www.fifa.com Open in urlscan Pro
152.199.19.82 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026
Submission: On February 05 via manual (February 5th 2024, 6:52:07 pm UTC) from US — Scanned from DE

Summary HTTP 152 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 8 domains to perform 152 HTTP transactions. The main IP is 152.199.19.82, located in United States and belongs to EDGECAST, US. The main domain is www.fifa.com. The Cisco Umbrella rank of the primary domain is 218865.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on February 2nd 2024. Valid for: 3 months.

This is the only time www.fifa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	152.199.19.82 152.199.19.82	15133 (EDGECAST) (EDGECAST)
3	2a02:26f0:350... 2a02:26f0:3500:587::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
13	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.222.236.47 52.222.236.47	16509 (AMAZON-02) (AMAZON-02)
20	68.232.34.143 68.232.34.143	15133 (EDGECAST) (EDGECAST)
35	2600:9000:223... 2600:9000:223f:d000:11:c1cc:72c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
16	2a05:d018:11d... 2a05:d018:11d:9e00:a450:2133:625e:b343	16509 (AMAZON-02) (AMAZON-02)
1	18.197.160.1 18.197.160.1	16509 (AMAZON-02) (AMAZON-02)
14	2606:2800:133... 2606:2800:133:202d:cd5:25f1:103b:1d26	15133 (EDGECAST) (EDGECAST)
2	151.101.193.91 151.101.193.91	54113 (FASTLY) (FASTLY)
152	12

42 152.199.19.82 (United States)

ASN15133 (EDGECAST, US)

www.fifa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
play.fifa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-47.fra56.r.cloudfront.net

cdn.theoplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 68.232.34.143 (United States)

ASN15133 (EDGECAST, US)

cxm-api.fifa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2600:9000:223f:d000:11:c1cc:72c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

digitalhub.fifa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a05:d018:11d:9e00:a450:2133:625e:b343 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

content.uplynk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
content-aeui1.uplynk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.160.1 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-160-1.eu-central-1.compute.amazonaws.com

walls.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:2800:133:202d:cd5:25f1:103b:1d26 (United States)

ASN15133 (EDGECAST, US)

x-default-sstgec.uplynk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.91 (United States)

ASN54113 (FASTLY, US)

license.theoplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
97	fifa.com www.fifa.com — Cisco Umbrella Rank: 218865 play.fifa.com — Cisco Umbrella Rank: 377380 cxm-api.fifa.com — Cisco Umbrella Rank: 458391 digitalhub.fifa.com — Cisco Umbrella Rank: 276304	5 MB
30	uplynk.com content.uplynk.com — Cisco Umbrella Rank: 15134 content-aeui1.uplynk.com — Cisco Umbrella Rank: 684000 x-default-sstgec.uplynk.com	23 MB
13	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 364	267 KB
3	gstatic.com www.gstatic.com	29 KB
3	theoplayer.com cdn.theoplayer.com — Cisco Umbrella Rank: 230999 license.theoplayer.com — Cisco Umbrella Rank: 22747	250 B
3	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 460	108 KB
2	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 567	541 B
1	walls.io walls.io — Cisco Umbrella Rank: 124556	5 KB
152	8

	Domain	Requested by
41	www.fifa.com	www.fifa.com
35	digitalhub.fifa.com	www.fifa.com
20	cxm-api.fifa.com	www.fifa.com
14	x-default-sstgec.uplynk.com	www.fifa.com
13	cdn.cookielaw.org	www.fifa.com cdn.cookielaw.org
12	content-aeui1.uplynk.com	www.fifa.com
4	content.uplynk.com	www.fifa.com
3	www.gstatic.com	www.fifa.com www.gstatic.com
3	assets.adobedtm.com	www.fifa.com assets.adobedtm.com
2	license.theoplayer.com	www.fifa.com
2	geolocation.onetrust.com	www.fifa.com cdn.cookielaw.org
1	walls.io	www.fifa.com
1	cdn.theoplayer.com	www.fifa.com
1	play.fifa.com	www.fifa.com
152	14

This site contains links to these domains. Also see Links.

