloudflare
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript
cf-ray
76db7414df076993-FRA
headerstats
as-sec.casalemedia.com/
0
505 B
XHR
General
Full URL
https://as-sec.casalemedia.com/headerstats?s=830104&u=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184003-52190608802424.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.19 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bestlifeonline.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=daRTBWGLdE5BY64Ouoix8nSRpWI%2B%2BrVxz1%2BulGRsljbfYFOrfffXSjt3N%2Bm5K%2FniojR03YUyU3tJ6aA2GFj2nl0P0BVkZo0UGdwZl7ZIF32Bpxq1eh9Shqlkp7WUC8PBIw9nFj8xQOU%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://bestlifeonline.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
76db74164f949143-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
config
c.amazon-adsystem.com/cdn/prod/
0
311 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3446&u=https%3A%2F%2Fbestlifeonline.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.28.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-28-197.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 13:45:52 GMT
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C2
age
16621
x-cache
Hit from cloudfront
access-control-allow-origin
https://bestlifeonline.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-id
r6fb3uT9wvnVBoCSMp8PD7psciP5FZc1vUzj8hm4JDHrea0jaVJdoQ==
integrator.js
adservice.google.de/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=bestlifeonline.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=bestlifeonline.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
47 KB
16 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=558454294268755&correlator=478168541480966&output=ldjh&gdfp_req=1&vrg=2022111501&ptt=17&impl=fifs&iu_parts=3865%2Crevshare.bestlifeonline.com%2Ctier1%2Cstructuredcontent%2Ctravel%2Ctier2&enc_prev_ius=0%2F1%2F2%2F3%2F4%2C0%2F1%2F2%2F3%2F4%2C0%2F1%2F5%2F3%2F4%2C0%2F1%2F2%2F3%2F4%2C0%2F1%2F2%2F3%2F4&prev_iu_szs=728x90%7C970x90%7C970x250%2C300x250%7C299x251%7C300x600%7C300x1050%2C300x250%7C299x251%2C1x1%2C1x1&ifi=1&adks=2921056297%2C439930873%2C3236425046%2C6771842%2C2576552091&sfv=1-0-40&ists=3&prev_scp=slot%3Dleaderboard-flex-1%26refreshType%3Dhard%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26bz%3D000%26bzr%3D0%7Cslot%3Dsquare-flex-1%26refreshType%3Dhard%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26bz%3D000%26bzr%3D0%7Cslot%3Dsquare-fixed-1%26refreshType%3Dhard%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26bz%3D000%26bzr%3D0%7Cslot%3Dinterstitial%26refreshType%3Dhard%7Cslot%3Dwallpaper%26refreshType%3Dhard&eri=1&cust_params=path%3Dtsa-thanksgiving-food-carry-on-news%26id%3D408031-tsa-thanksgiving-food-carry-on%26type%3Dstructuredcontent%26channel%3Dtravel%26pv%3D1%26otabc%3D0%26amznbid%3D0%26amznp%3D0%26muid%3D6167aa10-4997-41dc-844f-2386df521ed5%26mrid%3D136c69a7-8000-4388-85dd-2ddc3dbb6108%26dockedleaderboard%3Dfalse%26dockedrail%3Dtrue&ppid=6167aa10-4997-41dc-844f-2386df521ed5&sc=1&cookie_enabled=1&abxe=1&dt=1669054974447&lmt=1669050964&dlt=1669054973233&idt=818&adxs=436%2C982%2C982%2C0%2C0&adys=279%2C707%2C2345%2C7976%2C7976&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C1%7C2%7C3&ucis=1%7C2%7C3%7C4%7C5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&frm=20&vis=1&psz=728x0%7C330x600%7C330x300%7C1600x7975%7C1600x7975&msz=728x0%7C330x250%7C330x0%7C1600x0%7C1600x0&fws=0%2C512%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0&ga_vid=829776827.1669054974&ga_sid=1669054974&ga_hid=1857212900&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f8f647fe5ac7dfa54103acda23b9195d264eba11be657cf0e863a9cf23d620e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16438
x-xss-protection
0
google-lineitem-id
-1,-1,-1,-2,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,-1,-1,-2,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://bestlifeonline.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
14 KB
11 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5fed1de290e6d3af208699fc542d7e58059f58f47f9479415433a3431ad96484
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11049
x-xss-protection
0
container.html
cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 12F5
6 KB
3 KB
Document
General
Full URL
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 18:22:54 GMT
expires
Tue, 21 Nov 2023 18:22:54 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
beacon.js
sb.scorecardresearch.com/
4 KB
2 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-12.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 13:45:33 GMT
content-encoding
gzip
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
last-modified
Tue, 28 Jun 2022 13:19:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
16641
x-amz-server-side-encryption
AES256
etag
W/"eaf85c1c6758e84acfe134efd70e9373"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
yCw0ZnTg-YbMOcLYlLgRG32_lFl8BIqgM0hg_0ia39HL61AChiq8bA==
user.js
www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/ Frame CDEC
706 KB
144 KB
Script
General
Full URL
https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/user.js?cb=638015218881226087
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/lightbox.js?mb=1669054974174&lv=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
956a243efde51c11758094189afe270cdc8bb79440e57f27874eecd06aa6663f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
cNo+EYpNVxQnPn9S9Hs7Nw==
age
104032
cf-polished
origSize=1196319
x-ms-lease-status
unlocked
cf-bgj
minify
last-modified
Wed, 15 Jun 2022 07:45:19 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
x-ms-request-id
7225cf5d-c01e-001f-1e60-e1c320000000
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
cf-ray
76db74172bbf6993-FRA
expires
Tue, 21 Nov 2023 18:22:54 GMT
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 21 Nov 2022 18:22:55 GMT
b
sb.scorecardresearch.com/
0
191 B
Image
General
Full URL
https://sb.scorecardresearch.com/b?c1=2&c2=22434406&cs_it=b3&cv=3.8.0.210223&ns__t=1669054974609&ns_c=UTF-8&c7=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&c8=TSA%20Issues%20New%20Alert%20on%20What%20Food%20You%20Can%27t%20Pack%20in%20Carry-On&c9=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-12.fra6.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
Qm8XTgXkjbRMqPenOJRrwaCj0hQFQMURvqu5jdwp7kZM6CYJUqP_Qw==
x-cache
Miss from cloudfront
a-01ao
i.liadm.com/s/c/ Frame 0FFD
1 KB
1 KB
Document
General
Full URL
https://i.liadm.com/s/c/a-01ao?s=&cim=&ps=true&ls=true&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Requested by
Host: b-code.liadm.com
URL: https://b-code.liadm.com/sync-container.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.106.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-106-149.compute-1.amazonaws.com
Software
/
Resource Hash
de8a1372f7789310057276fb85ed0dc29b796641a8b31d7c467065439a769b0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, max-age=0
Connection
keep-alive
Content-Encoding
gzip
Content-Length
696
Content-Type
text/html; charset=UTF-8
Date
Mon, 21 Nov 2022 18:22:54 GMT
ETag
1.61803398874
Request-Time
9
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
fb_lightbox.2.1.5.css
www.lightboxcdn.com/static/
4 KB
1 KB
Stylesheet
General
Full URL
https://www.lightboxcdn.com/static/fb_lightbox.2.1.5.css?cb=637908759194514824
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/user.js?cb=638015218881226087
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b9028c7ecccf4f31fafcfca176cd6ed38197d7b3d6ea4c107b98af8eecc525b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
q4B4xYJoZwx9ikt94o1nCA==
age
461408
cf-polished
origSize=6016
x-ms-meta-cbmodifiedtime
Wed, 10 Apr 2019 18:50:43 GMT
x-ms-lease-status
unlocked
cf-bgj
minify
last-modified
Wed, 10 Apr 2019 19:06:17 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
x-ms-request-id
abc91a74-801e-0075-298b-809f8b000000
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
cf-ray
76db7417bcd16993-FRA
expires
Tue, 21 Nov 2023 18:22:54 GMT
z
lightboxapi.azurewebsites.net/z9gd/42151/bestlifeonline.com/jsonp/
537 B
792 B
Script
General
Full URL
https://lightboxapi.azurewebsites.net/z9gd/42151/bestlifeonline.com/jsonp/z?cb=1669054974678&callback=jQuery171014024251994400516_1669054974667&_=1669054974679
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/user.js?cb=638015218881226087
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.40.202.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
cdeb51cd54f0e1a3c90c892d52fc108d335a9d3b8967d5e7ebef5966065ed8f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 18:22:54 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
t.gif
www.lightboxcdn.com/z9g/
35 B
258 B
Image
General
Full URL
https://www.lightboxcdn.com/z9g/t.gif?c=1669054974672&h=bestlifeonline.com&e=p&u=42151
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 18:22:54 GMT
cf-cache-status
HIT
content-md5
KNaBTzCeoon4R8ac+RGUxg==
age
1255306
cf-polished
status=not_needed
x-ms-meta-cbmodifiedtime
Tue, 26 Feb 2019 00:59:40 GMT
content-length
35
x-ms-lease-status
unlocked
cf-bgj
imgq:85,h2pri
last-modified
Tue, 26 Feb 2019 01:15:02 GMT
server
cloudflare
etag
0x8D69B87D5A1B25F
vary
Accept-Encoding
content-type
image/gif
x-ms-request-id
af63abe9-a01e-0081-2a45-a8f796000000
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76db7417cce36993-FRA
shutterstock_1491148760.jpg
bestlifeonline.com/wp-content/uploads/sites/3/2022/11/
35 KB
35 KB
Image
General
Full URL
https://bestlifeonline.com/wp-content/uploads/sites/3/2022/11/shutterstock_1491148760.jpg?resize=500,333&quality=82&strip=all
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1f12a64245cce2f478ba1f07cf6c20a56464b3b7765a27cd83a1d6534f53be0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
x-rq
hhn1 109 200 443
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Nov 2022 23:56:01 GMT
server
cloudflare
etag
"16bf5ef6f3239039"
vary
Accept
x-cache
HIT
content-type
image/webp
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
76db74182a7a9bdc-FRA
content-length
35542
expires
Fri, 17 Nov 2023 23:56:01 GMT
gtm.js
www.googletagmanager.com/
146 KB
55 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WSJLVGT
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
304cb2cb00b1a3b032caa0e12df80daa63c826bcc25fb4623f98869542794854
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55894
x-xss-protection
0
last-modified
Mon, 21 Nov 2022 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 21 Nov 2022 18:22:54 GMT
keywee.min.js
dc8xl0ndzn2cb.cloudfront.net/js/bestlifeonline/v0/
0
0
Script
General
Full URL
https://dc8xl0ndzn2cb.cloudfront.net/js/bestlifeonline/v0/keywee.min.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.9.58.186 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-58-186.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

uc.js
consent.cookiebot.com/
101 KB
31 KB
Script
General
Full URL
https://consent.cookiebot.com/uc.js?cbid=39c82c11-fb7c-4dfa-9d2f-e9b47cfb6512
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WSJLVGT
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
39803fb2f8786bc885c132e3fcca8509da7537b659957259e42dd37a13cff449

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
gzip
last-modified
Tue, 04 Oct 2022 09:02:48 GMT
etag
"0ac913d0d7d81:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=669
accept-ranges
bytes
content-length
31718
expires
Mon, 21 Nov 2022 18:34:03 GMT
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 1F82
627 B
692 B
Document
General
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=39c82c11-fb7c-4dfa-9d2f-e9b47cfb6512
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:887::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=31535935
content-encoding
gzip
content-length
392
content-type
text/html
date
Mon, 21 Nov 2022 18:22:55 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Tue, 21 Nov 2023 18:21:50 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
cc.js
consent.cookiebot.com/39c82c11-fb7c-4dfa-9d2f-e9b47cfb6512/
284 KB
68 KB
Script
General
Full URL
https://consent.cookiebot.com/39c82c11-fb7c-4dfa-9d2f-e9b47cfb6512/cc.js?renew=false&referer=bestlifeonline.com&dnt=false&init=false
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=39c82c11-fb7c-4dfa-9d2f-e9b47cfb6512
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6b65f4eb9dd23056ca5c6fb1290847ed41b1b7e212b5928c569e92d32d07b1a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
gzip
last-modified
Mon, 21 Nov 2022 18:22:55 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
private, max-age=1200
content-length
69491
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
container.html
cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B86E
6 KB
3 KB
Document
General
Full URL
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 18:22:54 GMT
expires
Tue, 21 Nov 2023 18:22:54 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E252
6 KB
3 KB
Document
General
Full URL
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 18:22:54 GMT
expires
Tue, 21 Nov 2023 18:22:54 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 47E8
6 KB
3 KB
Document
General
Full URL
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022111501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 18:22:54 GMT
expires
Tue, 21 Nov 2023 18:22:54 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
2a4bad162f674f1a8053ed87ecd54e20
i.liadm.com/s/e/a-01ao/0/ Frame 0FFD
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-01ao%2F0%2F2a4bad162f674f1a8053ed87ecd54e20%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&1d5ac322-c95e-4efa-874b-ccf...
  • https://i.liadm.com/s/e/a-01ao/0/2a4bad162f674f1a8053ed87ecd54e20?mpid=7156&muid=d49a637b-c200-4600-8870-dd03b591bae3
43 B
274 B
Image
General
Full URL
https://i.liadm.com/s/e/a-01ao/0/2a4bad162f674f1a8053ed87ecd54e20?mpid=7156&muid=d49a637b-c200-4600-8870-dd03b591bae3
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ao?s=&cim=&ps=true&ls=true&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
3.210.106.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-106-149.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 18:22:55 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
0
Content-Type
image/gif

Redirect headers

Date
Mon, 21 Nov 2022 18:22:55 GMT
Server
MT3 169 32252b7 master zrh-pixel-x8 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://i.liadm.com/s/e/a-01ao/0/2a4bad162f674f1a8053ed87ecd54e20?mpid=7156&muid=d49a637b-c200-4600-8870-dd03b591bae3
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 21 Nov 2022 18:22:54 GMT
generic
match.adsrvr.org/track/cmf/ Frame 0FFD
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1&gdpr=0
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ao?s=&cim=&ps=true&ls=true&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
gdpr_consent=
sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=/ Frame 0FFD
Redirect Chain
  • https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=1d5ac322-c95e-4efa-874b-ccfe0379b259&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=1d5ac322-c95e-4efa-874b-ccfe0379b259&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
  • https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=cb7d5e9d-85ab-4d3d-bfde-e38bcd3bc37f
  • https://x.bidswitch.net/sync?ssp=liveintent&user_id=1d5ac322-c95e-4efa-874b-ccfe0379b259
  • https://green.erne.co/bidswitch/cm?bidswitch_ssp_id=liveintent&gdpr=&gdpr_consent=
  • https://pixel-eu.onaudience.com/?partner=273&smartmap=1&gdpr=&gdpr_consent=&redirect=x.bidswitch.net%2Fsync%3Fdsp_id%3D270%26expires%3D10%26user_id%3D%25_rid%26ssp%3Dliveintent
  • https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redi...
49 B
266 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fx.bidswitch.net%252Fsync%253Fdsp_id%253D270%2526expires%253D10%2526user_id%253DHHt10NrrgRMQhYYUTYgTWTTT%2526ssp%253Dliveintent
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ao?s=&cim=&ps=true&ls=true&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
H2
Server
52.49.181.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-181-242.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.11.122
content-length
49
expires
0

Redirect headers

location
https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fx.bidswitch.net%252Fsync%253Fdsp_id%253D270%2526expires%253D10%2526user_id%253DHHt10NrrgRMQhYYUTYgTWTTT%2526ssp%253Dliveintent
content-length
0
2a4bad162f674f1a8053ed87ecd54e20
i.liadm.com/s/e/a-01ao/0/ Frame 0FFD
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=127444&dpuuid=1d5ac322-c95e-4efa-874b-ccfe0379b259&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-01ao%2F0%2F2a4bad162f674f1a8053ed87ecd54e20%3Fmpid%3D82775%26muid%3D%2...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=1d5ac322-c95e-4efa-874b-ccfe0379b259&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-01ao%2F0%2F2a4bad162f674f1a8053ed87ecd54e20%3Fmp...
  • https://i.liadm.com/s/e/a-01ao/0/2a4bad162f674f1a8053ed87ecd54e20?mpid=82775&muid=73624032271129805270050695444475813725
43 B
274 B
Image
General
Full URL
https://i.liadm.com/s/e/a-01ao/0/2a4bad162f674f1a8053ed87ecd54e20?mpid=82775&muid=73624032271129805270050695444475813725
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ao?s=&cim=&ps=true&ls=true&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
HTTP/1.1
Server
3.210.106.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-106-149.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 18:22:56 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
1
Content-Type
image/gif

Redirect headers

DCS
dcs-prod-irl1-1-v045-00c503e2b.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
+eyxoBhxQhI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://i.liadm.com/s/e/a-01ao/0/2a4bad162f674f1a8053ed87ecd54e20?mpid=82775&muid=73624032271129805270050695444475813725
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
live_intent_sync
x.dlx.addthis.com/e/ Frame 0FFD
Redirect Chain
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=1d5ac322-c95e-4efa-874b-ccfe0379b259
  • https://x.dlx.addthis.com/e/live_intent_sync?na_exid=1d5ac322-c95e-4efa-874b-ccfe0379b259&rd=Y
43 B
604 B
Image
General
Full URL
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=1d5ac322-c95e-4efa-874b-ccfe0379b259&rd=Y
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ao?s=&cim=&ps=true&ls=true&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
H2
Server
104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=2628000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

expires
Mon, 21 Nov 2022 18:22:55 GMT
pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
cache-control
max-age=0, no-cache, no-store
strict-transport-security
max-age=2628000
content-length
43
content-type
image/gif

Redirect headers

location
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=1d5ac322-c95e-4efa-874b-ccfe0379b259&rd=Y
pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
cache-control
max-age=0, no-cache, no-store
strict-transport-security
max-age=2628000
content-length
0
expires
Mon, 21 Nov 2022 18:22:55 GMT
db_sync
px.ads.linkedin.com/ Frame 0FFD
Redirect Chain
  • https://io.narrative.io/?companyId=82&id=li_id:1d5ac322-c95e-4efa-874b-ccfe0379b259&id=md5_email:&id=sha1_email:&id=sha256_email:&red=https%3A%2F%2Fpx.ads.linkedin.com%2Fdb_sync%3Fpid%3D16223%26puu...
  • https://io.narrative.io/?io.narrative.guid.v2=849147d0-69c9-11ed-a183-06192a72c749&companyId=82&id=li_id:1d5ac322-c95e-4efa-874b-ccfe0379b259&id=md5_email:&id=sha1_email:&id=sha256_email:&red=https...
  • https://px.ads.linkedin.com/db_sync?pid=16223&puuid=849147d0-69c9-11ed-a183-06192a72c749&rand=1669054974
43 B
807 B
Image
General
Full URL
https://px.ads.linkedin.com/db_sync?pid=16223&puuid=849147d0-69c9-11ed-a183-06192a72c749&rand=1669054974
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ao?s=&cim=&ps=true&ls=true&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
H2
Server
2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:54 GMT
content-encoding
gzip
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: C7FD71E3B2A14725ABA6E586FDFDD5F0 Ref B: VIEEDGE1709 Ref C: 2022-11-21T18:22:55Z
linkedin-action
1
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
content-type
image/gif
x-li-proto
http/2
content-length
65
x-li-uuid
AAXt/yTsZIXtzLU+Lwa0kg==

