urlscan.io logo urlscan.io
SecurityTrails logo

ocregister-ca.newsmemory.com Open in urlscan Pro
54.245.242.40  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Effective URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Submission: On July 24 via manual from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 2 countries across 17 domains to perform 85 HTTP transactions. The main IP is 54.245.242.40, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is ocregister-ca.newsmemory.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 1st 2022. Valid for: a year.
This is the only time ocregister-ca.newsmemory.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

13    54.245.242.40 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-245-242-40.us-west-2.compute.amazonaws.com
ocregister-ca.newsmemory.com
ocregister-ca.newsmemory.com.
5    184.29.136.126 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-136-126.deploy.static.akamaitechnologies.com
s7.addthis.com
v1.addthisedge.com
m.addthis.com
4    104.17.130.32 (None, )

ASN13335 (CLOUDFLARENET, US)
us5lb-cdn.newsmemory.com
4    2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    184.29.129.187 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-129-187.deploy.static.akamaitechnologies.com
z.moatads.com
2    2607:f8b0:4006:80f::2002 (New York, United States)

ASN15169 (GOOGLE, US)
www.googletagservices.com
6    142.251.40.130 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f2.1e100.net
securepubads.g.doubleclick.net
1    2607:f8b0:4006:822::2002 (New York, United States)

ASN15169 (GOOGLE, US)
adservice.google.ca
2    2607:f8b0:4006:807::2002 (New York, United States)

ASN15169 (GOOGLE, US)
adservice.google.com
15    2607:f8b0:4006:823::2001 (New York, United States)

ASN15169 (GOOGLE, US)
ce199bbd792308f06765e6cf05cab264.safeframe.googlesyndication.com
tpc.googlesyndication.com
1ce9ddb2631075c30e85c32f9a1f14d3.safeframe.googlesyndication.com
2    68.67.160.184 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
1    44.198.221.89 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-198-221-89.compute-1.amazonaws.com
btlr.sharethrough.com
6    2607:f8b0:4006:823::2002 (New York, United States)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
6    2607:f8b0:4006:809::2004 (New York, United States)

ASN15169 (GOOGLE, US)
www.google.com
3    2607:f8b0:4006:80e::2002 (New York, United States)

ASN15169 (GOOGLE, US)
adservice.google.ca
googleads.g.doubleclick.net
10    2607:f8b0:4006:822::2001 (New York, United States)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
2    2607:f8b0:4006:809::200a (New York, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2607:f8b0:4006:80a::2003 (New York, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
21 googlesyndication.com
ce199bbd792308f06765e6cf05cab264.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 123
tpc.googlesyndication.com — Cisco Umbrella Rank: 159
1ce9ddb2631075c30e85c32f9a1f14d3.safeframe.googlesyndication.com
94 KB
16 newsmemory.com
ocregister-ca.newsmemory.com
us5lb-cdn.newsmemory.com — Cisco Umbrella Rank: 298475
313 KB
10 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 372
217 KB
8 google.com
adservice.google.com — Cisco Umbrella Rank: 96
www.google.com — Cisco Umbrella Rank: 10
3 KB
8 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 211
googleads.g.doubleclick.net — Cisco Umbrella Rank: 56
283 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 52
59 KB
4 addthis.com
s7.addthis.com — Cisco Umbrella Rank: 1493
m.addthis.com — Cisco Umbrella Rank: 1417
143 KB
2 gstatic.com
fonts.gstatic.com
56 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 72
2 KB
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 234
14 KB
2 google.ca
adservice.google.ca — Cisco Umbrella Rank: 12225
914 B
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 181
56 KB
1 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1326
209 B
1 addthisedge.com
v1.addthisedge.com — Cisco Umbrella Rank: 1657
325 B
1 moatads.com
z.moatads.com — Cisco Umbrella Rank: 436
1 KB
1 com.
ocregister-ca.newsmemory.com.
0 districtm.io Failed
dmx.districtm.io Failed
85 17
Domain Requested by
13 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
ocregister-ca.newsmemory.com
cdn.ampproject.org
12 ocregister-ca.newsmemory.com 1 redirects ocregister-ca.newsmemory.com
10 cdn.ampproject.org securepubads.g.doubleclick.net
6 www.google.com 2 redirects tpc.googlesyndication.com
ocregister-ca.newsmemory.com
6 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
6 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
ocregister-ca.newsmemory.com
4 www.google-analytics.com ocregister-ca.newsmemory.com
www.google-analytics.com
4 us5lb-cdn.newsmemory.com ocregister-ca.newsmemory.com
3 s7.addthis.com ocregister-ca.newsmemory.com
s7.addthis.com
2 googleads.g.doubleclick.net ocregister-ca.newsmemory.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com securepubads.g.doubleclick.net
2 ib.adnxs.com ocregister-ca.newsmemory.com
2 adservice.google.com securepubads.g.doubleclick.net
2 adservice.google.ca securepubads.g.doubleclick.net
2 www.googletagservices.com ocregister-ca.newsmemory.com
1 1ce9ddb2631075c30e85c32f9a1f14d3.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 btlr.sharethrough.com ocregister-ca.newsmemory.com
1 ce199bbd792308f06765e6cf05cab264.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 m.addthis.com s7.addthis.com
1 v1.addthisedge.com s7.addthis.com
1 z.moatads.com s7.addthis.com
1 ocregister-ca.newsmemory.com. ocregister-ca.newsmemory.com
0 dmx.districtm.io Failed ocregister-ca.newsmemory.com
85 24

This site contains links to these domains. Also see Links.

Domain
www.addthis.com
www.newsmemory.com
www.medianewsgroup.com
Subject Issuer Validity Valid
*.newsmemory.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-01 -
2023-03-31		 a year crt.sh
odc-addthis-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-27 -
2023-02-28		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-07-04 -
2022-09-26		 3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2021-11-27 -
2022-11-29		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-07-04 -
2022-09-26		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2022-07-04 -
2022-09-26		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-07-04 -
2022-09-26		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.sharethrough.com
Amazon		 2022-07-14 -
2023-08-12		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-07-04 -
2022-09-26		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2022-07-04 -
2022-09-26		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-07-04 -
2022-09-26		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-07-04 -
2022-09-26		 3 months crt.sh

This page contains 11 frames:

Primary Page: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Frame ID: BF09A2FCBAF0889BDDD2BB26D2C5965E
Requests: 15 HTTP requests in this frame

Frame: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Frame ID: FE218DA2019E644638B1683B9D00B426
Requests: 27 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 1A69A9753C1FAD73FAAF77C94CEA7409
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: F5694FEDC5F281F47731FDA907E1F279
Requests: 1 HTTP requests in this frame