Domain
www.plus.fifa.com
store.fifa.com
www.onetrust.com

Subject Issuer	Validity	Valid
fifa.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-02` - `2024-04-19`	3 months	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
cdn.theoplayer.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-11`	a year	crt.sh
plus.fifa.com GeoTrust TLS RSA CA G1	`2023-09-26` - `2024-10-26`	a year	crt.sh
digitalhub.fifa.com Amazon RSA 2048 M03	`2023-08-09` - `2024-09-05`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.uplynk.com Amazon RSA 2048 M02	`2023-06-20` - `2024-07-18`	a year	crt.sh
walls.io R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
license.theoplayer.com Certainly Intermediate R1	`2024-02-05` - `2024-03-06`	a month	crt.sh

This page contains 1 frames:

Primary Page: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026
Frame ID: 1A3A19B7850E13AC2A1A0312B473D0CC
Requests: 152 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Copa Mundial de la FIFA 2026™Back ButtonFilter Button

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

152
Requests

100 %
HTTPS

58 %
IPv6

8
Domains

14
Subdomains

12
IPs

3
Countries

28586 kB
Transfer

34975 kB
Size

4
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.plus.fifa.com/?intcmp=(p_fifaplus)_(c_webheader-fwc2026)_(sc_morefifa)_(ssc_originals)_(da_17052023)_(l_es)
Title: FIFA+

Search URL Search Domain Scan URL

URL: https://store.fifa.com/?intcmp=(p_fifaplus)_(c_webheader-fwc2026)_(sc_morefifa)_(ssc_fifastore)_(da_04052023)_(l_es)
Title: FIFA STORE

Search URL Search Domain Scan URL

URL: https://www.plus.fifa.com/es/
Title: FIFA +

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

152 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request canadamexicousa2026 Show response
www.fifa.com/fifaplus/es/tournaments/mens/worldcup/ 12 KB
10 KB 242ms
102ms Document
text/html 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6AA3) /

Resource Hash

037900764deb1df4e2cf4bf8eef12ad15ef4aa0e24541b18590c53b7a6a0f7d7

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: public, max-age=60
content-encoding: gzip
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-type: text/html; charset=utf-8
cross-origin-resource-policy: same-origin
date: Mon, 05 Feb 2024 18:51:57 GMT
etag: W/"2f79-WL/vng1RL4pPRuoltB1s4LAEA80"
referrer-policy: no-referrer
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
server: ECAcc (amb/6AA3)
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 noto-sans-700.5f31d84a.woff2
www.fifa.com/fifaplus/static/media/ 152 KB
156 KB 111ms
106ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/noto-sans-700.5f31d84a.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48DD) /

Resource Hash

6a2f4003a98a3d8b367702823291c5e43078623288deff831d9d83c8f2db9b16

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:57 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341887
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 155152
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48DD)
etag: W/"25e10-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 noto-sans-italic.ac006f14.woff2
www.fifa.com/fifaplus/static/media/ 116 KB
121 KB 110ms
104ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/noto-sans-italic.ac006f14.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4890) /

Resource Hash

a954c0a79c10d3b1bc92da8061a74c4bf99ade39a5f0b385de63e14e569a23db

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:57 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341887
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 119256
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/4890)
etag: W/"1d1d8-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 noto-sans-regular.bfa96228.woff2
www.fifa.com/fifaplus/static/media/ 153 KB
158 KB 149ms
144ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/noto-sans-regular.bfa96228.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48EF) /

Resource Hash

16bb3d8fb5c371c9e4fa6b5f313c0a5e2edd911c0ce6d0f9c3cee01e9560a2b3

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:57 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341887
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 156884
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48EF)
etag: W/"264d4-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 poppins-500.323014b9.woff2
www.fifa.com/fifaplus/static/media/ 48 KB
52 KB 150ms
146ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/poppins-500.323014b9.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4894) /

Resource Hash

c293b3aeb4898d08cc511c812408a728d6c707c464078342d9af91adcb3adc8a

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:57 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341887
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 49000
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/4894)
etag: W/"bf68-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 poppins-600.427f7037.woff2
www.fifa.com/fifaplus/static/media/ 49 KB
53 KB 181ms
176ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/poppins-600.427f7037.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48B4) /

Resource Hash

f9947515ada0af97c9f138a55bf4b733905d3cd11010e806a501c32d20b18ecb

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:57 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341887
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 49664
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48B4)
etag: W/"c200-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 poppins-italic.c232e615.woff2
www.fifa.com/fifaplus/static/media/ 56 KB
60 KB 182ms
178ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/poppins-italic.c232e615.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/488F) /