Redirect headers

Location
https://px.ads.linkedin.com/db_sync?pid=16223&puuid=849147d0-69c9-11ed-a183-06192a72c749&rand=1669054974
Date
Mon, 21 Nov 2022 18:22:55 GMT
Cache-Control
no-cache
Server
nginx/1.22.0
Connection
keep-alive
Content-Length
0
/
trc.taboola.com/sg/liveintent/1/cm/ Frame 0FFD
43 B
367 B
Image
General
Full URL
https://trc.taboola.com/sg/liveintent/1/cm/
Requested by
Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-01ao?s=&cim=&ps=true&ls=true&duid=2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://i.liadm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-vcl-time-ms
9
pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
via
1.1 varnish
x-served-by
cache-hhn4023-HHN
server
nginx
x-timer
S1669054975.084011,VS0,VE9
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E9AD
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3514
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 17:24:21 GMT
expires
Tue, 21 Nov 2023 17:24:21 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame F135
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
44d7dc159ba7a9705717dae1ddf0682eca64ef1ae2074ba56583f520d75eedde
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-jumbSB40mXSGLqBZ7XyKLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-jumbSB40mXSGLqBZ7XyKLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 18:22:55 GMT
expires
Mon, 21 Nov 2022 18:22:55 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
atrk.js
d31qbv1cthcecs.cloudfront.net/
4 KB
2 KB
Script
General
Full URL
https://d31qbv1cthcecs.cloudfront.net/atrk.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-65.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Thu, 08 Sep 2022 02:09:54 GMT
Content-Encoding
gzip
Via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
Last-Modified
Tue, 27 Apr 2021 18:03:54 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-C2
Age
6451982
ETag
W/"d89453438fbf10dcf4c13265c40d5160"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
X-Cache
Hit from cloudfront
Cache-Control
max-age=26920000
Connection
keep-alive
X-Amz-Cf-Id
UelcnYnQcC8031TlJAykfc9ciUZrRCIZM1fXXWDhyxj20dUqJjsXCw==
pixel
googleads.g.doubleclick.net/xbbe/ Frame 4500
624 B
918 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYu8ejzAEwAQ&v=APEucNWIUgtjFdsIfXooRu798sz6tgUyJCMcWQUBmBBZQBM4023kDAG0o7ClAUrMJEKqDlz2Tmy8wGE4AiBJ3cOZrkEbOresYIGcjzA3nWUGSUjONc-JrF4kRb8eSz3MvaFQQ2hs54SYnilX0wwWzuFN2KANtGsOUkDvaXKO_EoNgZZu6x4pmZ1ccclYNQ52sSisJXhtDbUKbyDiH-XfypZ76UR7mho48w
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 18:22:55 GMT
expires
Mon, 21 Nov 2022 18:22:55 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 47E8
95 KB
38 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B1rvUVq4C6QfwRqtM41KWjfjBOqhgTdTFpSdMEA12nOYYfRa9AGNCUWPM0QCZkuFjJv9pHsCuvyj9mXLrNMTf2Yn2St8FdcVItDAqKIZGGozss5EXpfrV111WEeHn9q31uEjepcQtZvLXLLTtDtICHtmSMTqxED3wdZtrE5x9YNT7nh9Y&dbm_d=AKAmf-B8tArEo3025cATg_8Gdi6OXNQKSZ638qna3pbV4H0Knub2TJO85-A5yCXdYAc6iaPvST5o94SN0WlRLewTBPfmzQHDyAA89kmVEbbhuvndO2aEufhR9f8B_4eNqnCaeHbZdlGkqg-Eoiy4T-Zbudlg1YPE35FytRdYSdATPUXFB2-t26eHx2BcebxAEl1r5YGYHMo1BukepWCkhfsJTWc7mw-2uKQPlxmhYDqaqooye0Zs0ZBHUThfR66EkhqAMqf3CJUJhOqHJRG2nKZ1iBWeGL-RXLCiT2NpXcAqj2wyQTR6q2pBGt8IaM3ARi9cnNC8_OeGeixndS90lfbnaOroqZjendWvHMh1xBVN_FDvt4I3Do_Nj4a9aehvE0D6s_L5Gp2RmtqyNZcB5mx6vr1bpoR8HDQX4bXNBImT56pzr4Ir7n9fn9ata2hU_lRNLBgJEzUQbgpSGaFG-chnxVslV221z1nnyVJRfZd3FD0LeiME3ot8Peu8Mw-0L3EFGsDvSxGdBdTmoHGd5C2_zoDelQoAHkta84d121XzngWRSZ9Y_JiQpqADOIQyIDJIZd0rtxB9DH_fMmuG0C3UI30fcFXC9ig6zRQwRlOOOZxAUAAVfga2d0I9mwRvR-FTlnPifqanxMBf9ufn7n4c29qFUggFAD68rlCJVNj8a2WyLK11ikm6Ld0chUp_O-Ibpc2LFKf21izLmX-GsSkqEnBrH4E-y6LvSOkqsMeD3QlzkNC7i7ZU1d7RPMmiZP7WWkHU2xNy1kz7j-XDQU0zwZ5UXRkxG7pgVVL4o__yoMmRe4w5XqXteiZRVlErQzLVGrqMEpWbT6PDheKjWBh74IpBDSWFVXK9tv6i0OUhPMp-v2OnnS2cB8tYPvN0ERQnVrqy_38J0LqtUiidsfFH_aFSqRbuVMmNZqvX7BDBNQTV1R1lU2VvhjI9Jf8tS-AP7TBA2CFRcdGXzsnvzny_hfSSphvHC8YM7nrhc7F23md8nDVpiPsU_TYelLo7smIhiz187QdRiL21Va2TSAmdqnrvDqz3hIu7Rwr0x_pEfDDvU_Hf4HuIqpLjVi_pVb7iV-UQs2sYyMd4r_AxVvgon8eWBbqLGH_MEJ42ffTSAf7q2mvY5zcp_CM5aUAPFyCqtilPezY8xF72NUOblHjEv36tBUiQngulKFxewJDByutAXyPUKFq4W-TwmXSJHRnZUNc_ygkYvJCJS9jXEw5o8A_Gmc-Ext4thkx9hpfOOA2Dr3vAWfT7ybAvmh8Dmt5JadHM_7TIM-A4cfHRPCuvzYvtcQNgHqFjcJTpLBfRC4kh8APffaiRVdr2ZSA2ePxbOLAodeZBZVvXdF19FmOPhtFXDeGclOnRbMqpj57LkxhYivb6H6xH5DwnEIwjHPfvVTuWIQszh_EseDgbKHfJVw-FZvWXLSG-mhVU84-PtVaVfu--TXtLfx9_LBEZZskarY5vrcgeTVQCFmkWI2pnu1aUstb_uVF_3QkenOlGwSPmL_DRmfPKGIiwDcd7yknQW8sxvvUgNONdyFl7FkPUHMvuSwIS6Yenl1Ngn_eTncDEhv5748BzlycdfId5S4E8hCWC8d1n7enSARoy5FzVtqY9FpgywyFQs50GulPqtkhV3FMln5iw1zvB_xv77v78-rFn4DUmOLUBPzzQFAwocZyvU4KvtqAD1inrcPiCQw5RZthCxu-Qy_ihWalDPXwBrVun80rg6Q-nmMa9xcDNrcd-LXZ-qXFeHedMjoWDjLYPAza6Y6T9felPIAnAuiFFN4qbzJxS5k-rT93si2oAsoiPlkl6Es28-9zVq_8QZciHTcp0JcXIDQSaf2By79j9hxHXmB596adWfLXKHq4gzuUY_aMlgNLRblvOdfJVRne53_wOm4-7V8VVrcb4NgHmRNprszZ3vyDhquW4EoyIzu80hAXm1ObIDE86yuKrzcHVvwybd-ck5nx2Ce1TvUzD0JWztiYMQeUbjAXYwYnRla0hhLt6bOTzPd7uPZrmVnUOhsTPmcma_Uk8_RQnTQomGbmTvb9x7p_LCuOLRZ1ajE3BzNVFtM_z8Lcj6kHw0PxwMYbuH6uiz5cPFQ8P4eYEwLS2MFq02yOC6RfXdsk-J2OzIP5G5lhSJxJstAw7pD1BRiLY_-EY-2Xap4bouGa4bwN0K3-CCp4UJxU9FrtlIR2FlZGtKNwAIQictKjBnRLJucz1atPGrG1z2GwLRZ1XR_eKjUr7ohRltGH452j877IMw4_MO4gZvmP1aJMqxpDCNDOJ-vLO10dkmoxZSMIlPED1WN08P0F_s5fzdNqFF3dlha8oKwCB1w8ITS4ZL0LsfGsONG-v39kaIvxvnHLvcQe6iwvpRR9hVPTEEKo1ht-S4zJBpG4t5OU1L7LB5r5rFeMdZkGYLVdkuNLOy28Dg0es4hOWwfGC2BBrEtY5L0_6mj7IBNXGpe89Pr7Z8ue_7jkCQQKu663o0QgkYl_xXEVwXm2ySSCm1hu6lhihQkAz7V9YsxgpXnsloij2UAisvW3PkgXOlcctPOzFHu6XHEs52puQLADunqQLHuGgHhtvDJP9C-c_CuIq31FbdRLNoxm48E58KGj0faBzlfmqFp_sW5FpSts3AjfM1_3ksECHx6XiZ6UamxcLJkrDyGtLDyH2RAM8w0uuvfnaNbi6bcOLhNPVhpHAPme6bjx6SYGiFwHNThVJ9yYlWn7a_7_b5SZS5xaXDBd90d3fSHjKccVfJBuiVGyYOMDU_sHgbVsN33YHevEs6gCwZMN4pHB4JtuCdyd5GXYw2ElT0AJbL5ss9YXdmDnYgqJtlGLVcZQYwACnctzPp6lrQDDiXagFTx_cPRQ3A1__OE7joPZHkPAUlEecbQnVu9-1d5XG12uQsnRpqznlVa_2XATeyNIHNERFZQMrp0n1qpRdd2hWDNMTbOhT-K98ousRvu06021iANvuc8RDNAGkeU6htiydlfWmr_BVAChstEKbhC_eycz1gTT9x7fNpKLwD8ALBp6LkBfYxm5-craQHQgOcEHh2cb2eKfHcasJOZgc-JvgS5FMuaVjHb0sBfd-n8f8bsHCaREvBagUu1u-kKSsDjGPNKcJcbMdGkXH-QndaCbhDTHLwGUaY2T1FxhCbZs2NH-Dyhhk9PKWR9_05hDUw7vIhjXnIMLqRJ3c38-atHC6ZGYcBt5Ajj8karbkq5OiP0JCRUuTIU8vz1zZ_BT00JIoF42bCdJ7FM1GSj-Zetbc2xpZaD11wZEtp4BUS0sQaBdpqA3TYV_NbBQOlAs3Mo7tzsM3DSGBoxJp2vG5iQB_TtZVMta0UgymIGFLsmWzdgaWHjiF63DcInVthyU7L0_7XEYSSPyJFWwfpIXMMZQXclUAsoBkLwuKfkV6qtUHyauWEuXkpaOLVxl5J1XjPnTQNYCntdHseSHPCP42nVv6nUr7GFJJyofZIyx4J4GrNq0be4CILSP53gtMfe0NwIvRR6S6-kU&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&rfl=1%2Chttps%253A%252F%252Fbestlifeonline.com%252F%240
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a4dcad58c3c2de63233356847fc5f228f3ee3e60a55e0c17b849eb97fab344d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38429
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 47E8
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DNtzDfss4PafO84ovWGpfm2zxhlQXIdVQ9n9Uh3BTUSS1hipmAWQ00zjR_kLQosIGtDzz8pzNOWU3boszjntdUfaTtdEOV-b8hGwdy1ANgaMiTAko
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 47E8
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 14:34:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
13714
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 14:34:21 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 47E8
18 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 15:35:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
10030
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7458
x-xss-protection
0
server
cafe
etag
16870613375306414947
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 15:35:45 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 47E8
154 KB
48 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48265
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1668095300071091"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 21 Nov 2022 18:22:55 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame B0EC
624 B
504 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY8qr32AEwAQ&v=APEucNVTfFZxKaOzml0LiFmNkEedanut3vZ-YKqiIo0sfJnKqW2Bn6SglskPSvnpYEn_sVIocaImZTx9G_KKWHjFS3fzL5SmLIlTqT86DOkv8YSYTtwvEZ8-14cQ9HAPZIWpYltyLEJynkhsS5qQpOl-qPQEvkLJGFc8JSQQo6D1bYeqi4GbphTgFAueYjRzfui5GxajZlLnP2vQSa7VBBN93sBZs_5pmA
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 18:22:55 GMT
expires
Mon, 21 Nov 2022 18:22:55 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame B86E
94 KB
37 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BBvUFA9jPZ9rOSYYo_TQmYFkDs9tZIT_kiCFqTelYRsNVhnIn1jFonEJilwzXtG5rQ1I2yKHZGDePdAwVO6ZgIVUXnrsv-PWmEShL0UNOSfwQWK7MeLhP4sebPytc9GaRa4JG4WKFjaNn0M9-28rsW1PmArlzUOUExZMtCf_w0JfZHF9Q&dbm_d=AKAmf-Dh4Rdkd355JQ07D9NZS3f-QyXZBeDemLAOmUtuOUE4tqHHzErLwPZkR4eixF63RZ-9RORuFUGjq2fgHn5NH-ODov4m10DS5ASVaIHiLoMHS6_ORcKY6kBaz1xh9PD-gA1DOlPvAgmeUcKM0DyEtxxx5P371cKnlogdm8A6h69jUEDmgV5mA2Iz58nwIIkMzBLBQAsz7eqwsGkLBH409o6l79sMrs8adFXUpD3YHerE86GzBxcEk8Nz_ef3RN9wpT3nQdQgqW6YsFhf1m4EL59Aa-mQY3qIB-mWYJlbfKzUt94VzCCjlMYgIEYxRhic-ciCKKGPtbahONZeh-5EZbJNasJaa0qcSFoJLm2_JllfC6_vu0IHThLKRTAKBFSALa9X0In-FNynfsn01hXTFrPVLRAyGuQi0aRf_bT9HYhKG0S701Z60zlsyYbVWjb1P4tu30tZXfZb7Ewyw8soYmNZdKcxsxbbJ4miNOJu6LnyxjfA7t0h4jht-LavbpBmr1GLnkePq7wvVplvpQif7OKFWzmk7vVjrg5oood1chn-OCoCwg5UQBNLVUU3PNfQmB151jgakjSZsCCdjY8NxM24y4aVdEgaZ3xUS_dzt_lwjzbQwj5eY-7ogoV5w5y79RfQZFKG_9jgP7VtTvjTVqXrglS0rlfUz-PVCJFNhhQozVHsUZNND6dtnEKzO3rg7ID8-76IxyFZXjtQAKZds4r_t32HBUwtmZMqCzU54c8d0Uo_IC5DQJ6eppw2wA16Xh5VdRJYcTLyPDOTqhhDkQN0JcYAVZ5Ct232IfxeOntavuYodS8_gTMWHoNFVvrwhi24_bt4j49QOuU45-TBMUCiZiHmU7F1wz0Ic7SUZwarvBELdx_Msiga2V3omYWX5LkKuNX3KusK-Kuiq3_pGxlzn6L4YToz05vMP8IBWRLjPE4aHk7F_HecdwVRnePQeXcZiYiAB2M86qYrpZfdiYx9G_gy1jwoMn3dopim2nKYBg-kdBQg2b5FPLrfugQoqyY3utSVnDO3ePnPKIA6bzJZe5Jo2Y2jsLFkK411jaKxjNcPgaRxoW57onll7Te37r2mEQWGxGJ18NIACJiJd3qXI4ZcMU6kxY_sUqOdvU8lWFZ3VDNac6V-zol92Nc4pQ5ncjnTcDRoydakuCV6mRWq7W18h62_SoHACCm2wNYiKYPzROg2-_3eG8ru7S-fpV8kJepdfmRwBKjZP_zR5bQu94EA29j8XfIyTYAi2JL0O7ol0C9uvzKagquSOsonE4CcbvYoe9mxecvsG46vYI68DyHw8NXDfxK5AE8fZi1bngNcBhGLpX7n3sC2Ztimm4h7nk65vbqR4ULU5Pv-P6shbjmuXC2zW9u7qsDcUkQJp_31tB6iX9RsNWWXuYOP_itB1C7iZJR8uBgM1XwXVsgK0xdN8aH3NOVGglTe1PTJ97M0jVjlIGEFvv_GCpuLl3TgjIaKjT-FRrs-gcNxwIZvIR-0ShwAdTkLsGZl-_E2sTh_amp5Uz_zz0PTPaboYfz-d-w0bb2y-mrMfYwmvRpEO5BDwuTzN9VObcjGgyspSL_EQ22dU6pprJXedzHjwVtRkQ5dEKddtszPnQPw0MzqWdHuLMepsLl7nysfJK772uG_0SZgHNji76EzmeSCLHxy6n5dmV1enI4OjDr4gGmUuulISPa7wC0aDgeytWH46cJ2Gj-KdmfMxlosdrh7ibuLTaPyrGJXHw2VLnmm6pjpYUk-uSES8Ah0JQz1ysr9NRXpjYOquaRcgXxnnneUV7UogjjH3wGuOXch6jwUz9YoldwUOUPKySRD_20vZL-J3clzw4m9N42WHjXKFRpHjFNs98dSmDIfTn_lnyeZPbu5WgRGmfbnCLg6rv5nJhjE7xDhbBndp06-BL34Kp3MsUujln_K3Momwhe3vd2fI3k7UEAcSCcduCNGw01ldU6SHV1hSsw4wOpC44gEeuROV13d5X4SKPXQHXh8IeQ9kgY6JADrv2J3Jj-OqGo8ZbSJW4puojYUBknNilnvQV8w1bMhMMHRxmxYFxsmTQxZ-G1T5MAcZQT3gB9a1LruLaGNf6sHxQ0M_9u7ALFkTXkQzhnOl4x6OQwXynIvUbMPLLXxALqEqZadS_eiM-2SX9HasxH3fDDiRWJORPBOUEGmc2eT1b5O_K2snekUf2NsQ6c2r5cpI-mvOFnfvLBK6T-mfmHKpnzrXaGnyYbBPtPwEaYgWvM20UfYev5pPvKWhxnYduWx1Kf9ZrZQQi2uMHi5zORs9y25ydPeOH3W-6Y9Z9cg8la_4pvBiAqYQFyYog-Sw832zGbKTFq1GLX9D9XBrnMum6xFiHeETXpG106DLaHRBVAleUcZi1pjoxVe7o6pzyaClWSd-_zqEQb6hJJ2eYt0iDNy-NVtCgPDJ-qjFD6wa_dmSaqpot4UL4OWalgPGHeE1-f24FxKAbnL14B7aP9Dz1wZHxDBkYGz8TmeQgSnEiqjrY8XSTV4deIz6EjQ7QC0tkip9IBlH8BurO4bwy3GjlJMHh-QkZKwBIK-IYD3HT-dcGCO9Wu09BOqhsfMej_zJWRtFIcsHj2mu_tW4zleCTxnAhPS7WKkat1TOwV692kr8TSEUZaylnTfznaMea2q9mnq0K2nFaLL-bzwSPSV6czSXzpvGYiJm2Iw_vDNcDwlRNPuCwN0y1gWKmf31UnCsH9lL41DLaAcjzrHugMnxexoNvLUIIsksr0UqRuy8V9FLDAsg2CL82jDDmb4XI2YsIhbiClyxx0CrRjfA9YRNghwp8KiERnVcvWilxJ9iwZdz-VZ5nhLGPX-IdZJhh1qfNdggi8b1_lnmk33D9DWwL1LeSGkl1kH5spNc7JeXR-vjyGm3hrecTXU5bbGukTzDoA-CjKPExAgxytf69IOELURG7dGDGMPfjmKRttO_2JccRnk1L06Hcw5l9ZLvuXhNSNLdVICyowNzZSbRmKRqe7NFlv7hItmNJTRblbsZXwgygz0Tvu8T6ATFFxiCDlJVSmC-V4pZfZcAHYXlPJMkVfHIfPkvLAk1cJhod8QlGmfaaZer21xE4IF5higZHCqjGp-q8yJPwOefv1ntDO1bIIoeZv2UQfF6A8t7LiyYR10i-KLTUQ4DAkImodjVpT_tV8ak5y3CsqWG1_MR0MJC6vD7mVWkJ8o-FFJ4DoawnaCAF9gbdXnPojtoRUhPdXLM_1JxnNJoqhTJs8HN6xLtm6cJMkxDNdgLD0ff_gsduC2hR0qohxh50f4_GIZG7yncdwXrJLaaBMC2OFfIBCkpg-egHNo9JlWbyh-g6-4VGP_mIKgKDf80ExCC0j809COeqCzLxZlIn7c5isVobM09oT3FziJf_FhLqMSdQqRUjmRtzA93WDt-enanhgRYu2rFqYR1An08TVPE0swH4rtr6Z3-EH8DhjRBqzRmJmzs_TqoEuROH3zZlvfPglPx0amtw&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&rfl=1%2Chttps%253A%252F%252Fbestlifeonline.com%252F%240
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
571e7da04ac8521909fffd57ec103b82db34777e0902711ca5aa527126309a7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37966
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B86E
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C2fzUP0Ly2pnsyD_Gm2zzStS0Xv-S22if0BeL-EAllnLlfaFvBNIBJMsxtoWawiUjCBIuOF06StjHgUM_QmE757sQYFNS7DhnP1rsvMHo8ALqBZYQ
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame B86E
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 14:34:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
13714
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 14:34:21 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame B86E
18 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 15:35:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
10030
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7458
x-xss-protection
0
server
cafe
etag
16870613375306414947
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 15:35:45 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B86E
154 KB
47 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48265
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1668095300071091"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 21 Nov 2022 18:22:55 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame D4B8
624 B
504 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYhsajzAEwAQ&v=APEucNVsZS1DzGUlvNJX3WwVwp4lvZrJ31DUO09YUxTgZsa1_OzOFcqOjMJ-Vs24lJEQ7KRjuMS_N5R_lg-AIUKip333U6d8hv5Chx_Cyoj0geI2zi6RO0JPXt1HZTUf9FBiHl8RVMtBojiPd9R4TMS0ya8_YZeN7ewJG1dth4A11UIVvbR3swfI380GVjYugelJUQYawpwOvLkGLCibZcCTeLX_wgzjsg
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 18:22:55 GMT
expires
Mon, 21 Nov 2022 18:22:55 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame E252
94 KB
38 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B-JvEaB5z9XXqDDDbt1zhlwlNSP_8KG_1Wy4IqFwPwUDmDIWNyrabx8VjTp-GLJ4u6MTnYfpVe9vbZGq5Lx5QCHUvZhHe2tWCNalVsZraLpEB9WOaqjr5sc9S5DRlP7TRi-SBZcmc_Mx2_xlQDpVhFo35gNfZJ41NbugcYOpN2pg-4rsU&dbm_d=AKAmf-CHrSCjoGtzSDWbi--m8F6SG48QnOHPD71-VE2zL-iy4_pFBEpklA7LwG-EPuVwOZt98TGyZZPYVGrt2zOPNYiovAibn9PM_eLvtMRGtLQf7bW69KZAoacB1bKJEIQFOa_hCA234h8XMkveYfrA9omlk0c7k1RHOG8yOc3GVhbUsUNMbSvYZofjFE79PxoOosWs6RwqoTGMeYb0MidAngsJ3_jj-XVwiYo4Z8vcTMt-Pa1Gu6IVTdoHtXcXItSXITOoBIHvm6YVBsqLn9eI4xlDm6NY6YnG4Sxc50puZjYtkTznvEsnNcTCG70w_WyMGwd2MGnDfwYFlTD4RjINerdpTKhGCG8iCm_H4wyy_nuSVzppMYYNmnaQUCZLyOYo7umGEJb8tjTBNhJF6exFL4giZWZ06vaNZAvd4S8j9W4n4MpNnbCCxqarWgEOKlbhh4tUQ_8gs74ZCYDbEr2sEYijbKtBQiYv3vqkqj-1zuX9WhEhjJyVRTD24NNVeWkP47UbKah0OZXFJaUu3xNqCXGNOVyomghaHcnaPojiUzuqiFUHZkmIr-NQqtv9rTKxQRr1mKEW1zHMOREecDl1yShqPER5x2eQ92A8rFnWmJ3Lcfc58EOXxwJVb3u1hYK4apjXBaai8a0Xh4V6R1qnTjRjO7ZQ6KAwqLChHrBJcwhM03Fcsh1dsCcm0dnRVxda8YytpWEAqrnfqtqwj2lxqGQisKaRMX06sREoKcB7j6vmQss2xK71spDWNevmNuuJ9NiL0wvdeM3X78U1o3VtMbf9PmR0AGpkhdr2MzceDVee141aemqk8GP3JxawtZL_vzQL4UE70b6bDgEX6a7HnAbb6sASTYRnHxjTgeZi_joyWxgz8BMB4sriy6qzV5nkEqMurp856iHCZ0oSWTirqbBsQDLL5fv1RD8HY_Ob9jTgO2lkYMsOtgb974PI1ZHDwcv3AsaUqmVPvEPhmlL_RBBBSs3OeVqBiMP2D2JtdwGe4SGtPrSjluV7C-YTTvUrox52TkUSdpNvgbw76rMMNipMefSsnDWmWfZg_SdhnrcyQB4Hjl60Uvb-1MhwpqBve3aHVjoLliTtU_2A5LCMZlaZSyMful6DrOGYZ58ZENMek4PgCU1iTPy4wKWUqX7qwPPzV0eTSAh_G-GxwVTej85xCe1BKZKtf4Le1dU9I_LsKa2GTa5-SqY1r82gclmEicjCut77vYPFey24Iygcy3uj7TXOCAtPs4ZXL5CGCB1_Sgxq-elukIbgjdk-m6PgWOcHnSQHHCWEIsbzDsocZMXHyVXnasuPj8SzdtuSBVUnpv7Np89aP2Ss6t6RSCHTYhD17aPQYbjjOx6Glyc8yBQnhODHgAvY6Z0xCK-2FVi_1OJ1NMXa3XoaMqYsezBDF6FW5LwBFc0hYXJT2tm86sWoykN1YSLp1ZKBWIZHosnIPb9NjoLMkibX9L0NBC7-taRUxLC-yE9ZPAST69KxZi-GU0k59ehBJ28ACbIZEngetcDp45OWbBHCuIqIdq0xNG5ezMWz9eSv-G10BEWTaPA8BK-L3AZyP8ArCWcyr-TSIcFYK9ozufeBIlqyv1NYwtozEdZjpdjlKoJRb4jEHSLUyIrq_VGimrP2AlngHk1HRMiqRVgbd6j3JLYZhrDPg_93pVlAVW5MeEh57UNTG7T8XY_nh34mXvjwIT7yHBeskEPL8_XzhHPhZVECEapaEFuR9B3qhx5-2lt91j9oFgS6mMKTVhMogYxDaBh9zlrXneLOeOF3nZL_iVU9xhK7KJ_Zu7sPwDYzLoWIcYvUR5jLrBiowmB00AacYiSCy4X-uC_bYTNGxZKTaiH47_9OL0kZH3dl2oaOjIukS_P_Pz1HnW2O2TE3HS2T0cRaGzay5JF3dY2UApzQ_mz9MBZlkiA_7LGxSY2JuwxshpTcujK4IsftDbjlqzsZauhA8GdF8yaGw7lms7_qTZNYTekeXHbiOsCU9xreqRkAaj-KBqBAZp7hEwmfahX2dWQWTjtZwBfpRru1WWQzbZHW89PQAImkTOWZW-UGPD7b0p9K1krP9Iya2-S8tYqCZJbDXrrzK4SBEboEM3e_ewhJzM3qLlK3K5DgTtb6wxXhgbR_7eMKonTm3BLCqf6cAwcZzV3x10H-3C2jNkdGUbYDHumjuBstcZRqQ0c-c2MNg6C5YA_VjlmFUfIw6G7xkNK0crVTjPKnbu8PyAZ75GSilXpBjTxcgP7wYZRSO5iPYwKvcEcpZ-gyIJ3JdsH5ILfYuXuFiYhNkb2nJZ21P3WyHblnYt8RMipAqqrvbhqsN4Rdz6tJvoadCV-LbXyFPMsiO--pCHOVef_IhnfynE5jpS4WA997Cmx3V4qrv3DEG5MXjx9LDDmLSkvPQoURPxMO0mbLnSX4pngf7xWZta0Yn9Z9C9aJZlAhwABqolgNpzp0hlX5WFXlvmyBgpxnGe_Bsq_GnvouLDVHU2TMCux1oZvv6Lo35CB3jtPE26swuQ9lu47OUB0QBrAhiEOxTCSSm3shKSCgG75Jqb5D7GD3vno2SLdY6Rx0qqTxZfzC2JYaHpmsFtEbFNFN9F091TjWXIEX1CuTXwwYGdL2quImYeUaNL2i9kaF0dNEm5RsDqOU-tEP556N4oo5oHvY8bPyqENQtu70wYBRxli_JqfzkmolItw5db_r9jMvsOzT0padhMEpjG_lfRlc44-_YOlhpiY2vnjf19OaxYVt4UTltBH58i0RG-Mgm5Gd4YEGPUKTCqzb-R2qol4mcuMFZRnuHqPQeuiyW7O9hqeW64t3S9hxKJ-8g1__dAWl0IiT7sxJ7Q0Uc5nKynd6h8aWITsaLpbEAU3Pdq9RYq2eAQBNKy8BKmZAUPBjvVxIyhDFRwPH5bElazF583UEn0WTDui5JTqzXGwacN7Cn3s4VZnO_0837BEyNbJd6FMMMp0IcKmdKqGB1SN6rfN2MpOv7beRkXadeYaHYZ1fr_A9CcRAc1gnMWtAFUHYcHx_O5CuCofkwiDjWFgGTjOf1EbjtPYLJfXIS8_C1R7TMwT7O9Qbr2CEFXJjOJ4fM5whbrYC2fWdx3oHyxhhjp7J4QfcXPGAx9UchUv-j6fmYnUJUfZtrNPt3Xj52p8gT9G1RAMjc97kUwnTqsTgdvVo3lTdRoPN_rzigCaWS6MWHLwMxAsCVy_Wyp9RkZnHluaI7ZXeIqW6fR4VqBFKO3iaxhX4mLGQ0PJ_3P0DEM6omtLzElyWw5BJARV5uCsyLYUQ5zw9fEokqNUHkcuvCyj5Pel4SBszwD5vp8vXeRgF4hWZJDFEWnD_SDY_FmxSQux5-hOMdxKENM-_BD0LiOtr-JgKXyAnvaDxX860wYH_9RfgAWw3xl-a3g1S56C2SfbjnCvmQ2ZNgG9WJ4KzgrVSzDII3-Pt1xFf4sLxPVPVhEYJ0dMNJyQ0-5rpDiU9bcK7gWzHEhvOW6H0k7BsLQ&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&rfl=1%2Chttps%253A%252F%252Fbestlifeonline.com%252F%240
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5a95db6aee63ed9c1ccfa71ea78387c1341e078316c6f3927ea9be0f641d49af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38292
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E252
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CLhK06yNxxs32WCGtT7NyxIy_Mt0yR1S6nvpKVfySQRcoaXUSmRCOfCT3uoO8fmXneMoGhxG-T4ps4sf9TU29OHOHIneO0sLaktmu4yWht7ddJ53Y
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame E252
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 14:34:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
13714
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 14:34:21 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame E252
18 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 15:35:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
10030
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7458
x-xss-protection
0
server
cafe
etag
16870613375306414947
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 15:35:45 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E252
154 KB
47 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48265
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1668095300071091"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 21 Nov 2022 18:22:55 GMT
atrk.gif
certify.alexametrics.com/
0
0

x.png
redirect.prod.experiment.routing.cloudfront.aws.a2z.com/
0
48 B
Image
General
Full URL
https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.191.92.193 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-191-92-193.us-west-2.compute.amazonaws.com
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:55 GMT
server
Server
sodar
pagead2.googlesyndication.com/pagead/ Frame F135
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022111501&jk=558454294268755&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

settings.js
www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/lightbox/7233ba71-618c-4b73-85f4-91b6c8ae2a5c/
6 KB
5 KB
Script
General
Full URL
https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/lightbox/7233ba71-618c-4b73-85f4-91b6c8ae2a5c/settings.js?cb=637908759194514824
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/user.js?cb=638015218881226087
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3732a091080d59e450e719fd7404449bd696e8e7b43ac2ac40d4aaebf5f0fbd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
W99PYskj+CSjSOPqbOzfmg==
age
459624
cf-polished
origSize=6526
x-ms-lease-status
unlocked
cf-bgj
minify
last-modified
Thu, 11 Nov 2021 11:06:21 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
x-ms-request-id
7ee7dcc9-901e-0007-1c8b-80eeb5000000
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
cf-ray
76db741aeb3f6993-FRA
expires
Tue, 21 Nov 2023 18:22:55 GMT
lightbox_builder.js
www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/ Frame 886B
253 KB
38 KB
Script
General
Full URL
https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/lightbox_builder.js?cb=637908759194514824
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/user.js?cb=638015218881226087
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5f4af2ecfa8cbe2481e04b0bcb39b7c40ef2f97f04d29d253685111337755b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
Sy3R9FBWXcq6Cl1HiFEdNw==
age
459623
cf-polished
origSize=435579
x-ms-lease-status
unlocked
cf-bgj
minify
last-modified
Wed, 15 Jun 2022 07:45:19 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
x-ms-request-id
d5205b20-501e-0055-5e8b-80f347000000
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
cf-ray
76db741afb6f6993-FRA
expires
Tue, 21 Nov 2023 18:22:55 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4f29b4389a6e08bf3ffcdfb097597d5621b4abac31a74f89c3fa3537dc428e68