Frame: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
Frame ID: DEB73EB3BFBBD9F48F96DB3D3B0EC5FF
Requests: 31 HTTP requests in this frame

Frame: https://ce199bbd792308f06765e6cf05cab264.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 4EF9659B5D074EE31039F99344812290
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C3753F00143D29594F3CC7A7C620A2B1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 491FA1A8B0050D578A063B2CEF698E54
Requests: 2 HTTP requests in this frame

Frame: https://1ce9ddb2631075c30e85c32f9a1f14d3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 315C24F6AA090B16041A7151D462A3D7
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6378D076A5082C4802966D5167D77907
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 138BACA879555DE98DAA89FF7E3277E7
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

WRITEGIRL - Orange County Register

Page URL History Show full URLs

  1. http://ocregister-ca.newsmemory.com/?publink=054373444_1348558 HTTP 301
    https://ocregister-ca.newsmemory.com/?publink=054373444_1348558 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • addthis\.com/js/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Page Statistics

85
Requests

94 %
HTTPS

61 %
IPv6

17
Domains

24
Subdomains

19
IPs

2
Countries

1243 kB
Transfer

3290 kB
Size

19
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ocregister-ca.newsmemory.com/?publink=054373444_1348558 HTTP 301
    https://ocregister-ca.newsmemory.com/?publink=054373444_1348558 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 81
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 82
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

85 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ocregister-ca.newsmemory.com/
Redirect Chain
  • http://ocregister-ca.newsmemory.com/?publink=054373444_1348558
  • https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
24 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
5c94059c138a7682ead0fc941714a6413f3eb2a6616817c8f7f5505ab072d94a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Content-Encoding
gzip
Content-Length
7015
Content-Type
text/html; charset=utf-8
Date
Sun, 24 Jul 2022 18:18:13 GMT
Server
Apache
Vary
Accept-Encoding

Redirect headers

Content-Encoding
gzip
Content-Length
20
Content-Type
text/html
Date
Sun, 24 Jul 2022 18:18:12 GMT
Location
https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Server
Apache
Vary
Accept-Encoding
publink.css
ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/action/style/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/action/style/publink.css
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
65294c2151b2ae580e51d665338349b9a71115f35dd98036a7a1d58be2fc56e1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Sun, 24 Jul 2022 18:18:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Sep 2021 11:08:39 GMT
Server
Apache
ETag
"d844fc1-a6c-5cb0134745bc0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
900
logo_background.png
ocregister-ca.newsmemory.com./action/ipad/images/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ocregister-ca.newsmemory.com./action/ipad/images/logo_background.png?mtime=0
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers
lg-share-en.gif
s7.addthis.com/static/btn/v2/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s7.addthis.com/static/btn/v2/lg-share-en.gif
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-136-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
a277c82c1e9592fcdbb1b3e6c31232f92d90ec761e5b7ecb4e1ec4c9a4f7af4c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
"5f971164-68b"
content-type
image/gif
cache-control
public, max-age=86313600
date
Sun, 24 Jul 2022 18:18:13 GMT
x-host
s7.addthis.com
accept-ranges
bytes
timing-allow-origin
*
content-length
1675
Image_0.jpg
us5lb-cdn.newsmemory.com/newsmemvol2/california/orangecountyregister/20220724/ocr_dly_220724_c_004.pdf.0/img/ 		105 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us5lb-cdn.newsmemory.com/newsmemvol2/california/orangecountyregister/20220724/ocr_dly_220724_c_004.pdf.0/img/Image_0.jpg
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.130.32 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6744974818f9f381d77643b17c96fdcc11b47f28720c79ed89f309ba6e028c35

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:14 GMT
cf-cache-status
MISS
last-modified
Thu 01 Jan 1970 00:27:38 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=259200
accept-ranges
bytes
cf-ray
72fea83d1c86a1d8-YYZ
content-length
107236
expires
Wed, 27 Jul 2022 18:18:14 GMT
Image_3.jpg
us5lb-cdn.newsmemory.com/newsmemvol2/california/orangecountyregister/20220724/ocr_dly_220724_c_004.pdf.0/img/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us5lb-cdn.newsmemory.com/newsmemvol2/california/orangecountyregister/20220724/ocr_dly_220724_c_004.pdf.0/img/Image_3.jpg
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.130.32 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46b3bbc17a9d191f3c9bb8e41eb61041abeca3d14ef1f5bd756fd6d200318c64

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:14 GMT
cf-cache-status
MISS
last-modified
Thu 01 Jan 1970 00:27:38 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=259200
accept-ranges
bytes
cf-ray
72fea83d1c89a1d8-YYZ
content-length
13190
expires
Wed, 27 Jul 2022 18:18:14 GMT
Image_1.jpg
us5lb-cdn.newsmemory.com/newsmemvol2/california/orangecountyregister/20220724/ocr_dly_220724_c_004.pdf.0/img/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us5lb-cdn.newsmemory.com/newsmemvol2/california/orangecountyregister/20220724/ocr_dly_220724_c_004.pdf.0/img/Image_1.jpg
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.130.32 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0bfe8b48617169aa7abfdb90001455204a02b3c8ba4b182bd265e80fd5fc6b9c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:14 GMT
cf-cache-status
MISS
last-modified
Thu 01 Jan 1970 00:27:38 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=259200
accept-ranges
bytes
cf-ray
72fea83d1c8ba1d8-YYZ
content-length
13769
expires
Wed, 27 Jul 2022 18:18:14 GMT
Image_2.jpg
us5lb-cdn.newsmemory.com/newsmemvol2/california/orangecountyregister/20220724/ocr_dly_220724_c_004.pdf.0/img/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us5lb-cdn.newsmemory.com/newsmemvol2/california/orangecountyregister/20220724/ocr_dly_220724_c_004.pdf.0/img/Image_2.jpg
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.130.32 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
efa0e663a48ef58085149b278e7a495c7fcc4b6a3f2c330e8e9754e80df353b0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:14 GMT
cf-cache-status
MISS
last-modified
Thu 01 Jan 1970 00:27:38 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=259200
accept-ranges
bytes
cf-ray
72fea83d1c8fa1d8-YYZ
content-length
23588
expires
Wed, 27 Jul 2022 18:18:14 GMT
low.jpg
ocregister-ca.newsmemory.com/newsmemvol2/california/orangecountyregister/20220724/ocr_dly_220724_c_004.pdf.0/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ocregister-ca.newsmemory.com/newsmemvol2/california/orangecountyregister/20220724/ocr_dly_220724_c_004.pdf.0/low.jpg
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
09a1f3de69502c530382a2aa5d0311cb4232fe2b1ff7ce46f480a574e96ffb61