Resource Hash

48eb74a45169ea3d83367b03ba9fcfaa84db06cc587da680c6e9b864a15b4e5b

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:57 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341887
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 56868
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/488F)
etag: W/"de24-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 poppins-regular.80ad975e.woff2
www.fifa.com/fifaplus/static/media/ 49 KB
53 KB 183ms
179ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/poppins-regular.80ad975e.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48FC) /

Resource Hash

bca0cbef4d9a1480419d2e87f92f86f2b04237f91c1a36800ff4929370b931a4

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:57 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341887
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 49712
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48FC)
etag: W/"c230-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 launch-ENf264c4ce0fad4ce4bf7503fd7be51245.min.js Show response
assets.adobedtm.com/7db34e84caae/759763b5faef/ 344 KB
94 KB 140ms
46ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/7db34e84caae/759763b5faef/launch-ENf264c4ce0fad4ce4bf7503fd7be51245.min.js
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0774b280d94641683d68a56c4836df9264beef00cbfff7c0cb481344d52a328c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:57 GMT
content-encoding: gzip
last-modified: Wed, 20 Dec 2023 11:57:33 GMT
server: AkamaiNetStorage
etag: "17f5722f9901fb56f6e3be12f631dc91:1703073453.679508"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 05 Feb 2024 19:51:57 GMT

GET
H2 200 main.bundle.js Show response
play.fifa.com/components/ 128 KB
42 KB 186ms
176ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://play.fifa.com/components/main.bundle.js
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.19.82 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/4882) /
Resource Hash: 0a35d92fb603a0e8dc7501e0eeead6c01fcd0478509dd3514a40756be1fbd4fb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:57 GMT
content-encoding: gzip
last-modified: Thu, 21 Dec 2023 14:54:52 GMT
server: ECAcc (ama/4882)
age: 355
x-amz-request-id: 1DBDRVVYE97ECQZS
etag: "de501df0a72be3075b0f6fa247ba1d4c+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
content-length: 42886
x-amz-id-2: UyHWs4gMQa+GizixNSzC1i/a+QjdfL1HkX7L4kU5Lc/5EZ99OodLivdVj+uJSiVfH7g9fRiuqBk=

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/996debe1-708b-4ebc-95c8-5b7ee0d77d76/ 140 KB
17 KB 85ms
39ms Script
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/996debe1-708b-4ebc-95c8-5b7ee0d77d76/OtAutoBlock.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c85082bdf7f65c12bc734139c95a14b1a61778437d527b5097f0b025c1466c6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7435
content-md5: jYnBW6Bx3Cl7NmHFarh1tQ==
content-length: 17332
x-ms-lease-status: unlocked
last-modified: Wed, 17 Jan 2024 16:30:36 GMT
server: cloudflare
etag: 0x8DC1779A287E464
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 520673bf-001e-003f-2562-49f120000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 850d59042cfe1e32-FRA
expires: Tue, 06 Feb 2024 18:51:57 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 77ms
32ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4be1addf4ee8c28eff431ef8bfbc475913c1234f6315c50047bc1eda86de71f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: dulN1EiikhiO8GlkrdtHlg==
age: 53009
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6838
x-ms-lease-status: unlocked
last-modified: Thu, 01 Feb 2024 20:33:09 GMT
server: cloudflare
etag: 0x8DC236500E5107B
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e712dae4-801e-006c-3f84-55d214000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 850d59042d001e32-FRA

GET
H2 200 location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 70 B
237 B 130ms
82ms Other
text/javascript 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cea2053be8e509589fe917b989317c05a16799e2d89ed1ea89b21870e3153631

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
cf-ray: 850d59042d749b88-FRA
vary: Accept-Encoding
content-type: text/javascript

GET
H/1.1 403
Forbidden conviva-4.0.12.js
cdn.theoplayer.com/conviva/ 0
0 132ms
53ms Script
application/xml 52.222.236.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.theoplayer.com/conviva/conviva-4.0.12.js
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-47.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

GET
H2 200 54.66843683.chunk.css
www.fifa.com/fifaplus/static/css/ 264 KB
58 KB 39ms
36ms Stylesheet
text/css 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/css/54.66843683.chunk.css