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98ccd33e523985efa588344a13932892db38b1335243f989dd366450db8ea68d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
973 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
feeff1b73fc856bbaa909aecd74cd3918a41d2f0642b773831da45ad969317e9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
pagead2.googlesyndication.com/bg/ Frame E9AD
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33724c87393fdef4c5f24d22efb12c7f11884c4990ffd634e31e4f4c4baa42f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 17:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2279
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15861
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 21 Nov 2023 17:44:56 GMT
skeleton.js
fw.adsafeprotected.com/rjss/st/1222871/67063675/ Frame B86E
238 KB
71 KB
Script
General
Full URL
https://fw.adsafeprotected.com/rjss/st/1222871/67063675/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1009402791&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=18669544255&bidurl=https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hSHFlkQDduRImK-vODw5MR
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
f95f6c64647c57c1bd2d422fb8de2004c584b18c96c48ecaa73b58a73afc8b8c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame B86E
106 KB
38 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Origin
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 08:38:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
35095
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37872
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 08:38:00 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame B86E
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BBvUFA9jPZ9rOSYYo_TQmYFkDs9tZIT_kiCFqTelYRsNVhnIn1jFonEJilwzXtG5rQ1I2yKHZGDePdAwVO6ZgIVUXnrsv-PWmEShL0UNOSfwQWK7MeLhP4sebPytc9GaRa4JG4WKFjaNn0M9-28rsW1PmArlzUOUExZMtCf_w0JfZHF9Q&dbm_d=AKAmf-Dh4Rdkd355JQ07D9NZS3f-QyXZBeDemLAOmUtuOUE4tqHHzErLwPZkR4eixF63RZ-9RORuFUGjq2fgHn5NH-ODov4m10DS5ASVaIHiLoMHS6_ORcKY6kBaz1xh9PD-gA1DOlPvAgmeUcKM0DyEtxxx5P371cKnlogdm8A6h69jUEDmgV5mA2Iz58nwIIkMzBLBQAsz7eqwsGkLBH409o6l79sMrs8adFXUpD3YHerE86GzBxcEk8Nz_ef3RN9wpT3nQdQgqW6YsFhf1m4EL59Aa-mQY3qIB-mWYJlbfKzUt94VzCCjlMYgIEYxRhic-ciCKKGPtbahONZeh-5EZbJNasJaa0qcSFoJLm2_JllfC6_vu0IHThLKRTAKBFSALa9X0In-FNynfsn01hXTFrPVLRAyGuQi0aRf_bT9HYhKG0S701Z60zlsyYbVWjb1P4tu30tZXfZb7Ewyw8soYmNZdKcxsxbbJ4miNOJu6LnyxjfA7t0h4jht-LavbpBmr1GLnkePq7wvVplvpQif7OKFWzmk7vVjrg5oood1chn-OCoCwg5UQBNLVUU3PNfQmB151jgakjSZsCCdjY8NxM24y4aVdEgaZ3xUS_dzt_lwjzbQwj5eY-7ogoV5w5y79RfQZFKG_9jgP7VtTvjTVqXrglS0rlfUz-PVCJFNhhQozVHsUZNND6dtnEKzO3rg7ID8-76IxyFZXjtQAKZds4r_t32HBUwtmZMqCzU54c8d0Uo_IC5DQJ6eppw2wA16Xh5VdRJYcTLyPDOTqhhDkQN0JcYAVZ5Ct232IfxeOntavuYodS8_gTMWHoNFVvrwhi24_bt4j49QOuU45-TBMUCiZiHmU7F1wz0Ic7SUZwarvBELdx_Msiga2V3omYWX5LkKuNX3KusK-Kuiq3_pGxlzn6L4YToz05vMP8IBWRLjPE4aHk7F_HecdwVRnePQeXcZiYiAB2M86qYrpZfdiYx9G_gy1jwoMn3dopim2nKYBg-kdBQg2b5FPLrfugQoqyY3utSVnDO3ePnPKIA6bzJZe5Jo2Y2jsLFkK411jaKxjNcPgaRxoW57onll7Te37r2mEQWGxGJ18NIACJiJd3qXI4ZcMU6kxY_sUqOdvU8lWFZ3VDNac6V-zol92Nc4pQ5ncjnTcDRoydakuCV6mRWq7W18h62_SoHACCm2wNYiKYPzROg2-_3eG8ru7S-fpV8kJepdfmRwBKjZP_zR5bQu94EA29j8XfIyTYAi2JL0O7ol0C9uvzKagquSOsonE4CcbvYoe9mxecvsG46vYI68DyHw8NXDfxK5AE8fZi1bngNcBhGLpX7n3sC2Ztimm4h7nk65vbqR4ULU5Pv-P6shbjmuXC2zW9u7qsDcUkQJp_31tB6iX9RsNWWXuYOP_itB1C7iZJR8uBgM1XwXVsgK0xdN8aH3NOVGglTe1PTJ97M0jVjlIGEFvv_GCpuLl3TgjIaKjT-FRrs-gcNxwIZvIR-0ShwAdTkLsGZl-_E2sTh_amp5Uz_zz0PTPaboYfz-d-w0bb2y-mrMfYwmvRpEO5BDwuTzN9VObcjGgyspSL_EQ22dU6pprJXedzHjwVtRkQ5dEKddtszPnQPw0MzqWdHuLMepsLl7nysfJK772uG_0SZgHNji76EzmeSCLHxy6n5dmV1enI4OjDr4gGmUuulISPa7wC0aDgeytWH46cJ2Gj-KdmfMxlosdrh7ibuLTaPyrGJXHw2VLnmm6pjpYUk-uSES8Ah0JQz1ysr9NRXpjYOquaRcgXxnnneUV7UogjjH3wGuOXch6jwUz9YoldwUOUPKySRD_20vZL-J3clzw4m9N42WHjXKFRpHjFNs98dSmDIfTn_lnyeZPbu5WgRGmfbnCLg6rv5nJhjE7xDhbBndp06-BL34Kp3MsUujln_K3Momwhe3vd2fI3k7UEAcSCcduCNGw01ldU6SHV1hSsw4wOpC44gEeuROV13d5X4SKPXQHXh8IeQ9kgY6JADrv2J3Jj-OqGo8ZbSJW4puojYUBknNilnvQV8w1bMhMMHRxmxYFxsmTQxZ-G1T5MAcZQT3gB9a1LruLaGNf6sHxQ0M_9u7ALFkTXkQzhnOl4x6OQwXynIvUbMPLLXxALqEqZadS_eiM-2SX9HasxH3fDDiRWJORPBOUEGmc2eT1b5O_K2snekUf2NsQ6c2r5cpI-mvOFnfvLBK6T-mfmHKpnzrXaGnyYbBPtPwEaYgWvM20UfYev5pPvKWhxnYduWx1Kf9ZrZQQi2uMHi5zORs9y25ydPeOH3W-6Y9Z9cg8la_4pvBiAqYQFyYog-Sw832zGbKTFq1GLX9D9XBrnMum6xFiHeETXpG106DLaHRBVAleUcZi1pjoxVe7o6pzyaClWSd-_zqEQb6hJJ2eYt0iDNy-NVtCgPDJ-qjFD6wa_dmSaqpot4UL4OWalgPGHeE1-f24FxKAbnL14B7aP9Dz1wZHxDBkYGz8TmeQgSnEiqjrY8XSTV4deIz6EjQ7QC0tkip9IBlH8BurO4bwy3GjlJMHh-QkZKwBIK-IYD3HT-dcGCO9Wu09BOqhsfMej_zJWRtFIcsHj2mu_tW4zleCTxnAhPS7WKkat1TOwV692kr8TSEUZaylnTfznaMea2q9mnq0K2nFaLL-bzwSPSV6czSXzpvGYiJm2Iw_vDNcDwlRNPuCwN0y1gWKmf31UnCsH9lL41DLaAcjzrHugMnxexoNvLUIIsksr0UqRuy8V9FLDAsg2CL82jDDmb4XI2YsIhbiClyxx0CrRjfA9YRNghwp8KiERnVcvWilxJ9iwZdz-VZ5nhLGPX-IdZJhh1qfNdggi8b1_lnmk33D9DWwL1LeSGkl1kH5spNc7JeXR-vjyGm3hrecTXU5bbGukTzDoA-CjKPExAgxytf69IOELURG7dGDGMPfjmKRttO_2JccRnk1L06Hcw5l9ZLvuXhNSNLdVICyowNzZSbRmKRqe7NFlv7hItmNJTRblbsZXwgygz0Tvu8T6ATFFxiCDlJVSmC-V4pZfZcAHYXlPJMkVfHIfPkvLAk1cJhod8QlGmfaaZer21xE4IF5higZHCqjGp-q8yJPwOefv1ntDO1bIIoeZv2UQfF6A8t7LiyYR10i-KLTUQ4DAkImodjVpT_tV8ak5y3CsqWG1_MR0MJC6vD7mVWkJ8o-FFJ4DoawnaCAF9gbdXnPojtoRUhPdXLM_1JxnNJoqhTJs8HN6xLtm6cJMkxDNdgLD0ff_gsduC2hR0qohxh50f4_GIZG7yncdwXrJLaaBMC2OFfIBCkpg-egHNo9JlWbyh-g6-4VGP_mIKgKDf80ExCC0j809COeqCzLxZlIn7c5isVobM09oT3FziJf_FhLqMSdQqRUjmRtzA93WDt-enanhgRYu2rFqYR1An08TVPE0swH4rtr6Z3-EH8DhjRBqzRmJmzs_TqoEuROH3zZlvfPglPx0amtw&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&rfl=1%2Chttps%253A%252F%252Fbestlifeonline.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 13:43:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
16743
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2986
x-xss-protection
0
server
cafe
etag
3296546412363819624
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 13:43:52 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame B86E
29 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BBvUFA9jPZ9rOSYYo_TQmYFkDs9tZIT_kiCFqTelYRsNVhnIn1jFonEJilwzXtG5rQ1I2yKHZGDePdAwVO6ZgIVUXnrsv-PWmEShL0UNOSfwQWK7MeLhP4sebPytc9GaRa4JG4WKFjaNn0M9-28rsW1PmArlzUOUExZMtCf_w0JfZHF9Q&dbm_d=AKAmf-Dh4Rdkd355JQ07D9NZS3f-QyXZBeDemLAOmUtuOUE4tqHHzErLwPZkR4eixF63RZ-9RORuFUGjq2fgHn5NH-ODov4m10DS5ASVaIHiLoMHS6_ORcKY6kBaz1xh9PD-gA1DOlPvAgmeUcKM0DyEtxxx5P371cKnlogdm8A6h69jUEDmgV5mA2Iz58nwIIkMzBLBQAsz7eqwsGkLBH409o6l79sMrs8adFXUpD3YHerE86GzBxcEk8Nz_ef3RN9wpT3nQdQgqW6YsFhf1m4EL59Aa-mQY3qIB-mWYJlbfKzUt94VzCCjlMYgIEYxRhic-ciCKKGPtbahONZeh-5EZbJNasJaa0qcSFoJLm2_JllfC6_vu0IHThLKRTAKBFSALa9X0In-FNynfsn01hXTFrPVLRAyGuQi0aRf_bT9HYhKG0S701Z60zlsyYbVWjb1P4tu30tZXfZb7Ewyw8soYmNZdKcxsxbbJ4miNOJu6LnyxjfA7t0h4jht-LavbpBmr1GLnkePq7wvVplvpQif7OKFWzmk7vVjrg5oood1chn-OCoCwg5UQBNLVUU3PNfQmB151jgakjSZsCCdjY8NxM24y4aVdEgaZ3xUS_dzt_lwjzbQwj5eY-7ogoV5w5y79RfQZFKG_9jgP7VtTvjTVqXrglS0rlfUz-PVCJFNhhQozVHsUZNND6dtnEKzO3rg7ID8-76IxyFZXjtQAKZds4r_t32HBUwtmZMqCzU54c8d0Uo_IC5DQJ6eppw2wA16Xh5VdRJYcTLyPDOTqhhDkQN0JcYAVZ5Ct232IfxeOntavuYodS8_gTMWHoNFVvrwhi24_bt4j49QOuU45-TBMUCiZiHmU7F1wz0Ic7SUZwarvBELdx_Msiga2V3omYWX5LkKuNX3KusK-Kuiq3_pGxlzn6L4YToz05vMP8IBWRLjPE4aHk7F_HecdwVRnePQeXcZiYiAB2M86qYrpZfdiYx9G_gy1jwoMn3dopim2nKYBg-kdBQg2b5FPLrfugQoqyY3utSVnDO3ePnPKIA6bzJZe5Jo2Y2jsLFkK411jaKxjNcPgaRxoW57onll7Te37r2mEQWGxGJ18NIACJiJd3qXI4ZcMU6kxY_sUqOdvU8lWFZ3VDNac6V-zol92Nc4pQ5ncjnTcDRoydakuCV6mRWq7W18h62_SoHACCm2wNYiKYPzROg2-_3eG8ru7S-fpV8kJepdfmRwBKjZP_zR5bQu94EA29j8XfIyTYAi2JL0O7ol0C9uvzKagquSOsonE4CcbvYoe9mxecvsG46vYI68DyHw8NXDfxK5AE8fZi1bngNcBhGLpX7n3sC2Ztimm4h7nk65vbqR4ULU5Pv-P6shbjmuXC2zW9u7qsDcUkQJp_31tB6iX9RsNWWXuYOP_itB1C7iZJR8uBgM1XwXVsgK0xdN8aH3NOVGglTe1PTJ97M0jVjlIGEFvv_GCpuLl3TgjIaKjT-FRrs-gcNxwIZvIR-0ShwAdTkLsGZl-_E2sTh_amp5Uz_zz0PTPaboYfz-d-w0bb2y-mrMfYwmvRpEO5BDwuTzN9VObcjGgyspSL_EQ22dU6pprJXedzHjwVtRkQ5dEKddtszPnQPw0MzqWdHuLMepsLl7nysfJK772uG_0SZgHNji76EzmeSCLHxy6n5dmV1enI4OjDr4gGmUuulISPa7wC0aDgeytWH46cJ2Gj-KdmfMxlosdrh7ibuLTaPyrGJXHw2VLnmm6pjpYUk-uSES8Ah0JQz1ysr9NRXpjYOquaRcgXxnnneUV7UogjjH3wGuOXch6jwUz9YoldwUOUPKySRD_20vZL-J3clzw4m9N42WHjXKFRpHjFNs98dSmDIfTn_lnyeZPbu5WgRGmfbnCLg6rv5nJhjE7xDhbBndp06-BL34Kp3MsUujln_K3Momwhe3vd2fI3k7UEAcSCcduCNGw01ldU6SHV1hSsw4wOpC44gEeuROV13d5X4SKPXQHXh8IeQ9kgY6JADrv2J3Jj-OqGo8ZbSJW4puojYUBknNilnvQV8w1bMhMMHRxmxYFxsmTQxZ-G1T5MAcZQT3gB9a1LruLaGNf6sHxQ0M_9u7ALFkTXkQzhnOl4x6OQwXynIvUbMPLLXxALqEqZadS_eiM-2SX9HasxH3fDDiRWJORPBOUEGmc2eT1b5O_K2snekUf2NsQ6c2r5cpI-mvOFnfvLBK6T-mfmHKpnzrXaGnyYbBPtPwEaYgWvM20UfYev5pPvKWhxnYduWx1Kf9ZrZQQi2uMHi5zORs9y25ydPeOH3W-6Y9Z9cg8la_4pvBiAqYQFyYog-Sw832zGbKTFq1GLX9D9XBrnMum6xFiHeETXpG106DLaHRBVAleUcZi1pjoxVe7o6pzyaClWSd-_zqEQb6hJJ2eYt0iDNy-NVtCgPDJ-qjFD6wa_dmSaqpot4UL4OWalgPGHeE1-f24FxKAbnL14B7aP9Dz1wZHxDBkYGz8TmeQgSnEiqjrY8XSTV4deIz6EjQ7QC0tkip9IBlH8BurO4bwy3GjlJMHh-QkZKwBIK-IYD3HT-dcGCO9Wu09BOqhsfMej_zJWRtFIcsHj2mu_tW4zleCTxnAhPS7WKkat1TOwV692kr8TSEUZaylnTfznaMea2q9mnq0K2nFaLL-bzwSPSV6czSXzpvGYiJm2Iw_vDNcDwlRNPuCwN0y1gWKmf31UnCsH9lL41DLaAcjzrHugMnxexoNvLUIIsksr0UqRuy8V9FLDAsg2CL82jDDmb4XI2YsIhbiClyxx0CrRjfA9YRNghwp8KiERnVcvWilxJ9iwZdz-VZ5nhLGPX-IdZJhh1qfNdggi8b1_lnmk33D9DWwL1LeSGkl1kH5spNc7JeXR-vjyGm3hrecTXU5bbGukTzDoA-CjKPExAgxytf69IOELURG7dGDGMPfjmKRttO_2JccRnk1L06Hcw5l9ZLvuXhNSNLdVICyowNzZSbRmKRqe7NFlv7hItmNJTRblbsZXwgygz0Tvu8T6ATFFxiCDlJVSmC-V4pZfZcAHYXlPJMkVfHIfPkvLAk1cJhod8QlGmfaaZer21xE4IF5higZHCqjGp-q8yJPwOefv1ntDO1bIIoeZv2UQfF6A8t7LiyYR10i-KLTUQ4DAkImodjVpT_tV8ak5y3CsqWG1_MR0MJC6vD7mVWkJ8o-FFJ4DoawnaCAF9gbdXnPojtoRUhPdXLM_1JxnNJoqhTJs8HN6xLtm6cJMkxDNdgLD0ff_gsduC2hR0qohxh50f4_GIZG7yncdwXrJLaaBMC2OFfIBCkpg-egHNo9JlWbyh-g6-4VGP_mIKgKDf80ExCC0j809COeqCzLxZlIn7c5isVobM09oT3FziJf_FhLqMSdQqRUjmRtzA93WDt-enanhgRYu2rFqYR1An08TVPE0swH4rtr6Z3-EH8DhjRBqzRmJmzs_TqoEuROH3zZlvfPglPx0amtw&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&rfl=1%2Chttps%253A%252F%252Fbestlifeonline.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 13:36:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
17189
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11206
x-xss-protection
0
server
cafe
etag
16690196781007480285
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 13:36:26 GMT
skeleton.js
fw.adsafeprotected.com/rjss/st/1034476/65087491/ Frame 47E8
46 KB
12 KB
Script
General
Full URL
https://fw.adsafeprotected.com/rjss/st/1034476/65087491/skeleton.js?ias_dspID=3&ias_campId=29059254&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=17481969010&bidurl=https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jJ7l8-1cA3URwB-jTbdUJg
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
25c96defcfcabe1098d2ba1130a3eb12b0cc7ce02745775bdd6a5ced33a2931f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 47E8
170 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Origin
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 10:22:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
28816
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60311
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 10:22:39 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame 47E8
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B1rvUVq4C6QfwRqtM41KWjfjBOqhgTdTFpSdMEA12nOYYfRa9AGNCUWPM0QCZkuFjJv9pHsCuvyj9mXLrNMTf2Yn2St8FdcVItDAqKIZGGozss5EXpfrV111WEeHn9q31uEjepcQtZvLXLLTtDtICHtmSMTqxED3wdZtrE5x9YNT7nh9Y&dbm_d=AKAmf-B8tArEo3025cATg_8Gdi6OXNQKSZ638qna3pbV4H0Knub2TJO85-A5yCXdYAc6iaPvST5o94SN0WlRLewTBPfmzQHDyAA89kmVEbbhuvndO2aEufhR9f8B_4eNqnCaeHbZdlGkqg-Eoiy4T-Zbudlg1YPE35FytRdYSdATPUXFB2-t26eHx2BcebxAEl1r5YGYHMo1BukepWCkhfsJTWc7mw-2uKQPlxmhYDqaqooye0Zs0ZBHUThfR66EkhqAMqf3CJUJhOqHJRG2nKZ1iBWeGL-RXLCiT2NpXcAqj2wyQTR6q2pBGt8IaM3ARi9cnNC8_OeGeixndS90lfbnaOroqZjendWvHMh1xBVN_FDvt4I3Do_Nj4a9aehvE0D6s_L5Gp2RmtqyNZcB5mx6vr1bpoR8HDQX4bXNBImT56pzr4Ir7n9fn9ata2hU_lRNLBgJEzUQbgpSGaFG-chnxVslV221z1nnyVJRfZd3FD0LeiME3ot8Peu8Mw-0L3EFGsDvSxGdBdTmoHGd5C2_zoDelQoAHkta84d121XzngWRSZ9Y_JiQpqADOIQyIDJIZd0rtxB9DH_fMmuG0C3UI30fcFXC9ig6zRQwRlOOOZxAUAAVfga2d0I9mwRvR-FTlnPifqanxMBf9ufn7n4c29qFUggFAD68rlCJVNj8a2WyLK11ikm6Ld0chUp_O-Ibpc2LFKf21izLmX-GsSkqEnBrH4E-y6LvSOkqsMeD3QlzkNC7i7ZU1d7RPMmiZP7WWkHU2xNy1kz7j-XDQU0zwZ5UXRkxG7pgVVL4o__yoMmRe4w5XqXteiZRVlErQzLVGrqMEpWbT6PDheKjWBh74IpBDSWFVXK9tv6i0OUhPMp-v2OnnS2cB8tYPvN0ERQnVrqy_38J0LqtUiidsfFH_aFSqRbuVMmNZqvX7BDBNQTV1R1lU2VvhjI9Jf8tS-AP7TBA2CFRcdGXzsnvzny_hfSSphvHC8YM7nrhc7F23md8nDVpiPsU_TYelLo7smIhiz187QdRiL21Va2TSAmdqnrvDqz3hIu7Rwr0x_pEfDDvU_Hf4HuIqpLjVi_pVb7iV-UQs2sYyMd4r_AxVvgon8eWBbqLGH_MEJ42ffTSAf7q2mvY5zcp_CM5aUAPFyCqtilPezY8xF72NUOblHjEv36tBUiQngulKFxewJDByutAXyPUKFq4W-TwmXSJHRnZUNc_ygkYvJCJS9jXEw5o8A_Gmc-Ext4thkx9hpfOOA2Dr3vAWfT7ybAvmh8Dmt5JadHM_7TIM-A4cfHRPCuvzYvtcQNgHqFjcJTpLBfRC4kh8APffaiRVdr2ZSA2ePxbOLAodeZBZVvXdF19FmOPhtFXDeGclOnRbMqpj57LkxhYivb6H6xH5DwnEIwjHPfvVTuWIQszh_EseDgbKHfJVw-FZvWXLSG-mhVU84-PtVaVfu--TXtLfx9_LBEZZskarY5vrcgeTVQCFmkWI2pnu1aUstb_uVF_3QkenOlGwSPmL_DRmfPKGIiwDcd7yknQW8sxvvUgNONdyFl7FkPUHMvuSwIS6Yenl1Ngn_eTncDEhv5748BzlycdfId5S4E8hCWC8d1n7enSARoy5FzVtqY9FpgywyFQs50GulPqtkhV3FMln5iw1zvB_xv77v78-rFn4DUmOLUBPzzQFAwocZyvU4KvtqAD1inrcPiCQw5RZthCxu-Qy_ihWalDPXwBrVun80rg6Q-nmMa9xcDNrcd-LXZ-qXFeHedMjoWDjLYPAza6Y6T9felPIAnAuiFFN4qbzJxS5k-rT93si2oAsoiPlkl6Es28-9zVq_8QZciHTcp0JcXIDQSaf2By79j9hxHXmB596adWfLXKHq4gzuUY_aMlgNLRblvOdfJVRne53_wOm4-7V8VVrcb4NgHmRNprszZ3vyDhquW4EoyIzu80hAXm1ObIDE86yuKrzcHVvwybd-ck5nx2Ce1TvUzD0JWztiYMQeUbjAXYwYnRla0hhLt6bOTzPd7uPZrmVnUOhsTPmcma_Uk8_RQnTQomGbmTvb9x7p_LCuOLRZ1ajE3BzNVFtM_z8Lcj6kHw0PxwMYbuH6uiz5cPFQ8P4eYEwLS2MFq02yOC6RfXdsk-J2OzIP5G5lhSJxJstAw7pD1BRiLY_-EY-2Xap4bouGa4bwN0K3-CCp4UJxU9FrtlIR2FlZGtKNwAIQictKjBnRLJucz1atPGrG1z2GwLRZ1XR_eKjUr7ohRltGH452j877IMw4_MO4gZvmP1aJMqxpDCNDOJ-vLO10dkmoxZSMIlPED1WN08P0F_s5fzdNqFF3dlha8oKwCB1w8ITS4ZL0LsfGsONG-v39kaIvxvnHLvcQe6iwvpRR9hVPTEEKo1ht-S4zJBpG4t5OU1L7LB5r5rFeMdZkGYLVdkuNLOy28Dg0es4hOWwfGC2BBrEtY5L0_6mj7IBNXGpe89Pr7Z8ue_7jkCQQKu663o0QgkYl_xXEVwXm2ySSCm1hu6lhihQkAz7V9YsxgpXnsloij2UAisvW3PkgXOlcctPOzFHu6XHEs52puQLADunqQLHuGgHhtvDJP9C-c_CuIq31FbdRLNoxm48E58KGj0faBzlfmqFp_sW5FpSts3AjfM1_3ksECHx6XiZ6UamxcLJkrDyGtLDyH2RAM8w0uuvfnaNbi6bcOLhNPVhpHAPme6bjx6SYGiFwHNThVJ9yYlWn7a_7_b5SZS5xaXDBd90d3fSHjKccVfJBuiVGyYOMDU_sHgbVsN33YHevEs6gCwZMN4pHB4JtuCdyd5GXYw2ElT0AJbL5ss9YXdmDnYgqJtlGLVcZQYwACnctzPp6lrQDDiXagFTx_cPRQ3A1__OE7joPZHkPAUlEecbQnVu9-1d5XG12uQsnRpqznlVa_2XATeyNIHNERFZQMrp0n1qpRdd2hWDNMTbOhT-K98ousRvu06021iANvuc8RDNAGkeU6htiydlfWmr_BVAChstEKbhC_eycz1gTT9x7fNpKLwD8ALBp6LkBfYxm5-craQHQgOcEHh2cb2eKfHcasJOZgc-JvgS5FMuaVjHb0sBfd-n8f8bsHCaREvBagUu1u-kKSsDjGPNKcJcbMdGkXH-QndaCbhDTHLwGUaY2T1FxhCbZs2NH-Dyhhk9PKWR9_05hDUw7vIhjXnIMLqRJ3c38-atHC6ZGYcBt5Ajj8karbkq5OiP0JCRUuTIU8vz1zZ_BT00JIoF42bCdJ7FM1GSj-Zetbc2xpZaD11wZEtp4BUS0sQaBdpqA3TYV_NbBQOlAs3Mo7tzsM3DSGBoxJp2vG5iQB_TtZVMta0UgymIGFLsmWzdgaWHjiF63DcInVthyU7L0_7XEYSSPyJFWwfpIXMMZQXclUAsoBkLwuKfkV6qtUHyauWEuXkpaOLVxl5J1XjPnTQNYCntdHseSHPCP42nVv6nUr7GFJJyofZIyx4J4GrNq0be4CILSP53gtMfe0NwIvRR6S6-kU&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&rfl=1%2Chttps%253A%252F%252Fbestlifeonline.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 13:43:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
16743
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2986
x-xss-protection
0
server
cafe
etag
3296546412363819624
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 13:43:52 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 47E8
29 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B1rvUVq4C6QfwRqtM41KWjfjBOqhgTdTFpSdMEA12nOYYfRa9AGNCUWPM0QCZkuFjJv9pHsCuvyj9mXLrNMTf2Yn2St8FdcVItDAqKIZGGozss5EXpfrV111WEeHn9q31uEjepcQtZvLXLLTtDtICHtmSMTqxED3wdZtrE5x9YNT7nh9Y&dbm_d=AKAmf-B8tArEo3025cATg_8Gdi6OXNQKSZ638qna3pbV4H0Knub2TJO85-A5yCXdYAc6iaPvST5o94SN0WlRLewTBPfmzQHDyAA89kmVEbbhuvndO2aEufhR9f8B_4eNqnCaeHbZdlGkqg-Eoiy4T-Zbudlg1YPE35FytRdYSdATPUXFB2-t26eHx2BcebxAEl1r5YGYHMo1BukepWCkhfsJTWc7mw-2uKQPlxmhYDqaqooye0Zs0ZBHUThfR66EkhqAMqf3CJUJhOqHJRG2nKZ1iBWeGL-RXLCiT2NpXcAqj2wyQTR6q2pBGt8IaM3ARi9cnNC8_OeGeixndS90lfbnaOroqZjendWvHMh1xBVN_FDvt4I3Do_Nj4a9aehvE0D6s_L5Gp2RmtqyNZcB5mx6vr1bpoR8HDQX4bXNBImT56pzr4Ir7n9fn9ata2hU_lRNLBgJEzUQbgpSGaFG-chnxVslV221z1nnyVJRfZd3FD0LeiME3ot8Peu8Mw-0L3EFGsDvSxGdBdTmoHGd5C2_zoDelQoAHkta84d121XzngWRSZ9Y_JiQpqADOIQyIDJIZd0rtxB9DH_fMmuG0C3UI30fcFXC9ig6zRQwRlOOOZxAUAAVfga2d0I9mwRvR-FTlnPifqanxMBf9ufn7n4c29qFUggFAD68rlCJVNj8a2WyLK11ikm6Ld0chUp_O-Ibpc2LFKf21izLmX-GsSkqEnBrH4E-y6LvSOkqsMeD3QlzkNC7i7ZU1d7RPMmiZP7WWkHU2xNy1kz7j-XDQU0zwZ5UXRkxG7pgVVL4o__yoMmRe4w5XqXteiZRVlErQzLVGrqMEpWbT6PDheKjWBh74IpBDSWFVXK9tv6i0OUhPMp-v2OnnS2cB8tYPvN0ERQnVrqy_38J0LqtUiidsfFH_aFSqRbuVMmNZqvX7BDBNQTV1R1lU2VvhjI9Jf8tS-AP7TBA2CFRcdGXzsnvzny_hfSSphvHC8YM7nrhc7F23md8nDVpiPsU_TYelLo7smIhiz187QdRiL21Va2TSAmdqnrvDqz3hIu7Rwr0x_pEfDDvU_Hf4HuIqpLjVi_pVb7iV-UQs2sYyMd4r_AxVvgon8eWBbqLGH_MEJ42ffTSAf7q2mvY5zcp_CM5aUAPFyCqtilPezY8xF72NUOblHjEv36tBUiQngulKFxewJDByutAXyPUKFq4W-TwmXSJHRnZUNc_ygkYvJCJS9jXEw5o8A_Gmc-Ext4thkx9hpfOOA2Dr3vAWfT7ybAvmh8Dmt5JadHM_7TIM-A4cfHRPCuvzYvtcQNgHqFjcJTpLBfRC4kh8APffaiRVdr2ZSA2ePxbOLAodeZBZVvXdF19FmOPhtFXDeGclOnRbMqpj57LkxhYivb6H6xH5DwnEIwjHPfvVTuWIQszh_EseDgbKHfJVw-FZvWXLSG-mhVU84-PtVaVfu--TXtLfx9_LBEZZskarY5vrcgeTVQCFmkWI2pnu1aUstb_uVF_3QkenOlGwSPmL_DRmfPKGIiwDcd7yknQW8sxvvUgNONdyFl7FkPUHMvuSwIS6Yenl1Ngn_eTncDEhv5748BzlycdfId5S4E8hCWC8d1n7enSARoy5FzVtqY9FpgywyFQs50GulPqtkhV3FMln5iw1zvB_xv77v78-rFn4DUmOLUBPzzQFAwocZyvU4KvtqAD1inrcPiCQw5RZthCxu-Qy_ihWalDPXwBrVun80rg6Q-nmMa9xcDNrcd-LXZ-qXFeHedMjoWDjLYPAza6Y6T9felPIAnAuiFFN4qbzJxS5k-rT93si2oAsoiPlkl6Es28-9zVq_8QZciHTcp0JcXIDQSaf2By79j9hxHXmB596adWfLXKHq4gzuUY_aMlgNLRblvOdfJVRne53_wOm4-7V8VVrcb4NgHmRNprszZ3vyDhquW4EoyIzu80hAXm1ObIDE86yuKrzcHVvwybd-ck5nx2Ce1TvUzD0JWztiYMQeUbjAXYwYnRla0hhLt6bOTzPd7uPZrmVnUOhsTPmcma_Uk8_RQnTQomGbmTvb9x7p_LCuOLRZ1ajE3BzNVFtM_z8Lcj6kHw0PxwMYbuH6uiz5cPFQ8P4eYEwLS2MFq02yOC6RfXdsk-J2OzIP5G5lhSJxJstAw7pD1BRiLY_-EY-2Xap4bouGa4bwN0K3-CCp4UJxU9FrtlIR2FlZGtKNwAIQictKjBnRLJucz1atPGrG1z2GwLRZ1XR_eKjUr7ohRltGH452j877IMw4_MO4gZvmP1aJMqxpDCNDOJ-vLO10dkmoxZSMIlPED1WN08P0F_s5fzdNqFF3dlha8oKwCB1w8ITS4ZL0LsfGsONG-v39kaIvxvnHLvcQe6iwvpRR9hVPTEEKo1ht-S4zJBpG4t5OU1L7LB5r5rFeMdZkGYLVdkuNLOy28Dg0es4hOWwfGC2BBrEtY5L0_6mj7IBNXGpe89Pr7Z8ue_7jkCQQKu663o0QgkYl_xXEVwXm2ySSCm1hu6lhihQkAz7V9YsxgpXnsloij2UAisvW3PkgXOlcctPOzFHu6XHEs52puQLADunqQLHuGgHhtvDJP9C-c_CuIq31FbdRLNoxm48E58KGj0faBzlfmqFp_sW5FpSts3AjfM1_3ksECHx6XiZ6UamxcLJkrDyGtLDyH2RAM8w0uuvfnaNbi6bcOLhNPVhpHAPme6bjx6SYGiFwHNThVJ9yYlWn7a_7_b5SZS5xaXDBd90d3fSHjKccVfJBuiVGyYOMDU_sHgbVsN33YHevEs6gCwZMN4pHB4JtuCdyd5GXYw2ElT0AJbL5ss9YXdmDnYgqJtlGLVcZQYwACnctzPp6lrQDDiXagFTx_cPRQ3A1__OE7joPZHkPAUlEecbQnVu9-1d5XG12uQsnRpqznlVa_2XATeyNIHNERFZQMrp0n1qpRdd2hWDNMTbOhT-K98ousRvu06021iANvuc8RDNAGkeU6htiydlfWmr_BVAChstEKbhC_eycz1gTT9x7fNpKLwD8ALBp6LkBfYxm5-craQHQgOcEHh2cb2eKfHcasJOZgc-JvgS5FMuaVjHb0sBfd-n8f8bsHCaREvBagUu1u-kKSsDjGPNKcJcbMdGkXH-QndaCbhDTHLwGUaY2T1FxhCbZs2NH-Dyhhk9PKWR9_05hDUw7vIhjXnIMLqRJ3c38-atHC6ZGYcBt5Ajj8karbkq5OiP0JCRUuTIU8vz1zZ_BT00JIoF42bCdJ7FM1GSj-Zetbc2xpZaD11wZEtp4BUS0sQaBdpqA3TYV_NbBQOlAs3Mo7tzsM3DSGBoxJp2vG5iQB_TtZVMta0UgymIGFLsmWzdgaWHjiF63DcInVthyU7L0_7XEYSSPyJFWwfpIXMMZQXclUAsoBkLwuKfkV6qtUHyauWEuXkpaOLVxl5J1XjPnTQNYCntdHseSHPCP42nVv6nUr7GFJJyofZIyx4J4GrNq0be4CILSP53gtMfe0NwIvRR6S6-kU&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&rfl=1%2Chttps%253A%252F%252Fbestlifeonline.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 13:36:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
17189
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11206
x-xss-protection
0
server
cafe
etag
16690196781007480285
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 13:36:26 GMT
skeleton.js
fw.adsafeprotected.com/rjss/st/1034476/65087490/ Frame E252
46 KB
12 KB
Script
General
Full URL
https://fw.adsafeprotected.com/rjss/st/1034476/65087490/skeleton.js?ias_dspID=3&ias_campId=29059254&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=17481969010&bidurl=https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gk93gkZv3kjNPtd08ijnpV
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
33442b4d61d8b3d30df627f4909476e0448bbbda78119ce883a68a7db182ab5e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame E252
170 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Origin
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 10:22:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
28816
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60311
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 10:22:39 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame E252
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B-JvEaB5z9XXqDDDbt1zhlwlNSP_8KG_1Wy4IqFwPwUDmDIWNyrabx8VjTp-GLJ4u6MTnYfpVe9vbZGq5Lx5QCHUvZhHe2tWCNalVsZraLpEB9WOaqjr5sc9S5DRlP7TRi-SBZcmc_Mx2_xlQDpVhFo35gNfZJ41NbugcYOpN2pg-4rsU&dbm_d=AKAmf-CHrSCjoGtzSDWbi--m8F6SG48QnOHPD71-VE2zL-iy4_pFBEpklA7LwG-EPuVwOZt98TGyZZPYVGrt2zOPNYiovAibn9PM_eLvtMRGtLQf7bW69KZAoacB1bKJEIQFOa_hCA234h8XMkveYfrA9omlk0c7k1RHOG8yOc3GVhbUsUNMbSvYZofjFE79PxoOosWs6RwqoTGMeYb0MidAngsJ3_jj-XVwiYo4Z8vcTMt-Pa1Gu6IVTdoHtXcXItSXITOoBIHvm6YVBsqLn9eI4xlDm6NY6YnG4Sxc50puZjYtkTznvEsnNcTCG70w_WyMGwd2MGnDfwYFlTD4RjINerdpTKhGCG8iCm_H4wyy_nuSVzppMYYNmnaQUCZLyOYo7umGEJb8tjTBNhJF6exFL4giZWZ06vaNZAvd4S8j9W4n4MpNnbCCxqarWgEOKlbhh4tUQ_8gs74ZCYDbEr2sEYijbKtBQiYv3vqkqj-1zuX9WhEhjJyVRTD24NNVeWkP47UbKah0OZXFJaUu3xNqCXGNOVyomghaHcnaPojiUzuqiFUHZkmIr-NQqtv9rTKxQRr1mKEW1zHMOREecDl1yShqPER5x2eQ92A8rFnWmJ3Lcfc58EOXxwJVb3u1hYK4apjXBaai8a0Xh4V6R1qnTjRjO7ZQ6KAwqLChHrBJcwhM03Fcsh1dsCcm0dnRVxda8YytpWEAqrnfqtqwj2lxqGQisKaRMX06sREoKcB7j6vmQss2xK71spDWNevmNuuJ9NiL0wvdeM3X78U1o3VtMbf9PmR0AGpkhdr2MzceDVee141aemqk8GP3JxawtZL_vzQL4UE70b6bDgEX6a7HnAbb6sASTYRnHxjTgeZi_joyWxgz8BMB4sriy6qzV5nkEqMurp856iHCZ0oSWTirqbBsQDLL5fv1RD8HY_Ob9jTgO2lkYMsOtgb974PI1ZHDwcv3AsaUqmVPvEPhmlL_RBBBSs3OeVqBiMP2D2JtdwGe4SGtPrSjluV7C-YTTvUrox52TkUSdpNvgbw76rMMNipMefSsnDWmWfZg_SdhnrcyQB4Hjl60Uvb-1MhwpqBve3aHVjoLliTtU_2A5LCMZlaZSyMful6DrOGYZ58ZENMek4PgCU1iTPy4wKWUqX7qwPPzV0eTSAh_G-GxwVTej85xCe1BKZKtf4Le1dU9I_LsKa2GTa5-SqY1r82gclmEicjCut77vYPFey24Iygcy3uj7TXOCAtPs4ZXL5CGCB1_Sgxq-elukIbgjdk-m6PgWOcHnSQHHCWEIsbzDsocZMXHyVXnasuPj8SzdtuSBVUnpv7Np89aP2Ss6t6RSCHTYhD17aPQYbjjOx6Glyc8yBQnhODHgAvY6Z0xCK-2FVi_1OJ1NMXa3XoaMqYsezBDF6FW5LwBFc0hYXJT2tm86sWoykN1YSLp1ZKBWIZHosnIPb9NjoLMkibX9L0NBC7-taRUxLC-yE9ZPAST69KxZi-GU0k59ehBJ28ACbIZEngetcDp45OWbBHCuIqIdq0xNG5ezMWz9eSv-G10BEWTaPA8BK-L3AZyP8ArCWcyr-TSIcFYK9ozufeBIlqyv1NYwtozEdZjpdjlKoJRb4jEHSLUyIrq_VGimrP2AlngHk1HRMiqRVgbd6j3JLYZhrDPg_93pVlAVW5MeEh57UNTG7T8XY_nh34mXvjwIT7yHBeskEPL8_XzhHPhZVECEapaEFuR9B3qhx5-2lt91j9oFgS6mMKTVhMogYxDaBh9zlrXneLOeOF3nZL_iVU9xhK7KJ_Zu7sPwDYzLoWIcYvUR5jLrBiowmB00AacYiSCy4X-uC_bYTNGxZKTaiH47_9OL0kZH3dl2oaOjIukS_P_Pz1HnW2O2TE3HS2T0cRaGzay5JF3dY2UApzQ_mz9MBZlkiA_7LGxSY2JuwxshpTcujK4IsftDbjlqzsZauhA8GdF8yaGw7lms7_qTZNYTekeXHbiOsCU9xreqRkAaj-KBqBAZp7hEwmfahX2dWQWTjtZwBfpRru1WWQzbZHW89PQAImkTOWZW-UGPD7b0p9K1krP9Iya2-S8tYqCZJbDXrrzK4SBEboEM3e_ewhJzM3qLlK3K5DgTtb6wxXhgbR_7eMKonTm3BLCqf6cAwcZzV3x10H-3C2jNkdGUbYDHumjuBstcZRqQ0c-c2MNg6C5YA_VjlmFUfIw6G7xkNK0crVTjPKnbu8PyAZ75GSilXpBjTxcgP7wYZRSO5iPYwKvcEcpZ-gyIJ3JdsH5ILfYuXuFiYhNkb2nJZ21P3WyHblnYt8RMipAqqrvbhqsN4Rdz6tJvoadCV-LbXyFPMsiO--pCHOVef_IhnfynE5jpS4WA997Cmx3V4qrv3DEG5MXjx9LDDmLSkvPQoURPxMO0mbLnSX4pngf7xWZta0Yn9Z9C9aJZlAhwABqolgNpzp0hlX5WFXlvmyBgpxnGe_Bsq_GnvouLDVHU2TMCux1oZvv6Lo35CB3jtPE26swuQ9lu47OUB0QBrAhiEOxTCSSm3shKSCgG75Jqb5D7GD3vno2SLdY6Rx0qqTxZfzC2JYaHpmsFtEbFNFN9F091TjWXIEX1CuTXwwYGdL2quImYeUaNL2i9kaF0dNEm5RsDqOU-tEP556N4oo5oHvY8bPyqENQtu70wYBRxli_JqfzkmolItw5db_r9jMvsOzT0padhMEpjG_lfRlc44-_YOlhpiY2vnjf19OaxYVt4UTltBH58i0RG-Mgm5Gd4YEGPUKTCqzb-R2qol4mcuMFZRnuHqPQeuiyW7O9hqeW64t3S9hxKJ-8g1__dAWl0IiT7sxJ7Q0Uc5nKynd6h8aWITsaLpbEAU3Pdq9RYq2eAQBNKy8BKmZAUPBjvVxIyhDFRwPH5bElazF583UEn0WTDui5JTqzXGwacN7Cn3s4VZnO_0837BEyNbJd6FMMMp0IcKmdKqGB1SN6rfN2MpOv7beRkXadeYaHYZ1fr_A9CcRAc1gnMWtAFUHYcHx_O5CuCofkwiDjWFgGTjOf1EbjtPYLJfXIS8_C1R7TMwT7O9Qbr2CEFXJjOJ4fM5whbrYC2fWdx3oHyxhhjp7J4QfcXPGAx9UchUv-j6fmYnUJUfZtrNPt3Xj52p8gT9G1RAMjc97kUwnTqsTgdvVo3lTdRoPN_rzigCaWS6MWHLwMxAsCVy_Wyp9RkZnHluaI7ZXeIqW6fR4VqBFKO3iaxhX4mLGQ0PJ_3P0DEM6omtLzElyWw5BJARV5uCsyLYUQ5zw9fEokqNUHkcuvCyj5Pel4SBszwD5vp8vXeRgF4hWZJDFEWnD_SDY_FmxSQux5-hOMdxKENM-_BD0LiOtr-JgKXyAnvaDxX860wYH_9RfgAWw3xl-a3g1S56C2SfbjnCvmQ2ZNgG9WJ4KzgrVSzDII3-Pt1xFf4sLxPVPVhEYJ0dMNJyQ0-5rpDiU9bcK7gWzHEhvOW6H0k7BsLQ&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&rfl=1%2Chttps%253A%252F%252Fbestlifeonline.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 13:43:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
16743
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2986
x-xss-protection
0
server
cafe
etag
3296546412363819624
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 13:43:52 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame E252
29 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B-JvEaB5z9XXqDDDbt1zhlwlNSP_8KG_1Wy4IqFwPwUDmDIWNyrabx8VjTp-GLJ4u6MTnYfpVe9vbZGq5Lx5QCHUvZhHe2tWCNalVsZraLpEB9WOaqjr5sc9S5DRlP7TRi-SBZcmc_Mx2_xlQDpVhFo35gNfZJ41NbugcYOpN2pg-4rsU&dbm_d=AKAmf-CHrSCjoGtzSDWbi--m8F6SG48QnOHPD71-VE2zL-iy4_pFBEpklA7LwG-EPuVwOZt98TGyZZPYVGrt2zOPNYiovAibn9PM_eLvtMRGtLQf7bW69KZAoacB1bKJEIQFOa_hCA234h8XMkveYfrA9omlk0c7k1RHOG8yOc3GVhbUsUNMbSvYZofjFE79PxoOosWs6RwqoTGMeYb0MidAngsJ3_jj-XVwiYo4Z8vcTMt-Pa1Gu6IVTdoHtXcXItSXITOoBIHvm6YVBsqLn9eI4xlDm6NY6YnG4Sxc50puZjYtkTznvEsnNcTCG70w_WyMGwd2MGnDfwYFlTD4RjINerdpTKhGCG8iCm_H4wyy_nuSVzppMYYNmnaQUCZLyOYo7umGEJb8tjTBNhJF6exFL4giZWZ06vaNZAvd4S8j9W4n4MpNnbCCxqarWgEOKlbhh4tUQ_8gs74ZCYDbEr2sEYijbKtBQiYv3vqkqj-1zuX9WhEhjJyVRTD24NNVeWkP47UbKah0OZXFJaUu3xNqCXGNOVyomghaHcnaPojiUzuqiFUHZkmIr-NQqtv9rTKxQRr1mKEW1zHMOREecDl1yShqPER5x2eQ92A8rFnWmJ3Lcfc58EOXxwJVb3u1hYK4apjXBaai8a0Xh4V6R1qnTjRjO7ZQ6KAwqLChHrBJcwhM03Fcsh1dsCcm0dnRVxda8YytpWEAqrnfqtqwj2lxqGQisKaRMX06sREoKcB7j6vmQss2xK71spDWNevmNuuJ9NiL0wvdeM3X78U1o3VtMbf9PmR0AGpkhdr2MzceDVee141aemqk8GP3JxawtZL_vzQL4UE70b6bDgEX6a7HnAbb6sASTYRnHxjTgeZi_joyWxgz8BMB4sriy6qzV5nkEqMurp856iHCZ0oSWTirqbBsQDLL5fv1RD8HY_Ob9jTgO2lkYMsOtgb974PI1ZHDwcv3AsaUqmVPvEPhmlL_RBBBSs3OeVqBiMP2D2JtdwGe4SGtPrSjluV7C-YTTvUrox52TkUSdpNvgbw76rMMNipMefSsnDWmWfZg_SdhnrcyQB4Hjl60Uvb-1MhwpqBve3aHVjoLliTtU_2A5LCMZlaZSyMful6DrOGYZ58ZENMek4PgCU1iTPy4wKWUqX7qwPPzV0eTSAh_G-GxwVTej85xCe1BKZKtf4Le1dU9I_LsKa2GTa5-SqY1r82gclmEicjCut77vYPFey24Iygcy3uj7TXOCAtPs4ZXL5CGCB1_Sgxq-elukIbgjdk-m6PgWOcHnSQHHCWEIsbzDsocZMXHyVXnasuPj8SzdtuSBVUnpv7Np89aP2Ss6t6RSCHTYhD17aPQYbjjOx6Glyc8yBQnhODHgAvY6Z0xCK-2FVi_1OJ1NMXa3XoaMqYsezBDF6FW5LwBFc0hYXJT2tm86sWoykN1YSLp1ZKBWIZHosnIPb9NjoLMkibX9L0NBC7-taRUxLC-yE9ZPAST69KxZi-GU0k59ehBJ28ACbIZEngetcDp45OWbBHCuIqIdq0xNG5ezMWz9eSv-G10BEWTaPA8BK-L3AZyP8ArCWcyr-TSIcFYK9ozufeBIlqyv1NYwtozEdZjpdjlKoJRb4jEHSLUyIrq_VGimrP2AlngHk1HRMiqRVgbd6j3JLYZhrDPg_93pVlAVW5MeEh57UNTG7T8XY_nh34mXvjwIT7yHBeskEPL8_XzhHPhZVECEapaEFuR9B3qhx5-2lt91j9oFgS6mMKTVhMogYxDaBh9zlrXneLOeOF3nZL_iVU9xhK7KJ_Zu7sPwDYzLoWIcYvUR5jLrBiowmB00AacYiSCy4X-uC_bYTNGxZKTaiH47_9OL0kZH3dl2oaOjIukS_P_Pz1HnW2O2TE3HS2T0cRaGzay5JF3dY2UApzQ_mz9MBZlkiA_7LGxSY2JuwxshpTcujK4IsftDbjlqzsZauhA8GdF8yaGw7lms7_qTZNYTekeXHbiOsCU9xreqRkAaj-KBqBAZp7hEwmfahX2dWQWTjtZwBfpRru1WWQzbZHW89PQAImkTOWZW-UGPD7b0p9K1krP9Iya2-S8tYqCZJbDXrrzK4SBEboEM3e_ewhJzM3qLlK3K5DgTtb6wxXhgbR_7eMKonTm3BLCqf6cAwcZzV3x10H-3C2jNkdGUbYDHumjuBstcZRqQ0c-c2MNg6C5YA_VjlmFUfIw6G7xkNK0crVTjPKnbu8PyAZ75GSilXpBjTxcgP7wYZRSO5iPYwKvcEcpZ-gyIJ3JdsH5ILfYuXuFiYhNkb2nJZ21P3WyHblnYt8RMipAqqrvbhqsN4Rdz6tJvoadCV-LbXyFPMsiO--pCHOVef_IhnfynE5jpS4WA997Cmx3V4qrv3DEG5MXjx9LDDmLSkvPQoURPxMO0mbLnSX4pngf7xWZta0Yn9Z9C9aJZlAhwABqolgNpzp0hlX5WFXlvmyBgpxnGe_Bsq_GnvouLDVHU2TMCux1oZvv6Lo35CB3jtPE26swuQ9lu47OUB0QBrAhiEOxTCSSm3shKSCgG75Jqb5D7GD3vno2SLdY6Rx0qqTxZfzC2JYaHpmsFtEbFNFN9F091TjWXIEX1CuTXwwYGdL2quImYeUaNL2i9kaF0dNEm5RsDqOU-tEP556N4oo5oHvY8bPyqENQtu70wYBRxli_JqfzkmolItw5db_r9jMvsOzT0padhMEpjG_lfRlc44-_YOlhpiY2vnjf19OaxYVt4UTltBH58i0RG-Mgm5Gd4YEGPUKTCqzb-R2qol4mcuMFZRnuHqPQeuiyW7O9hqeW64t3S9hxKJ-8g1__dAWl0IiT7sxJ7Q0Uc5nKynd6h8aWITsaLpbEAU3Pdq9RYq2eAQBNKy8BKmZAUPBjvVxIyhDFRwPH5bElazF583UEn0WTDui5JTqzXGwacN7Cn3s4VZnO_0837BEyNbJd6FMMMp0IcKmdKqGB1SN6rfN2MpOv7beRkXadeYaHYZ1fr_A9CcRAc1gnMWtAFUHYcHx_O5CuCofkwiDjWFgGTjOf1EbjtPYLJfXIS8_C1R7TMwT7O9Qbr2CEFXJjOJ4fM5whbrYC2fWdx3oHyxhhjp7J4QfcXPGAx9UchUv-j6fmYnUJUfZtrNPt3Xj52p8gT9G1RAMjc97kUwnTqsTgdvVo3lTdRoPN_rzigCaWS6MWHLwMxAsCVy_Wyp9RkZnHluaI7ZXeIqW6fR4VqBFKO3iaxhX4mLGQ0PJ_3P0DEM6omtLzElyWw5BJARV5uCsyLYUQ5zw9fEokqNUHkcuvCyj5Pel4SBszwD5vp8vXeRgF4hWZJDFEWnD_SDY_FmxSQux5-hOMdxKENM-_BD0LiOtr-JgKXyAnvaDxX860wYH_9RfgAWw3xl-a3g1S56C2SfbjnCvmQ2ZNgG9WJ4KzgrVSzDII3-Pt1xFf4sLxPVPVhEYJ0dMNJyQ0-5rpDiU9bcK7gWzHEhvOW6H0k7BsLQ&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&rfl=1%2Chttps%253A%252F%252Fbestlifeonline.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 13:36:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
17189
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11206
x-xss-protection
0
server
cafe
etag
16690196781007480285
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Dec 2022 13:36:26 GMT
rum
dsum-sec.casalemedia.com/ Frame 4500
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYu8ejzAEwAQ&v=APEucNWIUgtjFdsIfXooRu798sz6tgUyJCMcWQUBmBBZQBM4023kDAG0o7ClAUrMJEKqDlz2Tmy8wGE4AiBJ3cOZrkEbOresYIGcjzA3nWUGSUjONc-JrF4kRb8eSz3MvaFQQ2hs54SYnilX0wwWzuFN2KANtGsOUkDvaXKO_EoNgZZu6x4pmZ1ccclYNQ52sSisJXhtDbUKbyDiH-XfypZ76UR7mho48w
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 4500
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y3vB-0.nQACYvEJDl6cjMQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYu8ejzAEwAQ&v=APEucNWIUgtjFdsIfXooRu798sz6tgUyJCMcWQUBmBBZQBM4023kDAG0o7ClAUrMJEKqDlz2Tmy8wGE4AiBJ3cOZrkEbOresYIGcjzA3nWUGSUjONc-JrF4kRb8eSz3MvaFQQ2hs54SYnilX0wwWzuFN2KANtGsOUkDvaXKO_EoNgZZu6x4pmZ1ccclYNQ52sSisJXhtDbUKbyDiH-XfypZ76UR7mho48w
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 4500
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
43 B
1015 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYu8ejzAEwAQ&v=APEucNWIUgtjFdsIfXooRu798sz6tgUyJCMcWQUBmBBZQBM4023kDAG0o7ClAUrMJEKqDlz2Tmy8wGE4AiBJ3cOZrkEbOresYIGcjzA3nWUGSUjONc-JrF4kRb8eSz3MvaFQQ2hs54SYnilX0wwWzuFN2KANtGsOUkDvaXKO_EoNgZZu6x4pmZ1ccclYNQ52sSisJXhtDbUKbyDiH-XfypZ76UR7mho48w
Protocol
HTTP/1.1
Server
37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
AN-X-Request-Uuid
eef4aee7-b4c0-4526-8eea-9a2408efc27b
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.64.151.4; 217.64.151.4; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 4500
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYu8ejzAEwAQ&v=APEucNWIUgtjFdsIfXooRu798sz6tgUyJCMcWQUBmBBZQBM4023kDAG0o7ClAUrMJEKqDlz2Tmy8wGE4AiBJ3cOZrkEbOresYIGcjzA3nWUGSUjONc-JrF4kRb8eSz3MvaFQQ2hs54SYnilX0wwWzuFN2KANtGsOUkDvaXKO_EoNgZZu6x4pmZ1ccclYNQ52sSisJXhtDbUKbyDiH-XfypZ76UR7mho48w
Protocol
H3
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
AN-X-Request-Uuid
ee76ddbc-0db6-4f5c-993d-1bd92627693b
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
Connection
keep-alive
X-Proxy-Origin
217.64.151.4; 217.64.151.4; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame D4B8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYhsajzAEwAQ&v=APEucNVsZS1DzGUlvNJX3WwVwp4lvZrJ31DUO09YUxTgZsa1_OzOFcqOjMJ-Vs24lJEQ7KRjuMS_N5R_lg-AIUKip333U6d8hv5Chx_Cyoj0geI2zi6RO0JPXt1HZTUf9FBiHl8RVMtBojiPd9R4TMS0ya8_YZeN7ewJG1dth4A11UIVvbR3swfI380GVjYugelJUQYawpwOvLkGLCibZcCTeLX_wgzjsg
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame D4B8
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y3vB-0.nQACYvEJDl6cjMQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYhsajzAEwAQ&v=APEucNVsZS1DzGUlvNJX3WwVwp4lvZrJ31DUO09YUxTgZsa1_OzOFcqOjMJ-Vs24lJEQ7KRjuMS_N5R_lg-AIUKip333U6d8hv5Chx_Cyoj0geI2zi6RO0JPXt1HZTUf9FBiHl8RVMtBojiPd9R4TMS0ya8_YZeN7ewJG1dth4A11UIVvbR3swfI380GVjYugelJUQYawpwOvLkGLCibZcCTeLX_wgzjsg
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame D4B8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
43 B
1015 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYhsajzAEwAQ&v=APEucNVsZS1DzGUlvNJX3WwVwp4lvZrJ31DUO09YUxTgZsa1_OzOFcqOjMJ-Vs24lJEQ7KRjuMS_N5R_lg-AIUKip333U6d8hv5Chx_Cyoj0geI2zi6RO0JPXt1HZTUf9FBiHl8RVMtBojiPd9R4TMS0ya8_YZeN7ewJG1dth4A11UIVvbR3swfI380GVjYugelJUQYawpwOvLkGLCibZcCTeLX_wgzjsg
Protocol
HTTP/1.1
Server
37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
AN-X-Request-Uuid
3175cf69-108e-4afd-9436-de5467c95796
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.64.151.4; 217.64.151.4; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame D4B8
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMYhsajzAEwAQ&v=APEucNVsZS1DzGUlvNJX3WwVwp4lvZrJ31DUO09YUxTgZsa1_OzOFcqOjMJ-Vs24lJEQ7KRjuMS_N5R_lg-AIUKip333U6d8hv5Chx_Cyoj0geI2zi6RO0JPXt1HZTUf9FBiHl8RVMtBojiPd9R4TMS0ya8_YZeN7ewJG1dth4A11UIVvbR3swfI380GVjYugelJUQYawpwOvLkGLCibZcCTeLX_wgzjsg
Protocol
H3
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
AN-X-Request-Uuid
18067fe8-6e1a-4951-819f-baf92f9f9677
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
Connection
keep-alive
X-Proxy-Origin
217.64.151.4; 217.64.151.4; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame B0EC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY8qr32AEwAQ&v=APEucNVTfFZxKaOzml0LiFmNkEedanut3vZ-YKqiIo0sfJnKqW2Bn6SglskPSvnpYEn_sVIocaImZTx9G_KKWHjFS3fzL5SmLIlTqT86DOkv8YSYTtwvEZ8-14cQ9HAPZIWpYltyLEJynkhsS5qQpOl-qPQEvkLJGFc8JSQQo6D1bYeqi4GbphTgFAueYjRzfui5GxajZlLnP2vQSa7VBBN93sBZs_5pmA
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame B0EC
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y3vB-0.nQACYvEJDl6cjMQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY8qr32AEwAQ&v=APEucNVTfFZxKaOzml0LiFmNkEedanut3vZ-YKqiIo0sfJnKqW2Bn6SglskPSvnpYEn_sVIocaImZTx9G_KKWHjFS3fzL5SmLIlTqT86DOkv8YSYTtwvEZ8-14cQ9HAPZIWpYltyLEJynkhsS5qQpOl-qPQEvkLJGFc8JSQQo6D1bYeqi4GbphTgFAueYjRzfui5GxajZlLnP2vQSa7VBBN93sBZs_5pmA
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF4e8K54BI2nwx4qIVKwphM&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame B0EC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
43 B
1015 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY8qr32AEwAQ&v=APEucNVTfFZxKaOzml0LiFmNkEedanut3vZ-YKqiIo0sfJnKqW2Bn6SglskPSvnpYEn_sVIocaImZTx9G_KKWHjFS3fzL5SmLIlTqT86DOkv8YSYTtwvEZ8-14cQ9HAPZIWpYltyLEJynkhsS5qQpOl-qPQEvkLJGFc8JSQQo6D1bYeqi4GbphTgFAueYjRzfui5GxajZlLnP2vQSa7VBBN93sBZs_5pmA
Protocol
HTTP/1.1
Server
37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
AN-X-Request-Uuid
86ac5c22-3c2f-4ba5-9160-6e7822944133
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.64.151.4; 217.64.151.4; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESECF6jHzljy2Ibl_2PdIIamY&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame B0EC
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMel4gIQyoXsyAMY8qr32AEwAQ&v=APEucNVTfFZxKaOzml0LiFmNkEedanut3vZ-YKqiIo0sfJnKqW2Bn6SglskPSvnpYEn_sVIocaImZTx9G_KKWHjFS3fzL5SmLIlTqT86DOkv8YSYTtwvEZ8-14cQ9HAPZIWpYltyLEJynkhsS5qQpOl-qPQEvkLJGFc8JSQQo6D1bYeqi4GbphTgFAueYjRzfui5GxajZlLnP2vQSa7VBBN93sBZs_5pmA
Protocol
H3
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:55 GMT
AN-X-Request-Uuid
de1d7384-2447-4841-b779-eb4c8d01b0e8
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg3NDQzMzE4MDk3NDE5Nzk1OQ%3D%3D
Connection
keep-alive
X-Proxy-Origin
217.64.151.4; 217.64.151.4; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame B86E
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 14 Nov 2022 21:12:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
594654
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Nov 2023 21:12:01 GMT
truncated
/ Frame B86E
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7dbe0a879bec1d660097c819dc5e30dcaa637fd3c004d0e6b1ec437ff1ae8381