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Sun, 24 Jul 2022 18:18:13 GMT
Cache-control
private
Last-Modified
Thu 01 Jan 1970 00:27:38 GMT
Server
Apache
Content-Length
3974
Content-Type
image/jpeg
addthis_widget.js
s7.addthis.com/js/250/ 		353 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/js/250/addthis_widget.js
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-136-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
"5f971164-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
cache-control
public, max-age=600
date
Sun, 24 Jul 2022 18:18:13 GMT
x-host
s7.addthis.com
content-length
116396
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
630
date
Sun, 24 Jul 2022 18:07:43 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 24 Jul 2022 20:07:43 GMT
ajax-request.php
ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ Frame FE21 		1 KB
826 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
9422513fc9fa0e73dc6882cd06d4fb8df62de9ffbdd7ce3f5ca8efdedc803b32

Request headers

Referer
https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
629
Content-Type
text/html
Date
Sun, 24 Jul 2022 18:18:14 GMT
Server
Apache
Vary
Accept-Encoding
collect
www.google-analytics.com/j/ 		2 B
216 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1975637459&t=pageview&_s=1&dl=https%3A%2F%2Focregister-ca.newsmemory.com%2F%3Fpublink%3D054373444_1348558&dp=%2Fpublink%2F20220724%2FOrange%20County%20Register%2FC004%2F0%20%3AArticle%2FText&ul=en-us&de=UTF-8&dt=WRITEGIRL%20-%20Orange%20County%20Register&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1142266897&gjid=1894382978&cid=575241270.1658686694&tid=UA-497060-19&_gid=1034102599.1658686694&_r=1&_slc=1&z=217168571
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ocregister-ca.newsmemory.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 24 Jul 2022 18:18:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ocregister-ca.newsmemory.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.129.187 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-187.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
C303B71F141B61E5
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=14532
accept-ranges
bytes
content-length
948
x-amz-id-2
7pAaKEdoMJa/ikZep7mvjWEMsvbZ4+R8C+sgB4yo2oTBotb6fMHwF6xyll++Pe0mVwcDgfKEU0M=
/
ocregister-ca.newsmemory.com/ Frame FE21 		228 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ocregister-ca.newsmemory.com/?prebid=header&pSetup=orangecountyregister
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
681ef429858f640f6e2097b8bded2f058ac427f2dd97ace5634f01d6135f1d28

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma
cache
Date
Sun, 24 Jul 2022 18:18:14 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=7200
Transfer-Encoding
chunked
Expires
Sun, 24 Jul 2022 20:18:14 GMT
gpt.js
www.googletagservices.com/tag/js/ Frame FE21 		82 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fe8476b46fb1f6a1c3279aa09039f97fc0049c5805dfeb4849189ad5b2d23326
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28350
x-xss-protection
0
server
sffe
etag
"1283 / 20 of 1000 / last-modified: 1658527520"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sun, 24 Jul 2022 18:18:14 GMT
/
ocregister-ca.newsmemory.com/ Frame FE21 		216 B
431 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ocregister-ca.newsmemory.com/?prebid=sitevariables&pSetup=orangecountyregister
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
ce2f2e7395d24af0c3bb322a2597c72afc53fa71bf7623b46b9ef891414fe7e0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma
cache
Date
Sun, 24 Jul 2022 18:18:14 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=7200
Content-Length
176
Expires
Sun, 24 Jul 2022 20:18:14 GMT
/
ocregister-ca.newsmemory.com/ Frame FE21 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ocregister-ca.newsmemory.com/?prebid=tecnaviaheader&pSetup=orangecountyregister
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
3e996313efbe4ecef5a403a9221b0be79496a57ee3e9334881f60c4ed2900940

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma
cache
Date
Sun, 24 Jul 2022 18:18:14 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=7200
Content-Length
1563
Expires
Sun, 24 Jul 2022 20:18:14 GMT
_ate.track.config_resp
v1.addthisedge.com/live/boost/tecnaviapress/ 		166 B
325 B 		Script
General
Check archive.org
Download Go to
Full URL
https://v1.addthisedge.com/live/boost/tecnaviapress/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-136-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
etag
659743217
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=53, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
154
300lo.json
m.addthis.com/live/red_lojson/ 		101 B
941 B 		Script
General
Check archive.org
Download Go to
Full URL
https://m.addthis.com/live/red_lojson/300lo.json?si=62dd8ce6fa1d0989&bkl=0&bl=1&pdt=1253&sid=62dd8ce6fa1d0989&pub=tecnaviapress&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=ocregister-ca.newsmemory.com&fp=%3Fpublink%3D054373444_1348558&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1658686694093&jsl=0&uvs=62dd8ce6de4d7ba5000&skipb=1&callback=addthis.cbs.jsonp__43638633512040780
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-136-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7e217375b81b22bc6ff2386a82689b1f643d0b231b3a113de502cace3d5c1bf9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 24 Jul 2022 18:18:14 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-disposition
attachment; filename=1.txt
p3p
policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
content-length
101
content-type
application/javascript;charset=utf-8
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 1A69 		0
0
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame F569 		71 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/250/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.29.136.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-136-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://ocregister-ca.newsmemory.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
public, max-age=86313600
content-encoding
gzip
content-length
26421
content-type
text/html
date
Sun, 24 Jul 2022 18:18:14 GMT
etag
W/"5f971164-11adc"
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
p3p
CP="NON ADM OUR DEV IND COM STA"
server
nginx/1.15.8
strict-transport-security
max-age=15724800; includeSubDomains
timing-allow-origin
*
vary
Accept-Encoding
x-host
s7.addthis.com
ajax-request.php
ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ Frame DEB7 		1 KB
881 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
7efcca5e749d52a175d7e66c8bdf845781e5ea23cce59f9d82a5ab733cef1cdf