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 47E8
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 14 Nov 2022 21:12:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
594654
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Nov 2023 21:12:01 GMT
truncated
/ Frame 47E8
219 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
578ba1031dd4dc432c071aef5522f0927fc59efed9d4778af93bc2dc21f0eef1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame E252
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 14 Nov 2022 21:12:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
594654
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Nov 2023 21:12:01 GMT
truncated
/ Frame E252
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8108bb9555e504a1f9193ea76605e8247fdee8c07b765710f266b47f1907febc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
css
fonts.googleapis.com/ Frame 886B
2 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=fallback
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/lightbox_builder.js?cb=637908759194514824
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
46b60a64c27e555d9e1d416f2a22d50a078f8a7d9b906050efac3c60403e5375
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 21 Nov 2022 18:01:37 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 21 Nov 2022 18:22:55 GMT
b1ec43e8-f365-4efa-adff-e1eb34ad1e89.css
s3.lightboxcdn.com/custom_fonts/ Frame 886B
213 B
396 B
Stylesheet
General
Full URL
https://s3.lightboxcdn.com/custom_fonts/b1ec43e8-f365-4efa-adff-e1eb34ad1e89.css?cb=637908759194514824
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/7ff8b1cd-1d19-446f-83fc-08706559ea09/lightbox_builder.js?cb=637908759194514824
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b84b27bd8f1dea53787ebe8a939fdb97b0da6acb90dd427697fe943c2c00baf5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
1Q2C2NE6Y0FHPV5T
age
1678535
cf-polished
origSize=232
x-amz-id-2
HE2vp1xXjIHCVlGmNz8zbEt4x3rvikUczbiUgg6CxioZ8la0N69DgzgTqudGfXAmsPTKr0537Bo=
cf-bgj
minify
last-modified
Thu, 23 May 2019 18:47:55 GMT
server
cloudflare
etag
W/"78319a65de69512ca765b08b08d9129b"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
76db741d2f916993-FRA
expires
Tue, 21 Nov 2023 18:22:55 GMT
t.gif
www.lightboxcdn.com/z9g/
35 B
105 B
Image
General
Full URL
https://www.lightboxcdn.com/z9g/t.gif?c=1669054975559&h=bestlifeonline.com&e=i&u=42151&b=195282&v=empty&s=empty
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 18:22:55 GMT
cf-cache-status
HIT
content-md5
KNaBTzCeoon4R8ac+RGUxg==
age
1255307
cf-polished
status=not_needed
x-ms-meta-cbmodifiedtime
Tue, 26 Feb 2019 00:59:40 GMT
content-length
35
x-ms-lease-status
unlocked
cf-bgj
imgq:85,h2pri
last-modified
Tue, 26 Feb 2019 01:15:02 GMT
server
cloudflare
etag
0x8D69B87D5A1B25F
vary
Accept-Encoding
content-type
image/gif
x-ms-request-id
af63abe9-a01e-0081-2a45-a8f796000000
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76db741d4fc56993-FRA
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j98&aip=1&a=1857212900&t=event&ni=1&_s=2&dl=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&ul=en-us&de=UTF-8&dt=TSA%20Issues%20New%20Alert%20on%20What%20Food%20You%20Can%27t%20Pack%20in%20Carry-On&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Email%20Capture&ea=Lightbox%20Display&el=BestLife-HeaderBanner-Inline%20(Desktop)&ev=389&_u=aHBAgUABAAAAAEAAI~&jid=&gjid=&cid=829776827.1669054974&tid=UA-72659260-1&_gid=759609290.1669054974&z=792660773
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 20 Nov 2022 20:42:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
78006
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
index.html
s0.2mdn.net/sadbundle/13149555382649913209/ Frame 8A20
8 KB
2 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/13149555382649913209/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
489d8698afbeee0b32a24070797ef3ffa9cdf186eea96c6199772fe514d74258
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
31717
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2210
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 09:34:18 GMT
expires
Tue, 21 Nov 2023 09:34:18 GMT
last-modified
Wed, 09 Nov 2022 11:50:17 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame B86E
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstEIDonImSiu5mdo0qAuD81lDrcHIxl0SXHx3tJnwm6S8GO5h9Y1vMti5cW-ZSd0MRLSaAcoTnWZC0hdNkaYK6ClCZbF6LfD7cO0X6dLbF_pH8xCKNEUuAa0tAMOIVBuwz89l-ls0g2Y9I1_nHUGH0gaPbhiCC0m5L2sVp7e21J2ZQUkUe_d5V1dFhdPcddr9RTom5z_R8XbKVCb00D-opmmk9gKHN-Tyz3R-0brdDa-tvhqAsD4NZOrIBSt21RKeiXrqb4CzVhGsheGmhQI4cCJEjIWssQzhYx-NP8RjOklPxnfsJjqGd0UpC4H0ttGErZSug4EzYHT2BZ5RWpMyBSnpcEqz0xjLfcN4FH_QsQ98J2p4y7k5cUlIdcVLRaFNLxoi-ftiFZGho4uiLK4nJDGjWWmjJ8d0VY7VnFawpVgrvkfUugJjUU3leQElP_653Q0_4fMhcwDzZK5tC-zkJnYS2sau5Db7TCSD1D7wmtkmddm1Gdz5QWvt_jfph7TkINhTmwRgo6HrPjse8nF4i8yyPz0drt518fCxx22NfqcnKsEwwvILQAxYWyWUh9r-pZzSl4jidIbT7jtJ7iNuENdT4rNeofmwxr_puADhKnTSwhY8sE6l0m_hRvRawPHm0oPYl48i61_T_LnwjgR5mMiVuewAkEjztSJkAbuB8vKGnRjKP0-ruo9WcQjtModzhzgCYG0wafZ3VZVrT6Mp2ItG512iJgOKTHrzBFYSZ8Mr2hjqJ2_lKmNxTeJ2tFkUd08acfqf-n7yjp3_pearglDPNnKIOHQLUA0AP4bJDGlS9AnH-Xh5rpDalxiDod4U7WEAV9jzkzKmwUnxEq56aEqYBjDYO-It3nZRTXePnGJ_0B4fuiz5ChxFNgo7zRs9-IRYeR3bMN8ZtP0v1bfB3Y9bK5L7zRIlZU_E1Mf5LK5CIgoU5wNdDpGtur3CuCuOPBiZRJSuvXxw2CMU1C__FFVAOXxyvo-ofBZxcHFib6rG2ORsgb5UwqM4-zHdQoHIWGkOYRnCxOTpd3MI2YQCz99TvBuWKsoZ7BQiaiCfrUsEEM-vfFUx-MMegkasOEXZlPLsm4wVabb6C_jOEywrolCnZh7ZANaJ3nJ2bRvGWpnvFTqnDtsQ8f3wQ6Au9kq3VhA2rDVBTPTxK3WcpsR5oqEliAcJxDROR5yVV2Narb2jNTA_QCioWoVHcSaWU8Qhc39d5rPP3KA_wmNg4WjyfxtGVtXQzA1UcDowl_Uvvb_o3gFaO_EChjwZA&sai=AMfl-YTy3K4O3IM987LQh0vxNZ43ELMQ4nElv_Wl7Ko-DLKYJdBfJA9OwoiOnvhwf_yBvR6EEN7JwdzPxk9K8WGMomuirAItxn9-NWj4amEd4jgtAzWUiVu6eqltmIpXjfprqJinz4MRBYelf3Xj5hVRv1rQZqkG50UB6zmw0fDCT6edaLkVtGSCfoFiGhUKhDB3XqmG3p1MdxB_W4dSjVRt3v-5TzCrBK1Zi5HjXyN-Szj1SNCCMBp4TcLxBEEEI3FSdyrf2khE46lnz4SPNtCEmnA3MG39zsMHS5xPlja9IPpMePjLoO8POvT951ETczsKW6eG_zdIwmALD534B1FCPq5tgQOqdabRpDJc&sig=Cg0ArKJSzMkirTj6HczIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=389&cbvp=1&cstd=386&cisv=r20221110.90009&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Mon, 21 Nov 2022 18:22:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 21 Nov 2022 18:22:55 GMT
index.html
s0.2mdn.net/sadbundle/18323139811780221838/ Frame 31B8
102 KB
25 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/18323139811780221838/index.html?e=69&leftOffset=0&topOffset=0&c=ukLlAfiS7c&t=1&renderingType=2&ev=01_247
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3bb9742051b029706b3534865cf015f63a963ec093de84618c80feb3f96cbbf2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 18:22:55 GMT
expires
Tue, 21 Nov 2023 18:22:55 GMT
last-modified
Tue, 07 Jun 2022 13:05:20 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 47E8
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssXol9IczjD-BNl_xU1WskrUCoPCabgp43yJY0T9YgLZx91RKrC8o121LFSNKbRzBzsH15lz2p3jBvz487RAZEfbW5xeGciL8P0mJAi6IsAa1PnwjEudqeL9mYnY6j2BqUKxiFhVZ5-HCRIoV1yzLNECV0y-unaninKL103MILgClVwUk13mgEFXebYE7P_wJPyITgpGbRSIFsuKE2YmSvFRJ9bB7PLVf4gvAa3Ee-NZwAnMVIKTKexoXtCxa8Xp2SSE6qSWIcwhO1e7XNXGqYlVrjHUrOZnRXvmRxa29mPcdBIS4YhA_HYI8PP-JhbktRvsU10gpg5ejrssVNQXCV86F2uZTvKWEEnRFuE8HHiKlLOoSuJD-w4Bt5Pg_UC2b1AjK6hiSxobYCdlOpsCAY7v2dQ2_uVeiv_iMXUQZzSIQ0RvzqsxSMwMd7nz_eyuYb7afrvd0WDoK1l5kvuobNFJAarH4t8P6LdRQT-8qPrL6pEDLy7Zks4z-U2waYjJ1N8ShO3BFHFREqYBR-x5wYDf4MrNJAYvVAnlEEXLOXY-HK7Vt-gYPqqzzrNU0urGp497BhqcSli0qtyl7oGFdfNbNJEMLqMBJTd58lsn8qVRqpHQ9sbmagHuzs7ePNqBgTeTnd90Jc9DTmGldPouVILBRMQW3m4j1qhxM71WebO3ukMk9XChyR2h1Nk3dVz94pXFGel8feVdFwnw-Cr4KKkDQxf4aofW6JmLvXxzwJN7hjcs3hMEAPbMcGGLT4M2A2J_spfRh9Iae7dB29wq7uJ-C96a57qJZ2Ahy3cVJD8KVtUMUGdSO3oVuoGS_zjYjV3gPXvVXDbSDh47i_VYWWHJ1IHXZe1K7NfWKVIwSC0EbAX8sroUDAVXYB6BweNX6e-4mG1N4KK64QTEQC8jKjwG08NdfTBUa04C-2Ue5OH9uIspLYtby7kfRA2ms8tpYHvd9gW_cCZbbxi_CnlFxHI793EvhVPx5yWqPA9tRZYy9Dh7IffFdryxLFGOMFDQ_A8dPwoMuBHlAVNEpGpDkEr2bC54u2aM8MoH7pIffJXS9WxT2Hiwu_Slps_eFk1f4yKWR0B6PAeeVrr8xLFFDN_rpFqZLuZktWuTQM-R5NM2W9TUPazOsph7zhBPZeVfGwWyiUSHRnMkx_XRf-6tVQRGS_LIEhl31rl1nILOogW9eW8d0dMPgJKy7LQTvsgkrtLXeMP_SCBBrDfBKpBVxUMZ8oao2GD_dM5ZDn0vnE1D2wCmM_fK6uD3-3Ba0y6v4bChNJl3aU&sai=AMfl-YTfKWJeDeyrdRHarvXR2xPOnBjo5n-6JB4r8a3Vt_h1aCWmDDWuSKmkmk3Z9M597n_lRLUeIqfL0rtnJJMa9XAMvu-Gm6ud7JrK4cPZUfI2Tp6WvUnj9SCTRh700hAMLEUACHt5TojQRibp2cfQDYjgmxm-H_euBujjFv7Ft2m-bol8cP2CxXiUD56-ThS2J7W2IjnG1hfPSzDiQHZT0Nfq80yF3LjENv4BFaUUyxz_ZbAMS86yDsi-fuBbJvpRveHoXFC5Ag4NzGDHp8es9TQjLSkCZXvcITA1QgKSmTvgFUDBH021PdwyZ-L8B6W5LCJmV2dRqzIc0nadLlY_2CKCwKJ2t-4WCrj2&sig=Cg0ArKJSzLMU47a51ynREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=395&cbvp=1&cstd=389&cisv=r20221110.59716&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Mon, 21 Nov 2022 18:22:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 21 Nov 2022 18:22:55 GMT
main.19.8.365.js
static.adsafeprotected.com/ Frame 47E8
196 KB
61 KB
Script
General
Full URL
https://static.adsafeprotected.com/main.19.8.365.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1034476/65087491/skeleton.js?ias_dspID=3&ias_campId=29059254&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=17481969010&bidurl=https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jJ7l8-1cA3URwB-jTbdUJg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
216ba835e231434cd3c2ce6e760ded2025d6e4f56cc58facbff381b0b2a87fd1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 00:49:22 GMT
x-amz-version-id
Vqi07xtV7_e2oYjjMO93A9MKtrJ0y1dj
content-encoding
gzip
via
1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
495213
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 15 Nov 2022 22:25:26 GMT
server
AmazonS3
etag
W/"e5052dd7e7b2a5bcce2aed91a616a5dd"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
aWnAC4RYr2Y-KUNSYT9_Kg0GwA4JK9_Euv3KdNZJYN0K-p0E8o76PQ==
main.19.8.365.js
static.adsafeprotected.com/ Frame E252
196 KB
61 KB
Script
General
Full URL
https://static.adsafeprotected.com/main.19.8.365.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1034476/65087490/skeleton.js?ias_dspID=3&ias_campId=29059254&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=17481969010&bidurl=https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gk93gkZv3kjNPtd08ijnpV
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
216ba835e231434cd3c2ce6e760ded2025d6e4f56cc58facbff381b0b2a87fd1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 16 Nov 2022 00:49:22 GMT
x-amz-version-id
Vqi07xtV7_e2oYjjMO93A9MKtrJ0y1dj
content-encoding
gzip
via
1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
495213
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 15 Nov 2022 22:25:26 GMT
server
AmazonS3
etag
W/"e5052dd7e7b2a5bcce2aed91a616a5dd"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
YoopDJxnyi-ZFWj-rlXY5EhKQbAtFTDD23iJcsZoD2-NUA__4Qu7Pg==
4.js
static.adsafeprotected.com/ Frame B86E
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/1222871/67063675/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1009402791&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=18669544255&bidurl=ht...
  • https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
1 KB
1 KB
Script
General
Full URL
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
2600:9000:214f:e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 22:25:13 GMT
x-amz-version-id
55qB2EZ2yW3EQpzbUYyUKT5elx0xrsN.
content-encoding
gzip
via
1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
503863
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Tue, 15 Nov 2022 22:25:11 GMT
server
AmazonS3
etag
W/"33dffa7df253125904b2f354b5bb5e8d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
Z_kw2l4TirTTSa9PjhS-5lcg_0OYY4-Vhw5DMbj97VVJpoDqCkk4OA==

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
nginx
x-server-name
app14.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame C881
91 KB
23 KB
Script
General
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
5280399
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
lvPj3zpoQSJbgrWHKGCwIiqJp76iqTxW-GBT7G6i9NiST14uCaiQLg==
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 886B
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=fallback
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bestlifeonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Thu, 17 Nov 2022 19:42:15 GMT
x-content-type-options
nosniff
age
340840
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 17 Nov 2023 19:42:15 GMT
RobotoBlack.ttf
s3.lightboxcdn.com/vendors/7ff8b1cd-1d19-446f-83fc-08706559ea09/uploads/b9f35bf9-7910-4f51-a964-4fdf73a9b21a/ Frame 886B
161 KB
162 KB
Font
General
Full URL
https://s3.lightboxcdn.com/vendors/7ff8b1cd-1d19-446f-83fc-08706559ea09/uploads/b9f35bf9-7910-4f51-a964-4fdf73a9b21a/RobotoBlack.ttf
Requested by
Host: s3.lightboxcdn.com
URL: https://s3.lightboxcdn.com/custom_fonts/b1ec43e8-f365-4efa-adff-e1eb34ad1e89.css?cb=637908759194514824
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c78ce438e9d91ea8c16341aaf2c6cf07f9c347eb1130bd922796ad4fb78fe885

Request headers

Referer
https://s3.lightboxcdn.com/custom_fonts/b1ec43e8-f365-4efa-adff-e1eb34ad1e89.css?cb=637908759194514824
Origin
https://bestlifeonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:55 GMT
cf-cache-status
HIT
x-amz-request-id
JRCC92CW8FYR6EVQ
age
1746508
content-length
164936
x-amz-id-2
SbCecKtOSqsTLATIc6VB5Qu8F5bZtOabuSe1YrNSpeHz9+olxBs1Mn+sdFoKtw5VYPLxbo9XLvs=
last-modified
Thu, 23 May 2019 18:47:02 GMT
server
cloudflare
etag
"1a00134f7baf6a4783dc1135145a361b"
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
binary/octet-stream
access-control-allow-origin
*
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
76db741e986c9279-FRA
expires
Tue, 21 Nov 2023 18:22:55 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame CD1F
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
510211
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 15 Nov 2022 20:39:24 GMT
expires
Wed, 15 Nov 2023 20:39:24 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/12067022830250736275/ Frame E887
105 KB
26 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/12067022830250736275/index.html?e=69&leftOffset=0&topOffset=0&c=lBWikGQ9Yb&t=1&renderingType=2&ev=01_247
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65c8f795775c551a46218aea6c5aeadbe7c367b8d4860c9471d48f53e7351641
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 21 Nov 2022 18:22:55 GMT
expires
Tue, 21 Nov 2023 18:22:55 GMT
last-modified
Tue, 07 Jun 2022 13:05:10 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame E252
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsscB-0f4htHpdBFc3s-iiKgricYxhbdaH1UfY3U51K627IZZm09nQBAC9Ou7qDt6bLlk53GFJo0GMTMC6N6LRMknvNMrV9fHxcZ7SmrW3rsow9s7u4jt1V1EoCUXcqUPyS67JgttxXPc_N9CQ_WxPCUceLku5cs2aFCC1hSSf0wK1kf2xKAcz-PKfhgvxj21P83O7712RKS6eM69EFvxCvZtGvtaGt0X04ClU3KI6xnUQTgFT14TnmlBbZast8cAVqxdiCJLFZByxcFspRM8ewBv-_m4FO5wzXFElvJWx67ZJ455bLlidi9aZh9Jp0qzxjTvbDgJP5e39Dr0zu9kN0Xtrj9oYY6jo2Qs9M0DR77YpPWDzsSTwbGFnXjGRctIKQRzoFe8Jv2SommiE2noeRk3uS7eiiUYw4EwZklSO_alxI0JepFLIBU7-UPQu6G6dAquc-gHSeZ5-Rt1C8T6i4rq1u5NVXsDFWUZebIpTOxGUiJTSMEE2t6S0wq1hsgLJhTk75-yeD2y5wqNdeJKHkbPTjfSqnNrhGoQSdP9LoMxV0eZbgj4mjhXULYReGgWWKRvIZg7qcVElrTdOLIbGW2yzmzpthNUtOV-0L0aawDXPIQ8Tv4Htv64daiedXsHCj6eeVqH7qeD1drmR_M5bi17M0fA95kQ0qGK2UXKYumy8SuOkJ5_BMlr3UswoIsDtpAWTQ3B70yRZbBphIzBFzOBnuyfiDl4yNMt0tzdVwz52t6D3nN3soznkXg9mlwI0sgN_qBirG2D_r0_1f1qgmy7tco_Uk-nGElSFqtp7bfXOgpYEQOvJs5PAJWfZl9FYISBFLkTqUSf-5FnNZpKRilXcFZPVQf5O6NueDL-VO09C-K7AXRQ0olrlb1MtDemVXDuQUmub4n0bCLYITeuWXEbuEB0OJNnc-83Nx0DSGyPgFb21xwapHir6m4DvcwbUsW-IH19wGS3An4BvVROJozrgznBQJi3cegiIIcejkUYu7ajhkQue52jW_tCtWWEwvgkekaq4_UH3ProtB1dbUUeEeq8dDYa13R5gk2UJ7pP3lWnOcp-yf032f7qGAwOtS8RR50kVKB_SxikgKx7_0kBrTD5eoCUbLJJspge2qPOkDc1kwRTn-79HhktTD9l_r9AcilPweNEkCi_OPUy8DYVEQxchIxK1_SF074hcRtCi9uZl3dKABJjqMpdlFDxzbMK3vjCQeTqU_EzWSu4NqxGY8_zzncf7wGExZVVx-nwU4I8IBWByWgkyYFqBUS0tLtA9k&sai=AMfl-YQpAmEFT8XxRWyYaXk1rLvqWjpsgmnwo9-JU9Z4W5XT0iFFL3cqTPiNs8cHChB7utI_aULBFBl0a4666fLqdXXTonhhANypfHygdtdhp3nqWk_5X7sm2xEccYqyHjXAUQxlwP3AcIgvSuAMHfV3Q3dXs3czejX8hPvm3cZjArFK6kkwF0t1EVETUVCGy0kfmQm2FJibaDlrWOhHovdapzVG_cHzjLPXlT9M1EsW2W5jUUZv_9cxQZjyYC5MbRr9aNldGPBdyyOGUaVg7UuR7IBYvEEkcEN8ueYb2X6t7CHohpkQF9ohjOM_iLbmHWZLKT_VEZMM7Miwt9rmVRJZ_xaqo32q0LoJMe3P&sig=Cg0ArKJSzOspZbAP7I_SEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=441&cbvp=1&cstd=437&cisv=r20221110.05561&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Mon, 21 Nov 2022 18:22:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 21 Nov 2022 18:22:55 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame C768
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
510211
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 15 Nov 2022 20:39:24 GMT
expires
Wed, 15 Nov 2023 20:39:24 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 2F8E
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
510211
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 15 Nov 2022 20:39:24 GMT
expires
Wed, 15 Nov 2023 20:39:24 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
dt
dt.adsafeprotected.com/ Frame B86E
43 B
216 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1222871&asId=61d210bb-e56d-8920-51bd-0deccdd1906e&tv=%7Bc:uCXXu4,pingTime:-3,time:78,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:78,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B72~0%5D,as:%5B72~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeW+11%7C12%7C13%7C14%7C15%7C16*.1222871-67063675%7C161%7C162%7C171%7C181%7C182%7C191%7C1a%7C1b,idMap:16*,rmeas:1,rend:0,renddet:DIV,siq:21%7D&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt44.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame B86E
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1222871&asId=61d210bb-e56d-8920-51bd-0deccdd1906e&tv=%7Bc:uCXXu6,pingTime:-6,time:80,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:80,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B74~0%5D,as:%5B74~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeW+11%7C12%7C13%7C14%7C15%7C16*.1222871-67063675%7C161%7C162%7C171%7C181%7C182%7C191%7C1a%7C1b,idMap:16*,rmeas:1,rend:0,renddet:DIV,siq:21%7D&tpiLookup=ao:bestlifeonline.com*&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt45.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
createjs_2019.11.15_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 8A20
236 KB
63 KB
Script
General
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13149555382649913209/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/13149555382649913209/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64275
x-xss-protection
0
last-modified
Fri, 15 Nov 2019 19:16:20 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 21 Nov 2022 18:22:55 GMT
index.js
s0.2mdn.net/sadbundle/13149555382649913209/ Frame 8A20
88 KB
15 KB
Script
General
Full URL
https://s0.2mdn.net/sadbundle/13149555382649913209/index.js?1667990757950
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13149555382649913209/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6a7f7d24c229ed28ab11cf16440f428d1d7a7f24b6acc0ed23bac7644cf103e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/13149555382649913209/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 09:34:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31717
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15471
x-xss-protection
0
last-modified
Wed, 09 Nov 2022 11:50:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 21 Nov 2023 09:34:18 GMT
Enabler_01_247.js
s0.2mdn.net/879366/ Frame 31B8
118 KB
40 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18323139811780221838/index.html?e=69&leftOffset=0&topOffset=0&c=ukLlAfiS7c&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/18323139811780221838/index.html?e=69&leftOffset=0&topOffset=0&c=ukLlAfiS7c&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 06:28:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
42840
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 06:28:55 GMT
dt
dt.adsafeprotected.com/ Frame B86E
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1222871&asId=61d210bb-e56d-8920-51bd-0deccdd1906e&tv=%7Bc:uCXXv4,pingTime:-2,time:140,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:646,beZ:647,mfA:649,cmA:650,inA:651,inZ:655,prA:655,prZ:661,si:667,poA:668,poZ:690,cmZ:690,mfZ:690,loA:726,loZ:730,ltA:786,ltZ:786%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:true,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:140,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B134~0%5D,as:%5B134~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeW+11%7C12%7C13%7C14%7C15%7C16*.1222871-67063675%7C161%7C162%7C171%7C181%7C182%7C191%7C1a%7C1b,idMap:16*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV,siq:21,sinceFw:118,readyFired:true%7D&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt46.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
Enabler_01_247.js
s0.2mdn.net/879366/ Frame E887
118 KB
40 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12067022830250736275/index.html?e=69&leftOffset=0&topOffset=0&c=lBWikGQ9Yb&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12067022830250736275/index.html?e=69&leftOffset=0&topOffset=0&c=lBWikGQ9Yb&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 06:28:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
42840
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 06:28:55 GMT
M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
pagead2.googlesyndication.com/bg/ Frame CD1F
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33724c87393fdef4c5f24d22efb12c7f11884c4990ffd634e31e4f4c4baa42f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 17:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2279
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15861
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 21 Nov 2023 17:44:56 GMT
skeleton.js
static.adsafeprotected.com/ Frame 47E8
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/1034476/65087491/skeleton.js?ias_dspID=3&ias_campId=29059254&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=17481969010&bidurl=https://bestlifeonl...
  • https://static.adsafeprotected.com/skeleton.js
17 B
466 B
Script
General
Full URL
https://static.adsafeprotected.com/skeleton.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
2600:9000:214f:e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Fri, 01 Jul 2022 02:01:00 GMT
x-amz-version-id
nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via
1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
12414117
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
17
last-modified
Mon, 17 Aug 2020 23:54:35 GMT
server
AmazonS3
etag
"53fab767ecbd3bf07990b10246befbd4"
content-type
application/javascript
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
SnfnSA5BvwfXQo5jBj80RGnX_rfbTcEMVbkTyEfU-hSlZpZzpCjNxg==