Request headers

Referer
https://ocregister-ca.newsmemory.com/?publink=054373444_1348558
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
684
Content-Type
text/html
Date
Sun, 24 Jul 2022 18:18:14 GMT
Server
Apache
Vary
Accept-Encoding
pubads_impl_2022071901.js
securepubads.g.doubleclick.net/gpt/ Frame FE21 		376 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f2.1e100.net
Software
sffe /
Resource Hash
d25b470928984e737126b7d9718a4217c2acfbc03314ae65fa2de9c63dea6092
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sat, 23 Jul 2022 14:44:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
99220
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131527
x-xss-protection
0
last-modified
Tue, 19 Jul 2022 08:34:38 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sun, 23 Jul 2023 14:44:34 GMT
/
ocregister-ca.newsmemory.com/ Frame DEB7 		228 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ocregister-ca.newsmemory.com/?prebid=header&pSetup=orangecountyregister
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
681ef429858f640f6e2097b8bded2f058ac427f2dd97ace5634f01d6135f1d28

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma
cache
Date
Sun, 24 Jul 2022 18:18:14 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=7200
Transfer-Encoding
chunked
Expires
Sun, 24 Jul 2022 20:18:14 GMT
gpt.js
www.googletagservices.com/tag/js/ Frame DEB7 		82 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2a4c5abc5cb1a08819b79795c8b6e1b50bba7aceeae5295f25163f494797b72a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28355
x-xss-protection
0
server
sffe
etag
"1283 / 258 of 1000 / last-modified: 1658527520"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sun, 24 Jul 2022 18:18:14 GMT
/
ocregister-ca.newsmemory.com/ Frame DEB7 		216 B
431 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ocregister-ca.newsmemory.com/?prebid=sitevariables&pSetup=orangecountyregister
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
ce2f2e7395d24af0c3bb322a2597c72afc53fa71bf7623b46b9ef891414fe7e0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma
cache
Date
Sun, 24 Jul 2022 18:18:14 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=7200
Content-Length
176
Expires
Sun, 24 Jul 2022 20:18:14 GMT
/
ocregister-ca.newsmemory.com/ Frame DEB7 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ocregister-ca.newsmemory.com/?prebid=tecnaviaheader&pSetup=orangecountyregister
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.245.242.40 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-245-242-40.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
3e996313efbe4ecef5a403a9221b0be79496a57ee3e9334881f60c4ed2900940