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
nginx
x-server-name
app12.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/skeleton.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame 3D5E
91 KB
23 KB
Script
General
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
5280399
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
3ESE9imEo2u4oLFjxsMcSn7OGvMhcA6_quW415oNJgfzOQiVTQiRAg==
skeleton.js
static.adsafeprotected.com/ Frame E252
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/1034476/65087490/skeleton.js?ias_dspID=3&ias_campId=29059254&ias_pubId=pub-0978064532142215&ias_chanId=1&ias_placementId=17481969010&bidurl=https://bestlifeonl...
  • https://static.adsafeprotected.com/skeleton.js
17 B
465 B
Script
General
Full URL
https://static.adsafeprotected.com/skeleton.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
2600:9000:214f:e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Fri, 01 Jul 2022 02:01:00 GMT
x-amz-version-id
nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via
1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
12414117
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
17
last-modified
Mon, 17 Aug 2020 23:54:35 GMT
server
AmazonS3
etag
"53fab767ecbd3bf07990b10246befbd4"
content-type
application/javascript
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
-YamdUX1HluCQpIo_eam7Qda6pbtSjQF8Pjx3Zt-T2pp_rFvvFlZKQ==

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:55 GMT
server
nginx
x-server-name
app11.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/skeleton.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame D9C4
91 KB
23 KB
Script
General
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
5280399
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
MY-3qIM5gB9fTK194CweP57ElaZkkLiHb7c0b4lXb33SZDga0lgihA==
generate_204
tpc.googlesyndication.com/ Frame E9AD
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?a3kltw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:55 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
pagead2.googlesyndication.com/bg/ Frame C768
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33724c87393fdef4c5f24d22efb12c7f11884c4990ffd634e31e4f4c4baa42f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 17:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2279
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15861
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 21 Nov 2023 17:44:56 GMT
M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
pagead2.googlesyndication.com/bg/ Frame 2F8E
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33724c87393fdef4c5f24d22efb12c7f11884c4990ffd634e31e4f4c4baa42f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 17:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2279
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15861
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 21 Nov 2023 17:44:56 GMT
LandRoverWeb-Bold.woff
s0.2mdn.net/creatives/assets/4524566/ Frame 31B8
19 KB
19 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4524566/LandRoverWeb-Bold.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18323139811780221838/index.html?e=69&leftOffset=0&topOffset=0&c=ukLlAfiS7c&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5459851818636571b7286afd1a08ccd3991e479808e70ee8dc7b2ffca2201e63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/18323139811780221838/index.html?e=69&leftOffset=0&topOffset=0&c=ukLlAfiS7c&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:21:43 GMT
x-content-type-options
nosniff
age
72
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18968
x-xss-protection
0
last-modified
Thu, 05 May 2022 09:00:43 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 21 Nov 2022 18:36:43 GMT
dt
dt.adsafeprotected.com/ Frame 47E8
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=b6e31f26-9de6-e105-be76-0087648f73fe&tv=%7Bc:uCXXxU,pingTime:-3,time:320,type:v,im:%7BpBlk:285%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:263%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:320,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:263,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B71~0%5D,as:%5B71~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C171%7C172%7C173%7C18*.1034476-65087491%7C181%7C182%7C183%7C191%7C1a%7C1b,idMap:18*,rmeas:1,rend:0,renddet:na,siq:264%7D&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt47.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 47E8
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=b6e31f26-9de6-e105-be76-0087648f73fe&tv=%7Bc:uCXXxV,pingTime:-6,time:321,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:321,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:263,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B72~0%5D,as:%5B72~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C171%7C172%7C173%7C18*.1034476-65087491%7C181%7C182%7C183%7C191%7C1a%7C1b,idMap:18*,rmeas:1,rend:0,renddet:na,siq:264%7D&tpiLookup=ao:bestlifeonline.com*&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt48.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame E252
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=afe71c7f-09b4-c128-0170-10aec56ec3e7&tv=%7Bc:uCXXy1,pingTime:-3,time:325,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:600,t:291%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:325,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:291,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C17*.1034476-65087490%7C171%7C172%7C173%7C18.1034476-65087491%7C181%7C182%7C183%7C184%7C191%7C1a%7C1b,idMap:17*,rmeas:1,rend:0,renddet:na,siq:291%7D&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt49.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame E252
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=afe71c7f-09b4-c128-0170-10aec56ec3e7&tv=%7Bc:uCXXy2,pingTime:-6,time:326,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:326,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:291,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B40~0%5D,as:%5B40~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C17*.1034476-65087490%7C171%7C172%7C173%7C18.1034476-65087491%7C181%7C182%7C183%7C184%7C191%7C1a%7C1b,idMap:17*,rmeas:1,rend:0,renddet:na,siq:291%7D&tpiLookup=ao:bestlifeonline.com*&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt50.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
Bg_728x90.jpg
s0.2mdn.net/sadbundle/13149555382649913209/images/ Frame 8A20
54 KB
54 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/13149555382649913209/images/Bg_728x90.jpg?1667990757941
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1564c3ffc2fa56bbabfe98a64fee10c969d34636391957a2b3055bb04db97db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/13149555382649913209/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 09:34:18 GMT
x-content-type-options
nosniff
age
31718
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54897
x-xss-protection
0
last-modified
Wed, 09 Nov 2022 11:50:17 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 21 Nov 2023 09:34:18 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame B86E
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstEIDonImSiu5mdo0qAuD81lDrcHIxl0SXHx3tJnwm6S8GO5h9Y1vMti5cW-ZSd0MRLSaAcoTnWZC0hdNkaYK6ClCZbF6LfD7cO0X6dLbF_pH8xCKNEUuAa0tAMOIVBuwz89l-ls0g2Y9I1_nHUGH0gaPbhiCC0m5L2sVp7e21J2ZQUkUe_d5V1dFhdPcddr9RTom5z_R8XbKVCb00D-opmmk9gKHN-Tyz3R-0brdDa-tvhqAsD4NZOrIBSt21RKeiXrqb4CzVhGsheGmhQI4cCJEjIWssQzhYx-NP8RjOklPxnfsJjqGd0UpC4H0ttGErZSug4EzYHT2BZ5RWpMyBSnpcEqz0xjLfcN4FH_QsQ98J2p4y7k5cUlIdcVLRaFNLxoi-ftiFZGho4uiLK4nJDGjWWmjJ8d0VY7VnFawpVgrvkfUugJjUU3leQElP_653Q0_4fMhcwDzZK5tC-zkJnYS2sau5Db7TCSD1D7wmtkmddm1Gdz5QWvt_jfph7TkINhTmwRgo6HrPjse8nF4i8yyPz0drt518fCxx22NfqcnKsEwwvILQAxYWyWUh9r-pZzSl4jidIbT7jtJ7iNuENdT4rNeofmwxr_puADhKnTSwhY8sE6l0m_hRvRawPHm0oPYl48i61_T_LnwjgR5mMiVuewAkEjztSJkAbuB8vKGnRjKP0-ruo9WcQjtModzhzgCYG0wafZ3VZVrT6Mp2ItG512iJgOKTHrzBFYSZ8Mr2hjqJ2_lKmNxTeJ2tFkUd08acfqf-n7yjp3_pearglDPNnKIOHQLUA0AP4bJDGlS9AnH-Xh5rpDalxiDod4U7WEAV9jzkzKmwUnxEq56aEqYBjDYO-It3nZRTXePnGJ_0B4fuiz5ChxFNgo7zRs9-IRYeR3bMN8ZtP0v1bfB3Y9bK5L7zRIlZU_E1Mf5LK5CIgoU5wNdDpGtur3CuCuOPBiZRJSuvXxw2CMU1C__FFVAOXxyvo-ofBZxcHFib6rG2ORsgb5UwqM4-zHdQoHIWGkOYRnCxOTpd3MI2YQCz99TvBuWKsoZ7BQiaiCfrUsEEM-vfFUx-MMegkasOEXZlPLsm4wVabb6C_jOEywrolCnZh7ZANaJ3nJ2bRvGWpnvFTqnDtsQ8f3wQ6Au9kq3VhA2rDVBTPTxK3WcpsR5oqEliAcJxDROR5yVV2Narb2jNTA_QCioWoVHcSaWU8Qhc39d5rPP3KA_wmNg4WjyfxtGVtXQzA1UcDowl_Uvvb_o3gFaO_EChjwZA&sai=AMfl-YTy3K4O3IM987LQh0vxNZ43ELMQ4nElv_Wl7Ko-DLKYJdBfJA9OwoiOnvhwf_yBvR6EEN7JwdzPxk9K8WGMomuirAItxn9-NWj4amEd4jgtAzWUiVu6eqltmIpXjfprqJinz4MRBYelf3Xj5hVRv1rQZqkG50UB6zmw0fDCT6edaLkVtGSCfoFiGhUKhDB3XqmG3p1MdxB_W4dSjVRt3v-5TzCrBK1Zi5HjXyN-Szj1SNCCMBp4TcLxBEEEI3FSdyrf2khE46lnz4SPNtCEmnA3MG39zsMHS5xPlja9IPpMePjLoO8POvT951ETczsKW6eG_zdIwmALD534B1FCPq5tgQOqdabRpDJc&sig=Cg0ArKJSzMkirTj6HczIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=741&vt=11&dtpt=352&dett=3&cstd=386&cisv=r20221110.90009&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 21 Nov 2022 18:22:56 GMT
dt
dt.adsafeprotected.com/ Frame 47E8
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=b6e31f26-9de6-e105-be76-0087648f73fe&tv=%7Bc:uCXXyx,pingTime:-2,time:359,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:635,beZ:636,mfA:881,cmA:883,inA:883,inZ:887,prA:887,prZ:894,si:899,poA:900,bl:921,poZ:921,cmZ:921,mfZ:921,loA:956,loZ:959,ltA:994,ltZ:994,mdA:636,mdZ:757%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:true,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:263%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:359,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:263,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B110~0%5D,as:%5B110~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C16.1222871-67063675%7C161%7C162%7C163%7C164%7C17.1034476-65087490%7C171%7C172%7C173%7C18*.1034476-65087491%7C181%7C182%7C183%7C191%7C1a%7C1b,idMap:18*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:na,siq:264,sinceFw:94,readyFired:true%7D&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt17.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame E252
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=afe71c7f-09b4-c128-0170-10aec56ec3e7&tv=%7Bc:uCXXyA,pingTime:-2,time:360,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:640,beZ:641,mfA:925,cmA:925,inA:925,inZ:927,prA:927,prZ:930,si:932,poA:932,poZ:940,cmZ:940,mfZ:940,loA:966,loZ:968,ltA:1000,ltZ:1000,mdA:642,mdZ:763%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.600,dom:div%7D%7D,env:%7Bgca:false,cca:true,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:600,t:291%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:360,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:291,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B74~0%5D,as:%5B74~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C16.1222871-67063675%7C161%7C162%7C163%7C164%7C17*.1034476-65087490%7C171%7C172%7C173%7C18.1034476-65087491%7C181%7C182%7C183%7C184%7C191%7C1a%7C1b,idMap:17*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:na,siq:291,sinceFw:68,readyFired:true%7D&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt39.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
view
googleads4.g.doubleclick.net/pcs/ Frame 47E8
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssXol9IczjD-BNl_xU1WskrUCoPCabgp43yJY0T9YgLZx91RKrC8o121LFSNKbRzBzsH15lz2p3jBvz487RAZEfbW5xeGciL8P0mJAi6IsAa1PnwjEudqeL9mYnY6j2BqUKxiFhVZ5-HCRIoV1yzLNECV0y-unaninKL103MILgClVwUk13mgEFXebYE7P_wJPyITgpGbRSIFsuKE2YmSvFRJ9bB7PLVf4gvAa3Ee-NZwAnMVIKTKexoXtCxa8Xp2SSE6qSWIcwhO1e7XNXGqYlVrjHUrOZnRXvmRxa29mPcdBIS4YhA_HYI8PP-JhbktRvsU10gpg5ejrssVNQXCV86F2uZTvKWEEnRFuE8HHiKlLOoSuJD-w4Bt5Pg_UC2b1AjK6hiSxobYCdlOpsCAY7v2dQ2_uVeiv_iMXUQZzSIQ0RvzqsxSMwMd7nz_eyuYb7afrvd0WDoK1l5kvuobNFJAarH4t8P6LdRQT-8qPrL6pEDLy7Zks4z-U2waYjJ1N8ShO3BFHFREqYBR-x5wYDf4MrNJAYvVAnlEEXLOXY-HK7Vt-gYPqqzzrNU0urGp497BhqcSli0qtyl7oGFdfNbNJEMLqMBJTd58lsn8qVRqpHQ9sbmagHuzs7ePNqBgTeTnd90Jc9DTmGldPouVILBRMQW3m4j1qhxM71WebO3ukMk9XChyR2h1Nk3dVz94pXFGel8feVdFwnw-Cr4KKkDQxf4aofW6JmLvXxzwJN7hjcs3hMEAPbMcGGLT4M2A2J_spfRh9Iae7dB29wq7uJ-C96a57qJZ2Ahy3cVJD8KVtUMUGdSO3oVuoGS_zjYjV3gPXvVXDbSDh47i_VYWWHJ1IHXZe1K7NfWKVIwSC0EbAX8sroUDAVXYB6BweNX6e-4mG1N4KK64QTEQC8jKjwG08NdfTBUa04C-2Ue5OH9uIspLYtby7kfRA2ms8tpYHvd9gW_cCZbbxi_CnlFxHI793EvhVPx5yWqPA9tRZYy9Dh7IffFdryxLFGOMFDQ_A8dPwoMuBHlAVNEpGpDkEr2bC54u2aM8MoH7pIffJXS9WxT2Hiwu_Slps_eFk1f4yKWR0B6PAeeVrr8xLFFDN_rpFqZLuZktWuTQM-R5NM2W9TUPazOsph7zhBPZeVfGwWyiUSHRnMkx_XRf-6tVQRGS_LIEhl31rl1nILOogW9eW8d0dMPgJKy7LQTvsgkrtLXeMP_SCBBrDfBKpBVxUMZ8oao2GD_dM5ZDn0vnE1D2wCmM_fK6uD3-3Ba0y6v4bChNJl3aU&sai=AMfl-YTfKWJeDeyrdRHarvXR2xPOnBjo5n-6JB4r8a3Vt_h1aCWmDDWuSKmkmk3Z9M597n_lRLUeIqfL0rtnJJMa9XAMvu-Gm6ud7JrK4cPZUfI2Tp6WvUnj9SCTRh700hAMLEUACHt5TojQRibp2cfQDYjgmxm-H_euBujjFv7Ft2m-bol8cP2CxXiUD56-ThS2J7W2IjnG1hfPSzDiQHZT0Nfq80yF3LjENv4BFaUUyxz_ZbAMS86yDsi-fuBbJvpRveHoXFC5Ag4NzGDHp8es9TQjLSkCZXvcITA1QgKSmTvgFUDBH021PdwyZ-L8B6W5LCJmV2dRqzIc0nadLlY_2CKCwKJ2t-4WCrj2&sig=Cg0ArKJSzLMU47a51ynREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=773&vt=11&dtpt=378&dett=3&cstd=389&cisv=r20221110.59716&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 21 Nov 2022 18:22:56 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 31B8
8 KB
6 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6719ba1323b1cf5a720615d678bd678eb2a632dfa1d7759c86cba066ce9311ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5818
x-xss-protection
0
LR_Logo_White.png
s0.2mdn.net/sadbundle/13149555382649913209/images/ Frame 8A20
6 KB
6 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/13149555382649913209/images/LR_Logo_White.png?1667990757941
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
197ea80ac6442303a4cfc49b3ca046030c7b31dbf23664c86ebba2dac83fe3a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/13149555382649913209/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 09:34:18 GMT
x-content-type-options
nosniff
age
31718
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6280
x-xss-protection
0
last-modified
Wed, 09 Nov 2022 11:50:17 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 21 Nov 2023 09:34:18 GMT
LandRoverWeb-Bold.woff
s0.2mdn.net/creatives/assets/4524566/ Frame E887
19 KB
19 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4524566/LandRoverWeb-Bold.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12067022830250736275/index.html?e=69&leftOffset=0&topOffset=0&c=lBWikGQ9Yb&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5459851818636571b7286afd1a08ccd3991e479808e70ee8dc7b2ffca2201e63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/12067022830250736275/index.html?e=69&leftOffset=0&topOffset=0&c=lBWikGQ9Yb&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:21:43 GMT
x-content-type-options
nosniff
age
73
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18968
x-xss-protection
0
last-modified
Thu, 05 May 2022 09:00:43 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 21 Nov 2022 18:36:43 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame E252
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsscB-0f4htHpdBFc3s-iiKgricYxhbdaH1UfY3U51K627IZZm09nQBAC9Ou7qDt6bLlk53GFJo0GMTMC6N6LRMknvNMrV9fHxcZ7SmrW3rsow9s7u4jt1V1EoCUXcqUPyS67JgttxXPc_N9CQ_WxPCUceLku5cs2aFCC1hSSf0wK1kf2xKAcz-PKfhgvxj21P83O7712RKS6eM69EFvxCvZtGvtaGt0X04ClU3KI6xnUQTgFT14TnmlBbZast8cAVqxdiCJLFZByxcFspRM8ewBv-_m4FO5wzXFElvJWx67ZJ455bLlidi9aZh9Jp0qzxjTvbDgJP5e39Dr0zu9kN0Xtrj9oYY6jo2Qs9M0DR77YpPWDzsSTwbGFnXjGRctIKQRzoFe8Jv2SommiE2noeRk3uS7eiiUYw4EwZklSO_alxI0JepFLIBU7-UPQu6G6dAquc-gHSeZ5-Rt1C8T6i4rq1u5NVXsDFWUZebIpTOxGUiJTSMEE2t6S0wq1hsgLJhTk75-yeD2y5wqNdeJKHkbPTjfSqnNrhGoQSdP9LoMxV0eZbgj4mjhXULYReGgWWKRvIZg7qcVElrTdOLIbGW2yzmzpthNUtOV-0L0aawDXPIQ8Tv4Htv64daiedXsHCj6eeVqH7qeD1drmR_M5bi17M0fA95kQ0qGK2UXKYumy8SuOkJ5_BMlr3UswoIsDtpAWTQ3B70yRZbBphIzBFzOBnuyfiDl4yNMt0tzdVwz52t6D3nN3soznkXg9mlwI0sgN_qBirG2D_r0_1f1qgmy7tco_Uk-nGElSFqtp7bfXOgpYEQOvJs5PAJWfZl9FYISBFLkTqUSf-5FnNZpKRilXcFZPVQf5O6NueDL-VO09C-K7AXRQ0olrlb1MtDemVXDuQUmub4n0bCLYITeuWXEbuEB0OJNnc-83Nx0DSGyPgFb21xwapHir6m4DvcwbUsW-IH19wGS3An4BvVROJozrgznBQJi3cegiIIcejkUYu7ajhkQue52jW_tCtWWEwvgkekaq4_UH3ProtB1dbUUeEeq8dDYa13R5gk2UJ7pP3lWnOcp-yf032f7qGAwOtS8RR50kVKB_SxikgKx7_0kBrTD5eoCUbLJJspge2qPOkDc1kwRTn-79HhktTD9l_r9AcilPweNEkCi_OPUy8DYVEQxchIxK1_SF074hcRtCi9uZl3dKABJjqMpdlFDxzbMK3vjCQeTqU_EzWSu4NqxGY8_zzncf7wGExZVVx-nwU4I8IBWByWgkyYFqBUS0tLtA9k&sai=AMfl-YQpAmEFT8XxRWyYaXk1rLvqWjpsgmnwo9-JU9Z4W5XT0iFFL3cqTPiNs8cHChB7utI_aULBFBl0a4666fLqdXXTonhhANypfHygdtdhp3nqWk_5X7sm2xEccYqyHjXAUQxlwP3AcIgvSuAMHfV3Q3dXs3czejX8hPvm3cZjArFK6kkwF0t1EVETUVCGy0kfmQm2FJibaDlrWOhHovdapzVG_cHzjLPXlT9M1EsW2W5jUUZv_9cxQZjyYC5MbRr9aNldGPBdyyOGUaVg7UuR7IBYvEEkcEN8ueYb2X6t7CHohpkQF9ohjOM_iLbmHWZLKT_VEZMM7Miwt9rmVRJZ_xaqo32q0LoJMe3P&sig=Cg0ArKJSzOspZbAP7I_SEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=885&vt=11&dtpt=444&dett=3&cstd=437&cisv=r20221110.05561&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: bestlifeonline.com
URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:56 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 21 Nov 2022 18:22:56 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 31B8
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 21 Nov 2022 18:22:56 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame E887
7 KB
6 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d139a7690d6cee6d8d13fe5fc531eb3c6d2f2a35bd081329aa9fec07e2ce4103
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:56 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5776
x-xss-protection
0
dt
dt.adsafeprotected.com/ Frame B86E
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1222871&asId=61d210bb-e56d-8920-51bd-0deccdd1906e&tv=%7Bc:uCXXCp,pingTime:-10,time:595,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA3LjAuNTMwNC4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1669054976257%7C%7C6c9c247c088fc22c7cea26299fe1cefe%7C%7Cf8b8963e850cee297829880103706300%7C%7Cd2d74aa3b52d36ee5476525167c55756%7C%7Ce14d19988548d1b3598fd1a77981f439%7C%7Cd0d32e7bac922b049b0d49007bbcf9ce%7C%7Cf8a5057bdf48b68840029051ad355e6d%7C%7C0932ed63fde70e334f663c9d6bfa8721%7C%7C1663701684,env:%7Bccd:%7Bversion:1,uspString:1---%7D%7D%7D
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt40.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
sodar2.js
tpc.googlesyndication.com/sodar/ Frame E887
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 21 Nov 2022 18:22:56 GMT
M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
pagead2.googlesyndication.com/bg/ Frame 97B8
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33724c87393fdef4c5f24d22efb12c7f11884c4990ffd634e31e4f4c4baa42f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 17:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2280
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15861
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 21 Nov 2023 17:44:56 GMT
dt
dt.adsafeprotected.com/ Frame 47E8
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=b6e31f26-9de6-e105-be76-0087648f73fe&tv=%7Bc:uCXXE0,time:698,type:e,im:%7Bpci:%7Btdr:117%7D,pWait:41%7D,env:%7Bccd:%7Bversion:1,uspString:1---%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:698,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:263,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B449~0%5D,as:%5B449~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C16.1222871-67063675%7C161%7C162%7C163%7C164%7C17.1034476-65087490%7C171%7C172%7C173%7C18*.1034476-65087491%7C181%7C182%7C183%7C191%7C1a%7C1b,idMap:18*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:264,sis:510%7D&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt43.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame E252
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=afe71c7f-09b4-c128-0170-10aec56ec3e7&tv=%7Bc:uCXXEg,time:712,type:e,im:%7Bpci:%7Btdr:221%7D%7D,env:%7Bccd:%7Bversion:1,uspString:1---%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:713,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:291,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B427~0%5D,as:%5B427~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C16.1222871-67063675%7C161%7C162%7C163%7C164%7C17*.1034476-65087490%7C171%7C172%7C173%7C18.1034476-65087491%7C181%7C182%7C183%7C184%7C191%7C1a%7C1b,idMap:17*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:291,sis:529%7D&br=c
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt47.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
pagead2.googlesyndication.com/bg/ Frame A1C8
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33724c87393fdef4c5f24d22efb12c7f11884c4990ffd634e31e4f4c4baa42f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 17:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2280
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15861
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 21 Nov 2023 17:44:56 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C768
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BiOev_8F7Y8DkCbu7x_APwbWJUAAAAAA4AeAEAg&bg=!xMelx4PNAAbvMpMzzzI7ACkAdvg8WiPRng-AKoq9bddjfenFRrrp3ljnyPp1_7B79h7FY6SjWYX_pgIAAAE6UgAAAANoAQeZAurtoqspGSPhTHV-RNMs1fDY6mZJ2kQCye82Rkt4Jb09wnhdTDhsZ6HnmuVMgPENm6JTYSqVYcAbzaFpMzfHFPa6LWp2SpthjtHRwLGmX1f90DO9JpZiaSMljAQ2WIZt0K-PFl1q-8aHtYAtjkdajrUBMHjB6uPGq12yqy68svrfw2RP12Fy4Q_tuN8hbZYklleSOPnFkJpV2J_pj-Dh0aCyz0HmaWh3YwtTvAkkZT_pgzX0anmE61_rWwktjIQiwPN-4yihUJNXGAmMdmGiS2G4P5virVXOKtbfZtk6MadzM_pTY0Al1BBm_ANRkoJ_z6hp3zhvFxbIuJccEP8zUy5NVC0XYQ2mUtjqsgZDa6y0wWLywKBEjP6Ck2GIN5s_kTQpwRtADf9Ev7PK4Hpbas_FEeAaABOjfGpwfXiamsH5WRelUu40-cMhxJqyeKy11pUDdLmJdChSRYTnzVIFy4dHlZFsI21XKfmi2fz78qQ99VJnLI6-bXr-_Gak1bYtXEdEtVanyGk3e5L13SWbHlKNtV4hKQGZHc4fns17_rLx3yvlAb31DKgG5QLaYBmhNG3BqgPlLkklXs8KE8V1p25OOWD29NFp0TftrvwKMTpmX1OS0cyRN-3c3b-xIPEDHSJerRWMGcVwjx_WNuSFAjI14yL70FCa5zTuUS7hawJVcQDEco5htch5m77kB31QQ2o9BozmL8ZHYrQu6DezNHHlLMu2Y7UdRwAGXb1esKnZofR3su4roOK39q90sx-P-t66rR9wmFUmjx3Ra648DzRnHzqs_Z6J8GH0ZxjnKAGnSZ7tbaRVVFxW6_3X4xSo9tniWLxEpjR7cjFjvAFXFdJSpgmEyH68DiMbqz86Ww-12qpOB1LlAHm1hp9NT157QEThsjpnOhrEKJDgqENVz6zvQktnB3tP4cLrfiSaOpHqSslJx4cg9NTNX-jJJdXSkDiGrWl2w_hawfYAwML1fMYuS96ZoZzODqTwAg
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F8E
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B0Zwq_8F7Y5CRDOWxx_APq_iigAoAAAAAOAHgBAI&bg=!_v2l_bnNAAbvMpMzzzI7ACkAdvg8WqnVAHLWgGLPtBG59VZBBNEopWwWNnc6eXwj8dRz_hpf48kp9AIAAAFDUgAAAANoAQeZAuXR7Ay5CyC7LYnUCNeHCmKMxqJjZQXzJELi15LLevQKga0UHpU8ApUtcA7bfUE0z_jPA_SoKte8a__CBTTk4CDi9iaIuyDOUgPvvhLznVIrsWvf-l2u4JOwQr7j7F-Z6MNSNJ1JgjRt2h_-hNEuDvhzr38bz7xc_pmVlTNjsqLeX3MM7G_KcMbNqw8jlZ4W5jqLvpS_BjK_mN7yOOqjWJt6PTUFChykBHAnUj9ML2Rbn7qGB2kxTVdSgwQNY9o1QI59XcQ8P3w4q0v0oVNk1Tn2rd9JvByvG29zUcdfM8Cy4Oa7-x9JctggSjaXQPl1HZO-CBNO6MSZvp47OXmRDksDyxXZ-ragBgZwijnNWszS_ZYouS71b07knY6dWqi5e1VaZlDzz1n3TY8_Q55sJTXstlK2QEpeybaXM-hHOZO1hc5O1r7n_auDgw8-jmuAKIrm06Aqopke2AfP5yEMrZ4rA5-8tpp0ClprqWFjcN9DHAlO8pZgzlbES2CRu9ZW7QNTSPVi69XB8OnRtMpvLDejB4XiWxSXkFvGxVWPRwd05W9-p1g0ETR4PPiwZOdhX52x3Kur-4lCIKdsf3n6BsHwn7e2K94kwBE0QOK7dOb8SR3szqp2EUsRWYGCfwcJtrUGxl8FzAGVYKU0PEFme2lqNYXqMM-npEQWCJXZFE8hT_STITDilRgns_lbjr_D9XDZhncD4IeLkbZbOaMgN7FFheKLGiic7youGDaKu7itxu8Ay3waMfX4lALuP1XDRZ0eIenYmymPQEP0NxFGxwiLgP65-OTGeKoRVchJ_9AQ1nUqN3zGLfntvUyL8W1CRDI6iLUjwdxn2CuOvQzKUsO5k0LGUft3rk-364Hzkydp8jhxSebP4-8SkHr5Qy9ipGjgk5gU0YN_7FB52rNRQ60JnHwW0JtbvHjXfYxF6C9wSSgrQxapsy704yuv0_WG23S9zzrZripWCnNrYJmRDW1u9gTXBto
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame CD1F
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BdPg8_8F7Y5eSC7O7x_APv5yGWAAAAAA4AeAEAg&bg=!FhWlFVHNAAbvMpMzzzI7ACkAdvg8WpoJw-JB-4pV03sZ01UZa6Qbe7PvsDUlhXMnKB7TrtB5iU2hmgIAAAFkUgAAAANoAQeZAvvF8YOb6SNoXuXwy6UWWsJVx5sE2Nu_zl1eIeNvNllqb5G7bS0ibLEPe4NoVqkFcDZyafgqMxCndjD3oiXcB2-iDGsObEr0O5CTr4IVSrpobuiGRO-k5iRbX7MkIAdcG4k_g3tjPGQVKtv6yLBn0-RuPZne3c6DfgSMfaY7PQzgrfWiJJI4KPbxPOSMnW_dacuHDgL4uTmOgyGhtmH0P6kLkQTOBJ7R34-hlQXUtsNv36bMSeU0CTqOKnyyHWRe9zgrIxqRcAnskj8tqEHgzOgYHQCE1wx-t99Wafsu4cJUyeX1oDCcKVgZpJ3zZWxbaKeh8ETD3CuZCDQB0PBqnEOmEZVKCQkbXGs12kumaS6O5ScB7exu92m878o7t-zSsfVoXRRUvHs6IeWj91Lab9imjzKc455-EyoVJ95317jvWp50uwVXWvcd6BxsMZryEjpQhDqgcydabhiv1iuvo8m_TKcbt3RFll0H5dMx0g1CA3g4gP0-qE9WZta2ZlTsUC4EbvUgfzF9-8hlopGviFc5EkwnfIFl6prgVTK-SxbqmtBet4siJDUjv8MjQvF7rS8Ne4o7M43VCNBBrF6mqa27oxwipVK59H_SZ6W3ibxfkUnHJBU9D7R-eoaazmozz2xyFHi6phWwfZBCbF03O8IIrU69aIkQVrVqWeqBuCL4qffi7S5hQGeG_cinEJx5aFJboALyphbws9kwgdLppM1VnTJJhUjMit13TfacquIW44zTLPjoFWpmIgknLmdMyGfRASHleqx8YiQFUCOGkxdlOTzCoy0YvNrGYz0WqhTXjQz2I0sxVXbr2L8idoudijCnnjoMC_Ds5XnCQRu2SdOg2xcYuWXIV-IbWKYOCqq58Dp2rNNzCumh2UgFKLJKg9ihEPPVbjQwV3DdavArdQgy9B7IIFWAPr_aqV6Pg8mgxf0sYDUDvJQieodGz0FkXfY1YjdJ8Eb_Quz9DmavESlh5JUKo2E0F7JGCoaUh9T6Hp8q54HZJQsGc-tt
Requested by
Host: cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
URL: https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
logo_w.png
s0.2mdn.net/sadbundle/18323139811780221838/ Frame 31B8
4 KB
4 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/18323139811780221838/logo_w.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4a56f1a7b79de5f9e93d27a5c93b999ff979aad3d42e556a9a0e657d0803cfc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/18323139811780221838/index.html?e=69&leftOffset=0&topOffset=0&c=ukLlAfiS7c&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 11:54:57 GMT
x-content-type-options
nosniff
age
23279
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4075
x-xss-protection
0
last-modified
Tue, 07 Jun 2022 13:05:20 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 21 Nov 2023 11:54:57 GMT
logo_b.png
s0.2mdn.net/sadbundle/18323139811780221838/ Frame 31B8
4 KB
4 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/18323139811780221838/logo_b.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce31e17d11533dc96dc7f9bbd4c16adaed1dd4b16b41688e5468055eb073d949
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/18323139811780221838/index.html?e=69&leftOffset=0&topOffset=0&c=ukLlAfiS7c&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 08:52:53 GMT
x-content-type-options
nosniff
age
552603
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4028
x-xss-protection
0
last-modified
Tue, 07 Jun 2022 13:05:20 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 15 Nov 2023 08:52:53 GMT
60026183_20220510012307143_L560_23MY_027_GLHD_300x250.jpg
s0.2mdn.net/ads/richmedia/studio/60026183/ Frame 31B8
43 KB
43 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60026183/60026183_20220510012307143_L560_23MY_027_GLHD_300x250.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0f4a98bcf1e3133619a2e687dc64f777321b6efd29e6ca61a73068296fe79858
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/18323139811780221838/index.html?e=69&leftOffset=0&topOffset=0&c=ukLlAfiS7c&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 12:25:09 GMT
x-content-type-options
nosniff
age
21467
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43960
x-xss-protection
0
last-modified
Tue, 10 May 2022 08:23:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 12:25:09 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame B86E
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuCmYXzuL5QpnlcEe3RzhnO9XEuw_qKC5H23Vw7syA8bfJYZVFoHEiy9cdc7uyswZi7q_MBibNpNdRLKmBtfDQcVC8a5YnTSqM2AE_Dim0tC8MeF3kyUKGq-nsY1yume6JsWxBinA&sai=AMfl-YQhNrSxqUqh0BRnRGj4rPi47HB9YQ1MGUA_CpCiyvieeNwZyE7V7s36SZ_wH-Fbn7K_MSu5viVOkDacOxJkYnBKCL2wW6ogjaEDJSNBAu33h3gYXZChOLjDXJQGAbRfyo9DHEYvTPOuqTEGTMNW0N3Tp00fCGoRnAM1v97y-_8&sig=Cg0ArKJSzF1KdKwsCXPoEAE&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&id=lidar2&mcvt=1006&p=234,436,324,1164&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20221110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2921056297&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1669054975016&rpt=460&isd=0&lsd=0&met=ce&wmsd=0&pbe=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
logo_w_300x600.png
s0.2mdn.net/sadbundle/12067022830250736275/ Frame E887
2 KB
2 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/12067022830250736275/logo_w_300x600.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c625353285d7d98b8ef8539024d908be74987505dc331a3ccf10711d88e3045
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12067022830250736275/index.html?e=69&leftOffset=0&topOffset=0&c=lBWikGQ9Yb&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Sat, 19 Nov 2022 14:05:01 GMT
x-content-type-options
nosniff
age
188275
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2170
x-xss-protection
0
last-modified
Tue, 07 Jun 2022 13:05:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 19 Nov 2023 14:05:01 GMT
logo_b_300x600.png
s0.2mdn.net/sadbundle/12067022830250736275/ Frame E887
2 KB
2 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/12067022830250736275/logo_b_300x600.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd335627b30cb609116c9ed19b9e56c8fb0861c6b9d94e25b3e4317e8a3e38dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12067022830250736275/index.html?e=69&leftOffset=0&topOffset=0&c=lBWikGQ9Yb&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Thu, 17 Nov 2022 16:44:32 GMT
x-content-type-options
nosniff
age
351504
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2166
x-xss-protection
0
last-modified
Tue, 07 Jun 2022 13:05:10 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Nov 2023 16:44:32 GMT
60026183_20220524080738249_L560_21MY_005_GLHD_300x600.jpg
s0.2mdn.net/ads/richmedia/studio/60026183/ Frame E887
42 KB
42 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60026183/60026183_20220524080738249_L560_21MY_005_GLHD_300x600.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f119b1154b3ea29eadfed8d253928601b0f297fe701054f42f01dd97c457df29
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/12067022830250736275/index.html?e=69&leftOffset=0&topOffset=0&c=lBWikGQ9Yb&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Sun, 20 Nov 2022 23:02:05 GMT
x-content-type-options
nosniff
age
69651
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43003
x-xss-protection
0
last-modified
Tue, 24 May 2022 15:07:38 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 21 Nov 2022 23:02:05 GMT
dt
dt.adsafeprotected.com/ Frame 47E8
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=b6e31f26-9de6-e105-be76-0087648f73fe&tv=%7Bc:uCXXI1,time:947,type:e,im:%7BpLoad:889%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:947,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:263,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B698~0%5D,as:%5B698~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:190,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C16.1222871-67063675%7C161%7C162%7C163%7C164%7C17.1034476-65087490%7C171%7C172%7C173%7C18*.1034476-65087491%7C181%7C182%7C183%7C191%7C1a%7C1b,idMap:18*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:264,sis:510%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt43.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022111501&jk=558454294268755&bg=!FRalFlLNAAbvMpMzzzI7ACkAdvg8Wqrnov-lsq-VuIcnt3iT8WLSpQbhcx6H1q84fLbfqUMjFDOM4QIAAAJlUgAAAARoAQeZAq1pIpPZam2cokwHNDPtSjaFGIP59Hjm52j7v1x57UR9xw_CjSpqvOFy83RSqGdDpMmn8IwaBgnRpo1VY661mFhGS9JNBx0bjv0naKdnjVx_5uU4OJKAA4ohA7AZ7CmITEWijpeyXAtaZ1w9yxC6A2fHeE34n5kOYAyWYhNLXoGbBIh4EENeTtQro4KktYnf_oriA3yD6yTAp-a2viAPW0qE4YqslVP2TH5KUme7HaBstXEVYxZRPTluyPX6DNhLFVnCYCwQUd2pvY-UXk9bvGU3D_gJiWhnpjwnsGjzaTVUmGXdbpNmXpO6gzp88lKrQeG6QcmPqo8SD5eyRbdGi63dqRlc5cNMkoIRyxHefthAHQMrK2s0ASZdvrIzQ5k1Dx8vzgU5EQGYRnr0Nl56UYEBVbcmjyVkwZa9couimNLV9Iv-hU9Mcwcow4U6CxzLVX8fPjhhmYn_il_R3TzOBkJimHuBZwn8rhCbuG7a_jn8vydRKgxDIE720BmmfS-uvozMfP7Ua8R1iQpVONENQdd0yhx2Gdu30xegleuTRSh5RpcMWCHrxJyUiLdWnSvzKMWKYaHtv2Au0brAIGETa5AsKEFq7-MoV39qUa8lNoLkpKmNRRT82lpUHndq0t_B15zEqlNmAQdsqKihbKur5spJW56XPJS1xNcNB-ALb5SBtVGw3EgsSQwOHwZSMbmyrRyWYLjrW9-ufWVVfgGHAf6Mj1Vc0pP2spkwZ8zh38JaAfBsA4ePkCFyYwSISXfzQ45qxBh_OJM1qpngRehqXFOeChfQnlufO9VUffWdLe_99rNu5iQWJhZheC47MtOYI6r-SRlb5V9y60A_IBTds0wSRbYtExHcODUj5iJvsyp3xj8rV0c_2FH4uJVWpSAOcjpyZ-Q9I87j760JRc14
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

dt
dt.adsafeprotected.com/ Frame B86E
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1222871&asId=61d210bb-e56d-8920-51bd-0deccdd1906e&tv=%7Bc:uCXXJM,time:1052,type:e,im:%7Bpci:%7Btdr:1004%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1052,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1047~0%5D,as:%5B1047~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:277,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C16*.1222871-67063675%7C161%7C162%7C17.1034476-65087490%7C171%7C18.1034476-65087491%7C181%7C182%7C191%7C1a%7C1b,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:21,sis:298%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
server
nginx
x-server-name
dt24.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
activeview
pagead2.googlesyndication.com/pcs/ Frame E252
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssvWYHpXW0aWE7xYG2s1SaxztADpbjUksncJxR2yrxx3X3Mo6ez7kKz-NuLG0-WZev0SI05JT1PupG2B_xP_WcYFUWsJHX-VsM2CcENEEv0hNSTYSaWaWfWJ42SNovUoqpo2sIHRQ&sai=AMfl-YS86AzFPWPFO_oSdCYjTWNMbdmozELGNxjvTkuamo5vrgWRcpQ97IabFHCouMV_N6g7sZeECOTrc_kFPDZAuLQ2PCXaoY9UTvOCtYGMzndTKHWZCnhkOsg3oaRtBzQ_3FqUke-3oRUrf_LF71W_c0tTQ0ymQOYJmHUgJahdmRo&sig=Cg0ArKJSzPk85EUhW-ppEAE&cid=CAQSXQDq26N9dAtEro15YFiWQ5Y6puaNkxzbOg027g39UfwQ_uOkNlbiehy8csRxZbJHN3yKacoolzhn4qReUBiCIOciJKAvHlPDqY2s5SUHHnMQmSXWdFIDj0olxQR0LBgBIBM&id=lidar2&mcvt=1000&p=707,1241,747,1282&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=439930873&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1669054975020&rpt=498&isd=0&lsd=0&met=ie&wmsd=0&pbe=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame 47E8
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=b6e31f26-9de6-e105-be76-0087648f73fe&tv=%7Bc:uCXXQV,pingTime:-10,time:1499,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA3LjAuNTMwNC4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1669054976257%7C%7C6c9c247c088fc22c7cea26299fe1cefe%7C%7Cf8b8963e850cee297829880103706300%7C%7Cd2d74aa3b52d36ee5476525167c55756%7C%7Ce14d19988548d1b3598fd1a77981f439%7C%7Cd0d32e7bac922b049b0d49007bbcf9ce%7C%7Cf8a5057bdf48b68840029051ad355e6d%7C%7C0932ed63fde70e334f663c9d6bfa8721%7C%7C1663701684,sca:%7Bspg:61d210bb-e56d-8920-51bd-0deccdd1906e%7D%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
server
nginx
x-server-name
dt50.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame E252
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=afe71c7f-09b4-c128-0170-10aec56ec3e7&tv=%7Bc:uCXXRR,pingTime:-10,time:1555,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA3LjAuNTMwNC4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1669054976257%7C%7C6c9c247c088fc22c7cea26299fe1cefe%7C%7Cf8b8963e850cee297829880103706300%7C%7Cd2d74aa3b52d36ee5476525167c55756%7C%7Ce14d19988548d1b3598fd1a77981f439%7C%7Cd0d32e7bac922b049b0d49007bbcf9ce%7C%7Cf8a5057bdf48b68840029051ad355e6d%7C%7C0932ed63fde70e334f663c9d6bfa8721%7C%7C1663701684,sca:%7Bspg:61d210bb-e56d-8920-51bd-0deccdd1906e%7D%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
server
nginx
x-server-name
dt20.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
envelope
api.rlcdn.com/api/identity/
0
0

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame ADCC
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158139
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=159084
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 21 Nov 2022 18:22:57 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 23 Nov 2022 14:34:21 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 9D9C
3 KB
1 KB
Document
General
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
522
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
76db7429bd2c90bb-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 21 Nov 2022 18:22:57 GMT
expires
Mon, 21 Nov 2022 22:22:57 GMT
last-modified
Mon, 25 Jul 2022 19:18:19 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 73F5
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 21 Nov 2022 18:22:57 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame E220
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: karma.mdpcdn.com
URL: https://karma.mdpcdn.com/service/js-min/karma_revshare.bestlifeonline.com.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://bestlifeonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
48656
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Mon, 21 Nov 2022 18:22:57 GMT
ETag
W/"623de86a-cf34"
Expires
Fri, 04 Nov 2022 04:41:58 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
25, 775545
X-Served-By
cache-lga13626-LGA, cache-hhn4062-HHN
X-Timer
S1669054978.621902,VS0,VE0
sync
odr.mookie1.com/t/v2/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=themediagrid
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=cb7d5e9d-85ab-4d3d-bfde-e38bcd3bc37f&ssp=themediagrid&gdpr=&gdpr_consent=
43 B
356 B
Image
General
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=cb7d5e9d-85ab-4d3d-bfde-e38bcd3bc37f&ssp=themediagrid&gdpr=&gdpr_consent=
Protocol
H2
Server
34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bestlifeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
via
1.1 google
server
Apache
content-type
image/gif;charset=UTF-8
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
//odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=cb7d5e9d-85ab-4d3d-bfde-e38bcd3bc37f&ssp=themediagrid&gdpr=&gdpr_consent=
date
Mon, 21 Nov 2022 18:22:57 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
usermatch
ssum-sec.casalemedia.com/ Frame 288B
2 KB
1 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
edc3ed4cac0b75be5fbee5b7164fa38a5a8193ca5da3c1e3a0c2846d2c788235

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
76db742a6d51bbfd-FRA
content-encoding
br
content-type
text/html
date
Mon, 21 Nov 2022 18:22:57 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0v7VOQesvNL4fgQoUMnn0%2BFwrXByHP0lTd5q9gpbK6V4H16oDULV1qUEo%2FoICd5uMYLmfNs%2BPhHcCQYA%2FG1kXYuKV7t000QHBf0jrap%2Fwqeuto8NT8FwmJJEvmp%2BKUCYIiZXI4DYXwk8%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
async_usersync
ib.adnxs.com/ Frame E220
0
742 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:57 GMT
AN-X-Request-Uuid
927def97-2ddc-45de-8300-66420402892f
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.64.151.4; 217.64.151.4; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame ADCC
2 KB
2 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=6106881&p=158139&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158139
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
2ea287eabe592afce4cdc160f799ae54cbe9d2c2d07ba0fb4086f9b6f60e339a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Mon, 21 Nov 2022 18:22:57 GMT
content-length
1875
content-type
text/html; charset=UTF-8
casale
match.adsrvr.org/track/cmf/ Frame 288B
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usermatchredir
ssum-sec.casalemedia.com/ Frame 288B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB&gdpr_consent=&us_privacy=&gdpr=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESED4O3AeAo1Mld5cFWKcfiE4&google_cver=1
43 B
889 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESED4O3AeAo1Mld5cFWKcfiE4&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5GEB%2BMHNCcNP62hN0zWt2uxfLOlKOdutbjpjL913ajxu4FH%2BdYQcK%2BPZ1ht%2FOHkexLWjTFZOQ3ntjKg8qcxVr6%2BWx%2BfGu28EI2nsft5u9G%2B%2BJUlD1mudX%2B45h6HdwuTR76zWzW1PgCOkJg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
76db742b6db8925c-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESED4O3AeAo1Mld5cFWKcfiE4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 288B
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB&dcc=t
43 B
855 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:58 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
74Y3S9ZJQN2Y939DVCK5
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:58 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
SSY6QXX1Q374Y85AYZ6D
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 288B
43 B
603 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3605:8dd0:5d99:1539:a931 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:57 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
ibs:dpid=23728&dpuuid=Y3vB-0.nQACYvEJDl6cjMQAA%263369
dpm.demdex.net/ Frame 288B
42 B
942 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=Y3vB-0.nQACYvEJDl6cjMQAA%263369?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.248.127.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-127-202.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v045-0df7a788e.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
yVnLi16hRt8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC
tp_out
d.adroll.com/cm/index/ Frame 288B
42 B
181 B
Image
General
Full URL
https://d.adroll.com/cm/index/tp_out?advertisable=3GMDZMBFQREVBC75SYYKWH
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:cc3:fe04:3eca:3e11:a642:4dca Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.22.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:57 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.22.0
content-length
42
vary
Cookie
content-type
image/gif
crum
dsum-sec.casalemedia.com/ Frame 288B
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=29
  • https://c1.adform.net/serving/cookie/match?CC=1&party=29
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=953110695174317294&expiration=1670264577
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=953110695174317294&expiration=1670264577
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:57 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=953110695174317294&expiration=1670264577
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 288B
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB&gdpr_consent=&us_privacy=&gdpr=
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB&gdpr_consent=&us_privacy=&gdpr=&verify=true
  • https://pr-bh.ybp.yahoo.com/sync/casale/Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB
43 B
602 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Server
2a05:d018:d29:3605:8dd0:5d99:1539:a931 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:57 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43

Redirect headers

location
https://pr-bh.ybp.yahoo.com/sync/casale/Y3vB_0-nQACYvEJDl6cjMQAADSkAAAAB
date
Mon, 21 Nov 2022 18:22:57 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
htw-pixel.gif
cdn.indexww.com/ht/ Frame 288B
43 B
353 B
Image
General
Full URL
https://cdn.indexww.com/ht/htw-pixel.gif?Y3vB-0.nQACYvEJDl6cjMQAA%263369
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fbestlifeonline.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:57 GMT
cf-cache-status
HIT
last-modified
Tue, 24 Jan 2017 19:36:04 GMT
server
cloudflare
age
71461
etag
"da1f1d-2b-546dc3a097100"
vary
Accept-Encoding
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
76db742b6bfc9be0-FRA
content-length
43
expires
Tue, 22 Nov 2022 18:22:57 GMT
match
c1.adform.net/serving/cookie/ Frame EFE3
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=FCC8C67B-1105-421F-A611-A84758C2F41E&gdpr=0&gdpr_consent=
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=FCC8C67B-1105-421F-A611-A84758C2F41E&gdpr=0&gdpr_consent=
35 B
467 B
Document
General
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=FCC8C67B-1105-421F-A611-A84758C2F41E&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158139
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.141 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
date
Mon, 21 Nov 2022 18:22:57 GMT
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Mon, 21 Nov 2022 18:22:57 GMT
expires
-1
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=FCC8C67B-1105-421F-A611-A84758C2F41E&gdpr=0&gdpr_consent=
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame 96EA
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=9042871758847304345
42 B
195 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=9042871758847304345
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158139
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 21 Nov 2022 18:22:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=9042871758847304345
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
Pug
simage2.pubmatic.com/AdServer/ Frame 13EF
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d49a637b-c200-4600-8870-dd03b591bae3&gdpr=0&gdpr_consent=
42 B
554 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d49a637b-c200-4600-8870-dd03b591bae3&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158139
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 21 Nov 2022 18:22:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Mon, 21 Nov 2022 18:22:57 GMT
Expires
Mon, 21 Nov 2022 18:22:56 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 169 32252b7 master zrh-pixel-x29 config:1.0.0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d49a637b-c200-4600-8870-dd03b591bae3&gdpr=0&gdpr_consent=
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame ADCC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_MjGexEFQh-mEahHWML0Hg%3D%3D&gdpr=0&gdpr_consent=
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
15 KB
15 KB
Image
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Protocol
H2
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:57 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=159084
accept-ranges
bytes
content-length
5549
expires
Wed, 23 Nov 2022 14:34:21 GMT

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame ADCC
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=d49a637b-c200-4600-8870-dd03b591bae3
0
260 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=d49a637b-c200-4600-8870-dd03b591bae3
Protocol
H2
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:56 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Mon, 21 Nov 2022 18:22:57 GMT
Server
MT3 169 32252b7 master zrh-pixel-x30 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=d49a637b-c200-4600-8870-dd03b591bae3
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 21 Nov 2022 18:22:56 GMT
gdpr_consent=
sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=a9fdb33673a74777/gdpr=0/ Frame ADCC
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=FCC8C67B-1105-421F-A611-A84758C2F41E&gdpr=0&gdpr_consent=
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=a9fdb33673a74777/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...
49 B
265 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=a9fdb33673a74777/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D
Protocol
H2
Server
52.49.181.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-181-242.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.25.217
content-length
49
expires
0