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma
cache
Date
Sun, 24 Jul 2022 18:18:14 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=7200
Content-Length
1563
Expires
Sun, 24 Jul 2022 20:18:14 GMT
analytics.js
www.google-analytics.com/ Frame FE21 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?prebid=tecnaviaheader&pSetup=orangecountyregister
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
631
date
Sun, 24 Jul 2022 18:07:43 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 24 Jul 2022 20:07:43 GMT
pubads_impl_2022071901.js
securepubads.g.doubleclick.net/gpt/ Frame DEB7 		376 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f2.1e100.net
Software
sffe /
Resource Hash
d25b470928984e737126b7d9718a4217c2acfbc03314ae65fa2de9c63dea6092
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sat, 23 Jul 2022 14:44:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
99220
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131527
x-xss-protection
0
last-modified
Tue, 19 Jul 2022 08:34:38 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sun, 23 Jul 2023 14:44:34 GMT
analytics.js
www.google-analytics.com/ Frame DEB7 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?prebid=tecnaviaheader&pSetup=orangecountyregister
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
631
date
Sun, 24 Jul 2022 18:07:43 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 24 Jul 2022 20:07:43 GMT
integrator.js
adservice.google.ca/adsid/ Frame FE21 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=ocregister-ca.newsmemory.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame FE21 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=ocregister-ca.newsmemory.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame FE21 		64 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3570369763707533&correlator=1809397907260312&eid=31060437%2C31068590%2C44761478%2C44764002%2C31061690&output=ldjh&gdfp_req=1&vrg=2022071901&ptt=17&impl=fifs&iu_parts=21699438956%2Cocregister-ca%2Cpublink&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=1&adks=2876538174&sfv=1-0-38&ecs=20220724&fsapi=false&sc=1&cookie_enabled=1&cdm=ocregister-ca.newsmemory.com&abxe=1&dt=1658686694532&lmt=1658686694&dlt=1658686694076&idt=432&adxs=435&adys=47&biw=1600&bih=1200&isw=730&ish=100&scr_x=0&scr_y=0&btvi=0&ucis=ssf1j3a9fzge&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&nhd=1&url=https%3A%2F%2Focregister-ca.newsmemory.com%2Feebrowser%2Fipad%2Fhtml5.check.21090211%2Fajax-request.php%3FpSetup%3Dorangecountyregister%26action%3DloadAds%26ads%3D%252FeeLayout%252F_tan_tecnavia%252Ftan.prebid5.6.0%252Foptionspage%252Ftemplate%252Fsplash7.html&ref=https%3A%2F%2Focregister-ca.newsmemory.com%2F%3Fpublink%3D054373444_1348558&top=https%3A%2F%2Focregister-ca.newsmemory.com%2F%3Fpublink%3D054373444_1348558&frm=23&vis=1&psz=730x100&msz=730x0&fws=260&ohw=730&ea=0&ga_vid=575241270.1658686694&ga_sid=1658686695&ga_hid=162504128&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f2.1e100.net
Software
cafe /
Resource Hash
70e6cc087ad13aa73bb54b720415f7169601f447b509a125adff3f8f321d66cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13352
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://ocregister-ca.newsmemory.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
ce199bbd792308f06765e6cf05cab264.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4EF9 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ce199bbd792308f06765e6cf05cab264.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ocregister-ca.newsmemory.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 24 Jul 2022 18:18:14 GMT
expires
Mon, 24 Jul 2023 18:18:14 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
prebid
ib.adnxs.com/ut/v3/ Frame DEB7 		50 B
755 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?prebid=header&pSetup=orangecountyregister
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://ocregister-ca.newsmemory.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sun, 24 Jul 2022 18:18:14 GMT
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
a35e9f95-cea0-481f-bd10-ce875e5b4619
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://ocregister-ca.newsmemory.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
50
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
btlr.sharethrough.com/WYu2BXv1/ Frame DEB7 		0
209 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?prebid=header&pSetup=orangecountyregister
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.198.221.89 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-198-221-89.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ocregister-ca.newsmemory.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://ocregister-ca.newsmemory.com
Date
Sun, 24 Jul 2022 18:18:14 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
prebid
ib.adnxs.com/ut/v3/ Frame DEB7 		21 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/?prebid=header&pSetup=orangecountyregister
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
08272548da0ef779a05a20b9058d9305f055974da7cba1ae446e86d830555307
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://ocregister-ca.newsmemory.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sun, 24 Jul 2022 18:18:14 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
44a89a88-0fe0-4554-abba-b3d09d60a948
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://ocregister-ca.newsmemory.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ Frame DEB7 		0
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame FE21 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022071901&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fc185d0432aefe8a2d88453d6d781771748d90e304cd935052d19658b841c5e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10743
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame FE21 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sun, 24 Jul 2022 18:18:14 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C375 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ocregister-ca.newsmemory.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
43460
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 24 Jul 2022 06:13:54 GMT
expires
Mon, 24 Jul 2023 06:13:54 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 491F 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0285772c77fd4e1d37a702d536d9adf6c8b636324c813279c7184641bdf3b1ff
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-a0eoZxezj15gUQrweFqEBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ocregister-ca.newsmemory.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-a0eoZxezj15gUQrweFqEBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 24 Jul 2022 18:18:15 GMT
expires
Sun, 24 Jul 2022 18:18:15 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
L-abKjcItiHPWDDjMj0PdPxA5VtdVHl4wwoyOAXJbC0.js
pagead2.googlesyndication.com/bg/ Frame C375 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/L-abKjcItiHPWDDjMj0PdPxA5VtdVHl4wwoyOAXJbC0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2fe69b2a3708b621cf5830e3323d0f74fc40e55b5d547978c30a323805c96c2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Fri, 22 Jul 2022 15:29:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
182944
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13921
x-xss-protection
0
last-modified
Tue, 19 Jul 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 22 Jul 2023 15:29:10 GMT
integrator.js
adservice.google.ca/adsid/ Frame DEB7 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=ocregister-ca.newsmemory.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame DEB7 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=ocregister-ca.newsmemory.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame DEB7 		51 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3475412319411476&correlator=3882697792470558&eid=31068527&output=ldjh&gdfp_req=1&vrg=2022071901&ptt=17&impl=fifs&iu_parts=21699438956%2Cocregister-ca%2Cpublink&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=1&adks=2876752602&sfv=1-0-38&ecs=20220724&fsapi=false&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.00%26hb_adid_appnexus%3D968e45d6dd59be%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D968e45d6dd59be%26hb_bidder%3Dappnexus&eri=1&sc=1&cookie_enabled=1&cdm=ocregister-ca.newsmemory.com&abxe=1&dt=1658686694928&lmt=1658686694&dlt=1658686694300&idt=516&adxs=435&adys=5180&biw=1600&bih=1200&isw=730&ish=100&scr_x=0&scr_y=0&btvi=1&ucis=bimb3hxbafvs&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&nhd=1&url=https%3A%2F%2Focregister-ca.newsmemory.com%2Feebrowser%2Fipad%2Fhtml5.check.21090211%2Fajax-request.php%3FpSetup%3Dorangecountyregister%26action%3DloadAds%26ads%3D%252FeeLayout%252F_tan_tecnavia%252Ftan.prebid5.6.0%252Foptionspage%252Ftemplate%252Fsplash10.html&ref=https%3A%2F%2Focregister-ca.newsmemory.com%2F%3Fpublink%3D054373444_1348558&top=https%3A%2F%2Focregister-ca.newsmemory.com%2F%3Fpublink%3D054373444_1348558&frm=23&vis=1&psz=730x100&msz=730x0&fws=260&ohw=730&ea=0&ga_vid=575241270.1658686694&ga_sid=1658686695&ga_hid=2126179307&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f2.1e100.net
Software
cafe /
Resource Hash
d73886e100dbd0e3b6ef017fca6b63303064c2b717c04458873bbe67209f046e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12320
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://ocregister-ca.newsmemory.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame DEB7 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022071901&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f1df78ade99721a48eaa4b8bb4c63a3d689a08731319d796f4912c891da94d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 24 Jul 2022 18:18:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10739
x-xss-protection
0
container.html
1ce9ddb2631075c30e85c32f9a1f14d3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 315C 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1ce9ddb2631075c30e85c32f9a1f14d3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ocregister-ca.newsmemory.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 24 Jul 2022 18:18:14 GMT
expires
Mon, 24 Jul 2023 18:18:14 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame DEB7 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sun, 24 Jul 2022 18:18:15 GMT
generate_204
tpc.googlesyndication.com/ Frame C375 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?QlkYEQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6378 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ocregister-ca.newsmemory.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
43461
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 24 Jul 2022 06:13:54 GMT
expires
Mon, 24 Jul 2023 06:13:54 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 138B 		783 B
740 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
15bfef40ebe83b06033fc0db72f2fdcea43aeb6348fff528577c634313f22758
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Z1MndnysVNhYBIVNqBmYRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ocregister-ca.newsmemory.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-Z1MndnysVNhYBIVNqBmYRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 24 Jul 2022 18:18:15 GMT
expires
Sun, 24 Jul 2022 18:18:15 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
L-abKjcItiHPWDDjMj0PdPxA5VtdVHl4wwoyOAXJbC0.js
pagead2.googlesyndication.com/bg/ Frame 6378 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/L-abKjcItiHPWDDjMj0PdPxA5VtdVHl4wwoyOAXJbC0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2fe69b2a3708b621cf5830e3323d0f74fc40e55b5d547978c30a323805c96c2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Fri, 22 Jul 2022 15:29:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
182945
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13921
x-xss-protection
0
last-modified
Tue, 19 Jul 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 22 Jul 2023 15:29:10 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 491F 		0
0
sodar
pagead2.googlesyndication.com/pagead/ Frame 138B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022071901&jk=3475412319411476&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 6378 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?O0om8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 18:18:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012207071723000/ Frame FE21 		220 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012207071723000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa4ea8e54139dd16f73e5a3aca1e036ae5699fd2a2da1fe7bb6c5b59caca7674
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
266118
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61513
x-xss-protection
0
server
sffe
date
Thu, 21 Jul 2022 16:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"a40ea3ab2445e497"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 21 Jul 2023 16:22:57 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012207071723000/v0/ Frame FE21 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012207071723000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
574d9c501654d592fb31796d8269e48880618cc7d4b55d424286b50fe6b7aacc
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
266118
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5205
x-xss-protection
0
server
sffe
date
Thu, 21 Jul 2022 16:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ecf6d7700179f984"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 21 Jul 2023 16:22:57 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012207071723000/v0/ Frame FE21 		94 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012207071723000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa497572a264f0a35be76178b2ef71de981199be53af1c4608d592947f5c2e97
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
266118
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28819
x-xss-protection
0
server
sffe
date
Thu, 21 Jul 2022 16:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9ca8eecb6dce4cd9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 21 Jul 2023 16:22:57 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012207071723000/v0/ Frame FE21 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012207071723000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4d3eafaf26912ddf3fcbda012c6ab84ee03420313f73324e14edf73382766cf
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
266118
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1910
x-xss-protection
0
server
sffe
date
Thu, 21 Jul 2022 16:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"4aeabff663ac872e"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 21 Jul 2023 16:22:57 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012207071723000/v0/ Frame FE21 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012207071723000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3bd651a75b41ffd685e205862db2da8e5e758f8a34141738ec0450b60b8d861a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
266118
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12946
x-xss-protection
0
server
sffe
date
Thu, 21 Jul 2022 16:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"10eeb975567515a5"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 21 Jul 2023 16:22:57 GMT
css
fonts.googleapis.com/ Frame FE21 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 24 Jul 2022 17:14:38 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 24 Jul 2022 18:18:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 24 Jul 2022 18:18:15 GMT
en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FE21 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 16:14:03 GMT
x-content-type-options
nosniff
server
cafe
age
7452
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
11660698925711390587
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2471
x-xss-protection
0
expires
Mon, 25 Jul 2022 16:14:03 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FE21 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 00:19:52 GMT
x-content-type-options
nosniff
server
cafe
age
64703
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Mon, 25 Jul 2022 00:19:52 GMT
l
www.google.com/ads/measurement/ Frame FE21 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSnCKusLYeVfw_FtlikRtw6NUMBDDNp-j7Qtl12XNnZpg5coiqmrwn5-DUtN_IpBsVhzb27
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame FE21 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CZO085ozdYu_FNMmYnwS626aoAfnKs61r_ouYk5cP3pzBpb4aEAEgk7iZamDJBqABq9W0uwLIAQHgAgCoAwGqBNoDT9BrTslxMDeIkc6dqo9OI-a3bMUO15aSUIH3i0mlOm83xkxcy5F4HvIHCQDKxDsISqkhUjtDpqF5s5lPmeL7P4X1PdTdMrARSjoCyqHqc0llFELhDNFF_Q7ZYe6POt7bzCdSSrenFDelYCGHbv0UiX8E5z35Vt9m-KofDamgcm-gy-gVhCh-ofrR_2QK_JtFLSgNEtaBvuBtCCEfsUBYGdt81SZBEmwpcSJhEmmpK6et8b4WWAVf5jZYrl1HY_TFSrK1LjECeqPqX1EL9kTc26K7LyKjYJou7_mz4DZXG6UFkxuA1W__0-3GfbYgdn8igeIHG6JTGcMOrR2dw-MZCHzIxu4F0Ytl34yNsWS6a932rcUUbcaB4RJMrqP4_nLhnS2Fb1Jqq4ponLcvPPkruNwIu7ddgxMJcpniZkMxRQG7iN99sDHbJOPF-KFYrebBUmPU82PJOItMxunBYJ9tZYIkKERiak2qNVSylPaJiuj61bFwIfwWcF5PIG1LZ-uqKB5XxYlVsPrYvXMQKtKswd5EdeymzoFAaNlDEQVjP0g51qhrT2nVw3Gl-_SwoiA1mX5WWB7PungOTiJrSBzkNcumwkUcr3sR0QMkveIBPRaMYpnBDPlx17MNwASiwvOk6QLgBAGSBQQIBBgBkgUECAUYBIAH6M2yNqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcFEKGpgQHSCBIIiOGAYBABGB0yA8uCAToCgECACgPICwHYEwzQFQGYFgGAFwGyFx4KHAgAEhRwdWItNDQ0NzA3OTQ2ODY1MDUxOBi1uGw&sigh=0o2nobu5CHg&uach_m=[UACH]&template_id=5001
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers
downsize_200k_v1
tpc.googlesyndication.com/simgad/2848570419788953678/ Frame FE21 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2848570419788953678/downsize_200k_v1?w=100&h=100
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d6d01d7502929152b26588e18ca73dc256b6d71aceae75c282cabfdece1183ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 19 Jul 2022 05:24:38 GMT
x-content-type-options
nosniff
age
478417
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8280
x-xss-protection
0
last-modified
Mon, 27 Jul 2020 14:41:38 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 19 Jul 2023 05:24:38 GMT
truncated
/ Frame FE21 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3ecb9d737dffe22ac5781f0b25591828282b153a796dd15c2394e02e2d943616

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012207071723000/ Frame DEB7 		220 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012207071723000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa4ea8e54139dd16f73e5a3aca1e036ae5699fd2a2da1fe7bb6c5b59caca7674
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
266118
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61513
x-xss-protection
0
server
sffe
date
Thu, 21 Jul 2022 16:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"a40ea3ab2445e497"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 21 Jul 2023 16:22:57 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012207071723000/v0/ Frame DEB7 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012207071723000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
574d9c501654d592fb31796d8269e48880618cc7d4b55d424286b50fe6b7aacc
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
266118
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5205
x-xss-protection
0
server
sffe
date
Thu, 21 Jul 2022 16:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ecf6d7700179f984"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 21 Jul 2023 16:22:57 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012207071723000/v0/ Frame DEB7 		94 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012207071723000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa497572a264f0a35be76178b2ef71de981199be53af1c4608d592947f5c2e97
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
266118
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28819
x-xss-protection
0
server
sffe
date
Thu, 21 Jul 2022 16:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9ca8eecb6dce4cd9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 21 Jul 2023 16:22:57 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012207071723000/v0/ Frame DEB7 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012207071723000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4d3eafaf26912ddf3fcbda012c6ab84ee03420313f73324e14edf73382766cf
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
266118
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1910
x-xss-protection
0
server
sffe
date
Thu, 21 Jul 2022 16:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"4aeabff663ac872e"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 21 Jul 2023 16:22:57 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012207071723000/v0/ Frame DEB7 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012207071723000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3bd651a75b41ffd685e205862db2da8e5e758f8a34141738ec0450b60b8d861a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
266118
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12946
x-xss-protection
0
server
sffe
date
Thu, 21 Jul 2022 16:22:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"10eeb975567515a5"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 21 Jul 2023 16:22:57 GMT
css
fonts.googleapis.com/ Frame DEB7 		8 KB
966 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 24 Jul 2022 17:14:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 24 Jul 2022 18:18:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 24 Jul 2022 18:18:15 GMT
en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DEB7 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 16:14:03 GMT
x-content-type-options
nosniff
server
cafe
age
7452
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
11660698925711390587
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2471
x-xss-protection
0
expires
Mon, 25 Jul 2022 16:14:03 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DEB7 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071901.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 00:19:52 GMT
x-content-type-options
nosniff
server
cafe
age
64703
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Mon, 25 Jul 2022 00:19:52 GMT
l
www.google.com/ads/measurement/ Frame DEB7 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRcvGM6N_KcVK2JIXNR5D2nlQf1-OPsjXc4qRa03IA0pbkhvE1niaK2qD2HDHLH0dBS3WI8
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame DEB7 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CUzRu54zdYuAr9YCeBsSsqPAH-cqzrWvrhqnDpg7enMGlvhoQASCTuJlqYMkGoAGr1bS7AsgBAeACAKgDAcgDCqoE0wNP0CW2ShsQStH8sJejyCEyBWjk8Hnd0PiVUaBa8kdpHgYT1xYzRBMJMJ8Z2gdYk3E4mc6GRtAH13vWXUMDb2ES9Z39gJt2eB8FOw8Dy4ec5PgC1T6ItF5eS5pDMQsE2IduONkES-coSAQhcSfCo3-JAg8A5wArq4DyTmDACXCKr-wu5SecrJ2a8L1itR1fU_v_3ZjsXremcFBFU2xzjZKWUpZKCTfCAe6vbtrDAQcMQ6ShaWkQrZu74fI5ENp-ueqkNPlK2W6NX8BEl-glUCc8kg5D8-VLRFatbNU3uCeai0nnc5OhWu8295QokQyfPAQ4b_HrVlxanUuSECtUMvrKb3Yaua8Gw4vU6n0giPFgo2RaPpwuwKZyVfQIvVsb7nNQLdN7Bx9MqbB19m0TBTvtsxWZMpuB-xGkrOD95yCLFVYgQCDYn6uxwNH-TaeS5Yw3J7TgXQrs6eU2IcdADkL7nPhJNcZStMrmD5tuLt45nujR_3ONk-2ehb1xiYMbrAxliX7fdPiPfpulslwT56SI0h4Aj_-qECBYqggOowKWolDgVQOCCxSaqLdMZVS1yI-Y-FW8cr9FQ_koNdOYzOPLNf5dyUHShiV1BkwEkqJ-v5DUx8AEosLzpOkC4AQBkgUECAQYAZIFBAgFGASAB-jNsjaoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCh4ETSCBIIiOGAYBABGB0yA8uCAToCgECACgPICwHYEwzQFQGYFgGAFwGyFx4KHAgAEhRwdWItNDQ0NzA3OTQ2ODY1MDUxOBi1uGw&sigh=M_1Conq30nY&uach_m=[UACH]
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash10.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers
truncated
/ Frame DEB7 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
edcad9c326204c10cead1c739ab17b9bb5bd4bb42bb8e7ee4e259fb4c0359a33