Redirect headers

location
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=a9fdb33673a74777/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D
content-length
0
Pug
image2.pubmatic.com/AdServer/ Frame ADCC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RkNDOEM2N0ItMTEwNS00MjFGLUE2MTEtQTg0NzU4QzJGNDFF&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
245 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Mon, 21 Nov 2022 18:22:57 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame ADCC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMJRAThL-xiFPqQyFL05_Gk&google_cver=1
42 B
380 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMJRAThL-xiFPqQyFL05_Gk&google_cver=1
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Mon, 21 Nov 2022 18:22:57 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMJRAThL-xiFPqQyFL05_Gk&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame ADCC
43 B
610 B
Image
General
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
118.74.204.35.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:57 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Sun, 20 Nov 2022 18:22:57 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame ADCC
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1609273821351993446
42 B
218 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1609273821351993446
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Mon, 21 Nov 2022 18:22:57 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1609273821351993446
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
dt
dt.adsafeprotected.com/ Frame B86E
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1222871&asId=61d210bb-e56d-8920-51bd-0deccdd1906e&tv=%7Bc:uCXY1P,pingTime:1,time:2171,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D,%7Bpiv:100,vs:i,r:,t:1170%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1170,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1164~0,0~100%5D,as:%5B1164~728.90%5D%7D%7D,%7Bsl:i,t:1170,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:185,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C16*.1222871-67063675%7C161%7C162%7C17.1034476-65087490%7C171%7C18.1034476-65087491%7C181%7C182%7C191%7C1a%7C1b,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:21,sis:298%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
server
nginx
x-server-name
dt35.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame B86E
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1222871&asId=61d210bb-e56d-8920-51bd-0deccdd1906e&tv=%7Bc:uCXY1P,pingTime:1,time:2171,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D,%7Bpiv:100,vs:i,r:,t:1170%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1170,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1164~0,0~100%5D,as:%5B1164~728.90%5D%7D%7D,%7Bsl:i,t:1170,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:185,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C16*.1222871-67063675%7C161%7C162%7C17.1034476-65087490%7C171%7C18.1034476-65087491%7C181%7C182%7C191%7C1a%7C1b,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:21,sis:298%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:57 GMT
server
nginx
x-server-name
dt36.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
usync.js
eus.rubiconproject.com/ Frame 73F5
34 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
5cee3cb53db735894fe51914c7a21f73967e2f76d217a998bbe269858e9cf384

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 18:22:57 GMT
Content-Encoding
gzip
Last-Modified
Mon, 21 Nov 2022 00:54:52 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=23579
Connection
keep-alive
Content-Length
10066
Expires
Tue, 22 Nov 2022 00:55:56 GMT
khaos.jpg
token.rubiconproject.com/ Frame 73F5
284 B
536 B
Image
General
Full URL
https://token.rubiconproject.com/khaos.jpg?us_privacy=1---
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/jpg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
284
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
dt
dt.adsafeprotected.com/ Frame E252
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1034476&asId=afe71c7f-09b4-c128-0170-10aec56ec3e7&tv=%7Bc:uCXY57,pingTime:1,time:2377,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:600,t:291%7D,%7Bpiv:82,vs:i,r:,t:1376%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1376,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:291,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1090~0,0~75%5D,as:%5B1090~300.600%5D%7D%7D,%7Bsl:i,t:1376,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:82,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~75%5D,as:%5B1001~300.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:186,fm:tnQAAeS+11%7C12%7C13%7C14%7C15%7C16.1222871-67063675%7C161%7C162%7C163%7C164%7C17*.1034476-65087490%7C171%7C172%7C173%7C18.1034476-65087491%7C181%7C182%7C183%7C184%7C191%7C1a%7C1b,idMap:17*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:291,sis:529%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7781:5c5a:56ce:a55c:6085 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Nov 2022 18:22:58 GMT
server
nginx
x-server-name
dt41.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
async_usersync
ib.adnxs.com/ Frame E220
0
742 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 18:22:58 GMT
AN-X-Request-Uuid
4fd33f85-8a5d-4cdc-af7c-e273e15882c9
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.64.151.4; 217.64.151.4; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame ADCC
0
128 B
Script
General
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158139&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158139
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 18:22:58 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
certify.alexametrics.com
URL
https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=TSA%20Issues%20New%20Alert%20on%20What%20Food%20You%20Can%27t%20Pack%20in%20Carry-On&time=1669054975143&time_zone_offset=0&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=&host_url=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&random_number=5373174033&sess_cookie=8a42c0681849b6dcca69905cda2&sess_cookie_flag=1&user_cookie=8a42c0681849b6dcca69905cda2&user_cookie_flag=1&dynamic=true&domain=bestlifeonline.com&account=OcS6o1QolK10Io&jsv=20130128&user_lang=en-US
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=13435

Verdicts & Comments Add Verdict or Comment

105 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 string| ajaxurl boolean| isLighthouseAudit boolean| isSlowHardware object| dataLayer object| _atrk_opts object| _comscore number| width object| karma string| GoogleAnalyticsObject function| ga function| gtag string| wpParselyApiKey object| bestlife object| webVitalsAnalyticsData object| _stq object| runtime object| regeneratorRuntime function| setImmediate function| clearImmediate object| wp object| wpParselyHooks object| PARSELY function| _typeof function| _toConsumableArray function| _nonIterableSpread function| _unsupportedIterableToArray function| _iterableToArray function| _arrayWithoutHoles function| _arrayLikeToArray function| trackLink object| lazySizes function| st_go function| linktracker_init object| wpcom object| LI object| __li__evt_bus object| liQ object| liQ_instances function| _typeof2 function| __liSync object| googletag object| pbjs object| globalTI object| apstag object| karmaService object| ggeac object| google_tag_data object| google_js_reporting_queue object| headertag object| gaplugins object| gaGlobal object| gaData boolean| apstagLOADED undefined| google_measure_js_timing object| pbjsChunk object| _pbjsGlobals object| google_tag_manager function| onYouTubeIframeAPIReady function| lightboxjs function| lightboxlib object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| GoogleGcLKhOms object| COMSCORE function| udm_ object| ns_p undefined| $ undefined| jQuery object| DIGIOH_API object| LIGHTBOX_API boolean| SENT_LIGHTBOX_PV undefined| jQuery171014024251994400516_1669054974667 function| postscribe object| google_tag_manager_external object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| CookieConsent function| CookiebotCallback_OnAccept object| adServiceQ object| CookiebotDialog object| CookieConsentDialog function| atrk boolean| _atrk_fired object| jQuery171014024251994400516 object| google_image_requests

71 Cookies

Domain/Path Name / Value
bestlifeonline.com/tsa-thanksgiving-food-carry-on-news Name:
Value: test
bestlifeonline.com/tsa-thanksgiving-food-carry-on-news Name: _liChk
Value: 0.2175344767333638
i.liadm.com/s Name: _li_ss
Value: MgUIeRDjEzIFCAwQ4xM
.bestlifeonline.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/%22%2C%22sref%22:%22%22%2C%22sts%22:1669054973371%2C%22slts%22:0}
.bestlifeonline.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=f9cfb1b700b8388e5a15bb4f62e34ad1%22%2C%22session_count%22:1%2C%22last_session_ts%22:1669054973371}
bestlifeonline.com/ Name: isSlowHardware
Value: 0
.bestlifeonline.com/ Name: _li_dcdm_c
Value: .bestlifeonline.com
.bestlifeonline.com/ Name: _lc2_fpi
Value: 2baacde7071f--01gjdpvhvxm1re51xcjaw5fxwk
bestlifeonline.com/ Name: muuid_origin
Value: bestlifeonline.com
bestlifeonline.com/ Name: muuid_source
Value: CLIENT
bestlifeonline.com/ Name: muuid_date
Value: 1669054973869
bestlifeonline.com/ Name: first_request_id
Value: 136c69a7-8000-4388-85dd-2ddc3dbb6108
bestlifeonline.com/ Name: globalTI_SID
Value: 6167aa10-4997-41dc-844f-2386df521ed5
d9jj3mjthpub.cloudfront.net/ Name: cross_site_muuid
Value: 2da51bff-d78e-5e97-aba7-84df2b070e57
.bestlifeonline.com/ Name: _gid
Value: GA1.2.759609290.1669054974
.bestlifeonline.com/ Name: _gat
Value: 1
bestlifeonline.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.bestlifeonline.com/ Name: _ga_NYD0HKHMHR
Value: GS1.1.1669054974.1.0.1669054974.0.0.0
.bestlifeonline.com/ Name: _ga
Value: GA1.1.829776827.1669054974
.liadm.com/ Name: lidid
Value: 1d5ac322-c95e-4efa-874b-ccfe0379b259
.bestlifeonline.com/ Name: __gads
Value: ID=65911a4c849bcd4c:T=1669054974:S=ALNI_MZb1sy4Nt1yv3i3Y2nxz5DlUcO8QQ
.bestlifeonline.com/ Name: __gpi
Value: UID=00000b8521225475:T=1669054974:RT=1669054974:S=ALNI_MbZ_p3TbE--t-nPXN-g_4SXmO-zmg
.bidswitch.net/ Name: tuuid
Value: cb7d5e9d-85ab-4d3d-bfde-e38bcd3bc37f
.bidswitch.net/ Name: c
Value: 1669054975
.bidswitch.net/ Name: tuuid_lu
Value: 1669054975
.bestlifeonline.com/ Name: __asc
Value: 8a42c0681849b6dcca69905cda2
.bestlifeonline.com/ Name: __auc
Value: 8a42c0681849b6dcca69905cda2
.mathtag.com/ Name: uuid
Value: d49a637b-c200-4600-8870-dd03b591bae3
io.narrative.io/ Name: io.narrative.guid.v2
Value: 849147d0-69c9-11ed-a183-06192a72c749
.doubleclick.net/ Name: IDE
Value: AHWqTUl367aTvpmYeYE_cbFyDFmRIWR_8tEUUL7JEVsTguJzc_5cO5j6-yrabXlkJNU
.addthis.com/ Name: na_id
Value: 2022112118225500039847364367
.addthis.com/ Name: na_tc
Value: Y
.addthis.com/ Name: uid
Value: 637bc1ff4a32d4c6
.addthis.com/ Name: ouid
Value: 637bc1ff00015e3537f257f03cad6e208bffb082efeb53a3f322
.adnxs.com/ Name: uuid2
Value: 6874433180974197959
.dlx.addthis.com/ Name: na_sc_x
Value: 1
.casalemedia.com/ Name: CMID
Value: Y3vB-0.nQACYvEJDl6cjMQAA
.casalemedia.com/ Name: CMPS
Value: 3369
.casalemedia.com/ Name: CMPRO
Value: 3369
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&f66fb1e5-618b-40d1-8e0d-e6921d14c9a0"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NjkwNTQ5NzU7MjswMjG3oOAw42dThilmzBYR+F0z7nq7Al//8ZRljd7t33v2Rw==
.linkedin.com/ Name: lidc
Value: "b=VGST07:s=V:r=V:a=V:p=V:g=2497:u=1:x=1:i=1669054975:t=1669141375:v=2:sig=AQHx03D4Ce50Q0PaBW8oJO5mvs83UC4v"
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2ImVwWHbA!@wnfH8K6pQK`!5=E<*L5?%M7gv1(81SZ>JfB8:rmG)Qhipec??[-(wvv8hz%nugO%v4VB%noFQ*Bk+q
.demdex.net/ Name: demdex
Value: 73624032271129805270050695444475813725
.onaudience.com/ Name: cookie
Value: a9fdb33673a74777
.onaudience.com/ Name: done_redirects200
Value: 1
.dpm.demdex.net/ Name: dpm
Value: 73624032271129805270050695444475813725
bestlifeonline.com/ Name: _lr_retry_request
Value: true
bestlifeonline.com/ Name: _lr_env_src_ats
Value: false
.pubmatic.com/ Name: KADUSERCOOKIE
Value: FCC8C67B-1105-421F-A611-A84758C2F41E
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 158139:2
.pubmatic.com/ Name: DPSync3
Value: 1670198400%3A219_201_197%7C1669075200%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1670198400%3A21_13_161_7_56_220
.onaudience.com/ Name: done_redirects104
Value: 1
.analytics.yahoo.com/ Name: IDSYNC
Value: 175w~28f6
.simpli.fi/ Name: suid
Value: 8A404D0C14094A40BAE68C1BE3E0D81B
.de17a.com/ Name: guid
Value: 1.9042871758847304345
.adform.net/ Name: C
Value: 1
.yahoo.com/ Name: A3
Value: d=AQABBAHCe2MCEMlDGhYH2oATGG_8HLXMTIIFEgEBAQETfWOFYwAAAAAA_eMAAA&S=AQAAAqZJe0ZqDqISj2SsMi1K--M
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:d49a637b-c200-4600-8870-dd03b591bae3&KRTB&16736-uid:d49a637b-c200-4600-8870-dd03b591bae3&KRTB&23019-uid:d49a637b-c200-4600-8870-dd03b591bae3&KRTB&23208-uid:d49a637b-c200-4600-8870-dd03b591bae3
.pubmatic.com/ Name: PugT
Value: 1669054977
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEMJRAThL-xiFPqQyFL05_Gk&KRTB&16514-CAESEMJRAThL-xiFPqQyFL05_Gk&KRTB&23025-CAESEMJRAThL-xiFPqQyFL05_Gk&KRTB&23386-CAESEMJRAThL-xiFPqQyFL05_Gk
.adform.net/ Name: uid
Value: 1858770906100763129
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-1609273821351993446&KRTB&23263-1609273821351993446
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-9042871758847304345
.casalemedia.com/ Name: CMTS
Value: 1148
.amazon-adsystem.com/ Name: ad-id
Value: A8QcWxklNUPYrKnRhKJ1_VM
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.pubmatic.com/ Name: SPugT
Value: 1669054978

7 Console Messages

Source Level URL
Text
network error URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://dc8xl0ndzn2cb.cloudfront.net/js/bestlifeonline/v0/keywee.min.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=TSA%20Issues%20New%20Alert%20on%20What%20Food%20You%20Can%27t%20Pack%20in%20Carry-On&time=1669054975143&time_zone_offset=0&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=&host_url=https%3A%2F%2Fbestlifeonline.com%2Ftsa-thanksgiving-food-carry-on-news%2F&random_number=5373174033&sess_cookie=8a42c0681849b6dcca69905cda2&sess_cookie_flag=1&user_cookie=8a42c0681849b6dcca69905cda2&user_cookie_flag=1&dynamic=true&domain=bestlifeonline.com&account=OcS6o1QolK10Io&jsv=20130128&user_lang=en-US
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fx.bidswitch.net%252Fsync%253Fdsp_id%253D270%2526expires%253D10%2526user_id%253DHHt10NrrgRMQhYYUTYgTWTTT%2526ssp%253Dliveintent
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript error URL: https://bestlifeonline.com/tsa-thanksgiving-food-carry-on-news/
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=13435' from origin 'https://bestlifeonline.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=13435
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=a9fdb33673a74777/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax-dtb-cf.amazon-adsystem.com
acdn.adnxs.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
api.parsely.com
api.rlcdn.com
as-sec.casalemedia.com
b-code.liadm.com
bestlifeonline.com
c.amazon-adsystem.com
c1.adform.net
c2shb.ssp.yahoo.com
cd482c5e0e33f61e0f9a84270117daf9.safeframe.googlesyndication.com
cdn.indexww.com
cdn.parsely.com
certify.alexametrics.com
cm.g.doubleclick.net
consent.cookiebot.com
consentcdn.cookiebot.com
d.adroll.com
d30qdagvt44524.cloudfront.net
d31qbv1cthcecs.cloudfront.net
d3div1mtym39ic.cloudfront.net
d5p.de17a.com
d9jj3mjthpub.cloudfront.net
dc8xl0ndzn2cb.cloudfront.net
dpm.demdex.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
green.erne.co
grid.bidswitch.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
ib.adnxs.com
id.sv.rkdms.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
io.narrative.io
js-sec.indexww.com
karma.mdpcdn.com
lightboxapi.azurewebsites.net
match.adsrvr.org
odr.mookie1.com
p1.parsely.com
pagead2.googlesyndication.com
pixel-eu.onaudience.com
pixel.onaudience.com
pixel.wp.com
pr-bh.ybp.yahoo.com
px.ads.linkedin.com
redirect.prod.experiment.routing.cloudfront.aws.a2z.com
region1.google-analytics.com
rp.liadm.com
rp4.liadm.com
s.amazon-adsystem.com
s0.2mdn.net
s3.lightboxcdn.com
sb.scorecardresearch.com
secure.gravatar.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
stats.g.doubleclick.net
stats.wp.com
sync.crwdcntrl.net
sync.mathtag.com
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
um.simpli.fi
ups.analytics.yahoo.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.lightboxcdn.com
x.bidswitch.net
x.dlx.addthis.com
api.rlcdn.com
certify.alexametrics.com
104.111.215.191
104.18.33.19
13.32.27.65
13.32.28.197
141.94.170.77
141.94.240.143
142.250.186.66
146.59.148.16
151.101.129.108
172.217.18.2
172.64.151.162
172.64.154.237
18.156.0.31
18.156.195.47
18.157.127.232
18.159.93.136
185.29.132.245
185.64.189.112
185.64.190.78
185.64.190.80
185.64.190.81
185.80.39.216
192.0.76.3
20.40.202.0
2001:4860:4802:34::36
2001:4860:4802:38::178
213.155.156.168
23.205.235.133
23.35.236.201
2600:1f13:800:7781:5c5a:56ce:a55c:6085
2600:1f18:730:b140:4517:6949:e1a8:7c3d
2600:9000:2057:600:19:bcbe:a700:21
2600:9000:2057:8a00:11:1ed0:3900:21
2600:9000:2057:c800:8:8845:1500:93a1
2600:9000:206f:1a00:d:2820:3bc0:93a1
2600:9000:206f:c800:11:e0c9:84c0:21
2600:9000:214f:e00:8:48e:53c0:93a1
2602:803:c003:200::31
2606:4700:10::6816:4a8
2606:4700:10::ac43:d42
2606:4700::6813:d383
2620:1ec:22::14
2a00:1450:4001:801::2002
2a00:1450:4001:801::2008
2a00:1450:4001:806::2002
2a00:1450:4001:806::2004
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::2003
2a00:1450:4001:812::2006
2a00:1450:4001:813::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:400c:c08::9b
2a02:26f0:3500:18::1724:a29d
2a02:26f0:3500:887::f09
2a04:4e42:600::300
2a04:fa87:fffe::c000:4902
2a05:d018:cc3:fe04:3eca:3e11:a642:4dca
2a05:d018:d29:3605:8dd0:5d99:1539:a931
3.210.106.149
3.218.4.10
3.248.127.202
3.33.220.150
34.120.133.55
34.241.76.101
34.98.67.61
35.204.74.118
37.157.5.141
37.252.171.22
52.19.19.146
52.46.130.91
52.49.181.242
54.158.154.2
54.164.3.34
54.191.92.193
63.34.81.234
65.9.58.186
65.9.61.60
69.173.144.138
99.86.3.236
99.86.4.12
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b9028c7ecccf4f31fafcfca176cd6ed38197d7b3d6ea4c107b98af8eecc525b
0c648c5afd9454de2534fa09567ddf20ca272778ea7fbc50f5521380985aace4
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0f4a98bcf1e3133619a2e687dc64f777321b6efd29e6ca61a73068296fe79858
10559973b2df1031bb021dc84b6e06e835f639518dc6e47ecc07bcfa075c0ffe
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1564c3ffc2fa56bbabfe98a64fee10c969d34636391957a2b3055bb04db97db7
159bd804f3a207ce59088ef63f186ba5b3d906d5245b7bfa882a6a6c3f6a9314
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
197ea80ac6442303a4cfc49b3ca046030c7b31dbf23664c86ebba2dac83fe3a3
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
216ba835e231434cd3c2ce6e760ded2025d6e4f56cc58facbff381b0b2a87fd1
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25c96defcfcabe1098d2ba1130a3eb12b0cc7ce02745775bdd6a5ced33a2931f
25f8f637daa99a551b158f2794034c771c83f2d448c7b0afc7d4165144efcf60
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
29f6da0a8c21c5681511bb9b08663d3fd2c5d09c9bd8054ec354c563b8c8b7c1
2af34f4743fa5655d47a46922268ab2bf5c012db3d3956b0be1d0e5db8908890
2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5
2ea287eabe592afce4cdc160f799ae54cbe9d2c2d07ba0fb4086f9b6f60e339a
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
304cb2cb00b1a3b032caa0e12df80daa63c826bcc25fb4623f98869542794854
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
33442b4d61d8b3d30df627f4909476e0448bbbda78119ce883a68a7db182ab5e
33724c87393fdef4c5f24d22efb12c7f11884c4990ffd634e31e4f4c4baa42f7
39803fb2f8786bc885c132e3fcca8509da7537b659957259e42dd37a13cff449
3bb9742051b029706b3534865cf015f63a963ec093de84618c80feb3f96cbbf2
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44d7dc159ba7a9705717dae1ddf0682eca64ef1ae2074ba56583f520d75eedde
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46b60a64c27e555d9e1d416f2a22d50a078f8a7d9b906050efac3c60403e5375
489d8698afbeee0b32a24070797ef3ffa9cdf186eea96c6199772fe514d74258
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4f29b4389a6e08bf3ffcdfb097597d5621b4abac31a74f89c3fa3537dc428e68
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
5459851818636571b7286afd1a08ccd3991e479808e70ee8dc7b2ffca2201e63
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
571e7da04ac8521909fffd57ec103b82db34777e0902711ca5aa527126309a7a
578ba1031dd4dc432c071aef5522f0927fc59efed9d4778af93bc2dc21f0eef1
5800f312944709b8d8e2e638a4c64704be610892c2fd06e962ac74b222615e19
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4
59cb97a4e767151488e2ad56cddaa76f81ce07285d80a81be954314fd5285017
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5a95db6aee63ed9c1ccfa71ea78387c1341e078316c6f3927ea9be0f641d49af
5cdb8465005469197175f56f3805a57e13596647580a92ac816843defa6583be
5cee3cb53db735894fe51914c7a21f73967e2f76d217a998bbe269858e9cf384
5e84ce936bc3e3844a5d9efb3ac7d28107fa17234fa2a6c2bf3491fc284f0d4f
5fed1de290e6d3af208699fc542d7e58059f58f47f9479415433a3431ad96484
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c8f795775c551a46218aea6c5aeadbe7c367b8d4860c9471d48f53e7351641
6719ba1323b1cf5a720615d678bd678eb2a632dfa1d7759c86cba066ce9311ed
6b65f4eb9dd23056ca5c6fb1290847ed41b1b7e212b5928c569e92d32d07b1a5
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c1daa5e2fd8ad536bb1e02e51a2c795d0ea9df215df735b1884a3bd76a1a27e
727b3ff0c716fa8e38788e3dab83691b06edf37ca523b826f9ef67700021516b
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
7a4dcad58c3c2de63233356847fc5f228f3ee3e60a55e0c17b849eb97fab344d
7dbe0a879bec1d660097c819dc5e30dcaa637fd3c004d0e6b1ec437ff1ae8381
8108bb9555e504a1f9193ea76605e8247fdee8c07b765710f266b47f1907febc
814d3bf1679ff936210378bf6b58b936c8056d52d8bd3f36e42fe55249f7d3e1
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
82fc7415ed2df389cb26bd29f6f73e4fb63677f3cc5f0b35a1a1ded5da17b5e0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8436c7297967e0e046154bf4a7f2052169399e6c29089277906e6988bfb1d2d1
84d1da6a604de1abc1d90800f7c9793122b1364426a9c3fc0d80acd746e41b24
8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
91deeb19ddd111e3ae952409f296e74ea6a08d39ec0387a7a3c61ca7765915b2
94d9b487df31c2708f1e4406e1116f1ebd0a9d71daf675ab4d9335023d50622a
956a243efde51c11758094189afe270cdc8bb79440e57f27874eecd06aa6663f
95d4c35944949980c11b56c7abcd96d0632c3281a6ffd54bb236d501643558bc
967289bf875279db4ff1566492592884e6a406a98640cf3ed884307bf7a2e235
96852267480e97e11f1058af3c56a86368b3c6647c2c4de7a69de2a693be9f68
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
9891443922f3308f109272f30ac5e06397f084add2d14f4373fa718ceeb7c834
98ccd33e523985efa588344a13932892db38b1335243f989dd366450db8ea68d
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
9c625353285d7d98b8ef8539024d908be74987505dc331a3ccf10711d88e3045
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4c7748a8849068a7262049472b6b640aea77d843c16a57de3e34d3c47e4a01f
a6a7f7d24c229ed28ab11cf16440f428d1d7a7f24b6acc0ed23bac7644cf103e
aa489d710311bc7f70a3df774a783ec2195adc39daac94a4cd23d5589b24043e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f12a64245cce2f478ba1f07cf6c20a56464b3b7765a27cd83a1d6534f53be0
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
b5f4af2ecfa8cbe2481e04b0bcb39b7c40ef2f97f04d29d253685111337755b2
b6827488d949de4dd4df300dfe9280cad36c4558ce57296aa5d95c87a0af4744
b84b27bd8f1dea53787ebe8a939fdb97b0da6acb90dd427697fe943c2c00baf5
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bd335627b30cb609116c9ed19b9e56c8fb0861c6b9d94e25b3e4317e8a3e38dd
bd8b521307332fcb0a59ff2cbfe324322d6f4108b24363b6c8d26a0ec8be50da
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c78ce438e9d91ea8c16341aaf2c6cf07f9c347eb1130bd922796ad4fb78fe885
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cdeb51cd54f0e1a3c90c892d52fc108d335a9d3b8967d5e7ebef5966065ed8f5
ce31e17d11533dc96dc7f9bbd4c16adaed1dd4b16b41688e5468055eb073d949
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d139a7690d6cee6d8d13fe5fc531eb3c6d2f2a35bd081329aa9fec07e2ce4103
d3732a091080d59e450e719fd7404449bd696e8e7b43ac2ac40d4aaebf5f0fbd
d5733b862a5e2bafe7ab05f510fdc916cb7cbc8e8b7d800ca7fb9cef5b8e2dc4
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
dc2f03640c55d7361dc950b90f842e5e0f5d670d27bd10d750c6ba5dfea2e49d
de8a1372f7789310057276fb85ed0dc29b796641a8b31d7c467065439a769b0e
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ed5925328e1dfab49de1cca08b2a2b8fa32c24cae4f4528fae55fa67e4fc526e
edc3ed4cac0b75be5fbee5b7164fa38a5a8193ca5da3c1e3a0c2846d2c788235
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
eff473cf679cd4f89c61f0f0889fc582be4fb30f9d980bb15ae2abe731ebfaaa
f0661a3d40201d85606203046629c365971b4d1fa7cd29e25e9b28622ef1620c
f0fceb515f303c6a5d1153bf041d622fa4b9899cd97162a23b3d0d41208f88ff
f119b1154b3ea29eadfed8d253928601b0f297fe701054f42f01dd97c457df29
f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f43973ee0ee121287cca23c16a48de9fce9a5701eaa6724be93d702654a9677f
f4a56f1a7b79de5f9e93d27a5c93b999ff979aad3d42e556a9a0e657d0803cfc
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f832a3f9fb50dfb245accbfe1f55d83f4330332a2a1b1640888d253398b95bb9
f8ecd971b32de0b983a3d4d0a20061b4aaceba5959e44642887aad6f9fd1697c
f8f647fe5ac7dfa54103acda23b9195d264eba11be657cf0e863a9cf23d620e3
f95f6c64647c57c1bd2d422fb8de2004c584b18c96c48ecaa73b58a73afc8b8c
fb5f765b9f99d9ea48a3777fa0d725ea4e402892d0195990764689a09bdd5d60
feeff1b73fc856bbaa909aecd74cd3918a41d2f0642b773831da45ad969317e9
ffcf7cefdea7119a342c37b42c7bc14dfe4fe68cf908836af2313449db5490a0