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type
image/png
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame FE21 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ocregister-ca.newsmemory.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 20:34:36 GMT
x-content-type-options
nosniff
age
337419
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28288
x-xss-protection
0
last-modified
Wed, 01 Jun 2022 19:05:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Jul 2023 20:34:36 GMT
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame DEB7 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ocregister-ca.newsmemory.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Wed, 20 Jul 2022 20:34:36 GMT
x-content-type-options
nosniff
age
337419
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28288
x-xss-protection
0
last-modified
Wed, 01 Jun 2022 19:05:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Jul 2023 20:34:36 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame FE21
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: ocregister-ca.newsmemory.com
URL: https://ocregister-ca.newsmemory.com/eebrowser/ipad/html5.check.21090211/ajax-request.php?pSetup=orangecountyregister&action=loadAds&ads=%2FeeLayout%2F_tan_tecnavia%2Ftan.prebid5.6.0%2Foptionspage%2Ftemplate%2Fsplash7.html
Protocol
H2
Server
2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Redirect headers

date
Sun, 24 Jul 2022 18:18:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame DEB7
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol
H2
Server
2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Redirect headers

date
Sun, 24 Jul 2022 18:18:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DEB7 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012207071723000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 16:14:03 GMT
x-content-type-options
nosniff
server
cafe
age
7452
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
11660698925711390587
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2471
x-xss-protection
0
expires
Mon, 25 Jul 2022 16:14:03 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DEB7 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012207071723000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Sun, 24 Jul 2022 00:19:52 GMT
x-content-type-options
nosniff
server
cafe
age
64703
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Mon, 25 Jul 2022 00:19:52 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame FE21 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsslm09tT_5yyefuB_uMkO4M3WA1NKyNFt6vUHVreVx2CoRpfnBACZk3NrFahjSj0nhJ8NqFPfUh25FEcQPDnhHno0ar1FQDvTVPVvK455XQDNMw2JBQEk5rsN4FnJlmUnUWrgWQu38&sai=AMfl-YTUNFjd00sPnaXSzwl-wvE88ich19bSaUHnCrVb6XuOZp6nr0yrW76J9ucAMvNo3PeeQNkUGCSAklYt49QbtZlnjbY7fTug7GTS5MQ0PH7vGPpuHJ3i8_kosvwZjZU&sig=Cg0ArKJSzD-XEju3Av03EAE&cid=CAAST-RoS_TOAoXwLU_Cl-nIA6XpchO6s3ffneSCYWsiJfA4VOuOaQpU0q8--X3C48lttXvM4VDmOIuqG_7BJ0FsjhfbZUJXCcxWXZTynnEwLrk&id=ampim&o=435,47&d=730,100&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=1615&tls=2616&g=100&h=100&tt=2616&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=2876538174
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ocregister-ca.newsmemory.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 24 Jul 2022 18:18:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Domain
dmx.districtm.io
URL
https://dmx.districtm.io/b/v1
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022071901&jk=3570369763707533&rc=

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| data object| addthis_config function| resizeWrapper string| pagenum string| title string| artnum string| arttype string| date string| viewmode string| eedition string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| addthis_share boolean| __@@##MUH object| oattr object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager

19 Cookies

Domain/Path Name / Value
.newsmemory.com/ Name: _ga
Value: GA1.2.575241270.1658686694
.newsmemory.com/ Name: _gid
Value: GA1.2.1034102599.1658686694
.newsmemory.com/ Name: _gat
Value: 1
ocregister-ca.newsmemory.com/ Name: __atuvc
Value: 1%7C30
ocregister-ca.newsmemory.com/ Name: __atuvs
Value: 62dd8ce6de4d7ba5000
.addthis.com/ Name: uvc
Value: 1%7C30
.addthis.com/ Name: ouid
Value: 62dd8ce60001c77710230a469907dae9f8f4e18511b3d6dfc6c0
.addthis.com/ Name: di2
Value: aVSiw#%!k#$M`#!AgP2TIPv7LW6Lj6Hq#1:R#19w
.addthis.com/ Name: um
Value: j.'2022072418181422100127142862'
.addthis.com/ Name: uid
Value: 62dd8ce694f03cf3
.addthis.com/ Name: na_id
Value: 2022072418181422100127142862
.addthis.com/ Name: vc
Value: 2
.addthis.com/ Name: loc
Value: MDAwMDBOQUNBUUMyMjU1MTA2NDQ2MjAwMDBDSA==
.adnxs.com/ Name: icu
Value: ChgI8Y5XEAoYASABKAEw5pn2lgY4AUABSAEQ5pn2lgYYAA..
.adnxs.com/ Name: uuid2
Value: 8667222878865510458
.doubleclick.net/ Name: IDE
Value: AHWqTUlj8k9Q52E2SCkMTkblvtE2ZBDrY-MmS4B-XUnPbMJFAgtpNvT20l8llVZPKR8
.newsmemory.com/ Name: __gads
Value: ID=e12c4a72dec3e335-226f5e12807c005f:T=1658686694:S=ALNI_MZD4nnSBsxZTX8WrI9GhrG1owXkrA
.newsmemory.com/ Name: __gpi
Value: UID=000007b8e23e5183:T=1658686694:RT=1658686694:S=ALNI_MZNlppCDmKcyXggDgCdpl-6r3nZJA
.doubleclick.net/ Name: DSID
Value: NO_DATA

4 Console Messages

Source Level URL
Text
network error URL: https://ocregister-ca.newsmemory.com./action/ipad/images/logo_background.png?mtime=0
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://dmx.districtm.io/b/v1
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other warning URL: https://cdn.ampproject.org/rtv/012207071723000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.ampproject.org/rtv/012207071723000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1ce9ddb2631075c30e85c32f9a1f14d3.safeframe.googlesyndication.com
adservice.google.ca
adservice.google.com
btlr.sharethrough.com
cdn.ampproject.org
ce199bbd792308f06765e6cf05cab264.safeframe.googlesyndication.com
dmx.districtm.io
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
m.addthis.com
ocregister-ca.newsmemory.com
ocregister-ca.newsmemory.com.
pagead2.googlesyndication.com
s7.addthis.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
us5lb-cdn.newsmemory.com
v1.addthisedge.com
www.google-analytics.com
www.google.com
www.googletagservices.com
z.moatads.com
dmx.districtm.io
pagead2.googlesyndication.com
s7.addthis.com
104.17.130.32
142.251.40.130
184.29.129.187
184.29.136.126
2001:4860:4802:32::178
2607:f8b0:4006:807::2002
2607:f8b0:4006:809::2004
2607:f8b0:4006:809::200a
2607:f8b0:4006:80a::2003
2607:f8b0:4006:80e::2002
2607:f8b0:4006:80f::2002
2607:f8b0:4006:822::2001
2607:f8b0:4006:822::2002
2607:f8b0:4006:823::2001
2607:f8b0:4006:823::2002
44.198.221.89
54.245.242.40
68.67.160.184
0285772c77fd4e1d37a702d536d9adf6c8b636324c813279c7184641bdf3b1ff
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
08272548da0ef779a05a20b9058d9305f055974da7cba1ae446e86d830555307
09a1f3de69502c530382a2aa5d0311cb4232fe2b1ff7ce46f480a574e96ffb61
0bfe8b48617169aa7abfdb90001455204a02b3c8ba4b182bd265e80fd5fc6b9c
15bfef40ebe83b06033fc0db72f2fdcea43aeb6348fff528577c634313f22758
2a4c5abc5cb1a08819b79795c8b6e1b50bba7aceeae5295f25163f494797b72a
2fe69b2a3708b621cf5830e3323d0f74fc40e55b5d547978c30a323805c96c2d
3bd651a75b41ffd685e205862db2da8e5e758f8a34141738ec0450b60b8d861a
3e996313efbe4ecef5a403a9221b0be79496a57ee3e9334881f60c4ed2900940
3ecb9d737dffe22ac5781f0b25591828282b153a796dd15c2394e02e2d943616
46b3bbc17a9d191f3c9bb8e41eb61041abeca3d14ef1f5bd756fd6d200318c64
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
574d9c501654d592fb31796d8269e48880618cc7d4b55d424286b50fe6b7aacc
5c94059c138a7682ead0fc941714a6413f3eb2a6616817c8f7f5505ab072d94a
5f1df78ade99721a48eaa4b8bb4c63a3d689a08731319d796f4912c891da94d5
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65294c2151b2ae580e51d665338349b9a71115f35dd98036a7a1d58be2fc56e1
6744974818f9f381d77643b17c96fdcc11b47f28720c79ed89f309ba6e028c35
681ef429858f640f6e2097b8bded2f058ac427f2dd97ace5634f01d6135f1d28
70e6cc087ad13aa73bb54b720415f7169601f447b509a125adff3f8f321d66cb
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7e217375b81b22bc6ff2386a82689b1f643d0b231b3a113de502cace3d5c1bf9
7efcca5e749d52a175d7e66c8bdf845781e5ea23cce59f9d82a5ab733cef1cdf
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
9422513fc9fa0e73dc6882cd06d4fb8df62de9ffbdd7ce3f5ca8efdedc803b32
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a277c82c1e9592fcdbb1b3e6c31232f92d90ec761e5b7ecb4e1ec4c9a4f7af4c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa497572a264f0a35be76178b2ef71de981199be53af1c4608d592947f5c2e97
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
ce2f2e7395d24af0c3bb322a2597c72afc53fa71bf7623b46b9ef891414fe7e0
d25b470928984e737126b7d9718a4217c2acfbc03314ae65fa2de9c63dea6092
d6d01d7502929152b26588e18ca73dc256b6d71aceae75c282cabfdece1183ee
d73886e100dbd0e3b6ef017fca6b63303064c2b717c04458873bbe67209f046e
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edcad9c326204c10cead1c739ab17b9bb5bd4bb42bb8e7ee4e259fb4c0359a33
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa0e663a48ef58085149b278e7a495c7fcc4b6a3f2c330e8e9754e80df353b0
f4d3eafaf26912ddf3fcbda012c6ab84ee03420313f73324e14edf73382766cf
fa4ea8e54139dd16f73e5a3aca1e036ae5699fd2a2da1fe7bb6c5b59caca7674
fc185d0432aefe8a2d88453d6d781771748d90e304cd935052d19658b841c5e4
fe8476b46fb1f6a1c3279aa09039f97fc0049c5805dfeb4849189ad5b2d23326