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48B1) /

Resource Hash

55655f7d2dbe6228d02546899765814fd90185d3f0123f449a5917cd791071fb

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113913
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 54584
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/48B1)
etag: W/"41f19-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 main.827b374c.chunk.css
www.fifa.com/fifaplus/static/css/ 429 KB
59 KB 73ms
71ms Stylesheet
text/css 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/css/main.827b374c.chunk.css

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4891) /

Resource Hash

73c4d92fd8a85b6e0189c5b7f1096b9a44effcf56c7b5f3e70a4bbd977a58b61

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 4042310
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 56316
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 19 Dec 2023 22:06:36 GMT
server: ECAcc (ama/4891)
etag: W/"6b5a5-18c841dd1e0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 54.b6dc58ac.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 568 KB
166 KB 182ms
180ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/489C) /

Resource Hash

436550bca96196905470e78e30ca33b0702746c8a48ee7850d20071546c15382

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113890
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 165696
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/489C)
etag: W/"8dfff-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 main.b40ad3f0.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 349 KB
100 KB 183ms
181ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/main.b40ad3f0.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48B1) /

Resource Hash

9cc0e306632679162f6394648779802c9cfb35d4ba5e98efbd537e13e55f290c

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113944
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 97416
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/48B1)
etag: W/"5732a-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 996debe1-708b-4ebc-95c8-5b7ee0d77d76.json Show response
cdn.cookielaw.org/consent/996debe1-708b-4ebc-95c8-5b7ee0d77d76/ 6 KB
2 KB 90ms
46ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/996debe1-708b-4ebc-95c8-5b7ee0d77d76/996debe1-708b-4ebc-95c8-5b7ee0d77d76.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05b21c83774b77ef5d85267b9fc27fef02100767a5138bbecd2e6406c0040048

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7253
content-md5: 8R8IngYJ3vL0u7uRYxFP3A==
content-length: 1857
x-ms-lease-status: unlocked
last-modified: Wed, 17 Jan 2024 16:30:36 GMT
server: cloudflare
etag: 0x8DC1779A2AEA09F
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 863126eb-301e-0079-2b62-49c5a7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 850d5904bb494d6e-FRA
expires: Tue, 06 Feb 2024 18:51:57 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
304 B 89ms
44ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 850d59057aa59b34-FRA
access-control-allow-headers: Content-Type

GET
H2 200 153.70b23735.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 23 KB
12 KB 38ms
37ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/153.70b23735.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48E0) /

Resource Hash

b268b22bb0b4ca2e1460f079b7eb4ae29754b622928f27a6d9263f74b1a745a3

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113883
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 8189
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/48E0)
etag: W/"5a3a-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 36.1c431f90.chunk.css
www.fifa.com/fifaplus/static/css/ 7 KB
6 KB 38ms
37ms Stylesheet
text/css 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/css/36.1c431f90.chunk.css

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/489A) /

Resource Hash

c250ef9f65a41bfb82579dff3c68fcf0109bb987f9624d6ac020ac8a4823a7e4

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 4042170
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 1543
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 19 Dec 2023 22:06:36 GMT
server: ECAcc (ama/489A)
etag: W/"1a6b-18c841dd1e0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 36.c579b53a.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 58 KB
23 KB 41ms
40ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/36.c579b53a.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/488F) /

Resource Hash

4e4537190781df6baaadf41223d09831a736924061aa674f730c727e46f6af87

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113888
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 18858
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/488F)
etag: W/"e699-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 80.c65c989d.chunk.css
www.fifa.com/fifaplus/static/css/ 4 KB
6 KB 39ms
38ms Stylesheet
text/css 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/css/80.c65c989d.chunk.css

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48F8) /

Resource Hash

48dcc3805547ec45ce52bc3610e1648e9a2c49624b65bab11a4871a93d0ddf94

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113888
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 1215
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/48F8)
etag: W/"f46-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 80.919c4a5e.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 28 KB
12 KB 43ms
42ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/80.919c4a5e.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48D8) /

Resource Hash

900a116048d76068496554aa043c9b506841246e60f467920bc91c8befd380e8

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113888
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 7932
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/48D8)
etag: W/"71ea-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202311.1.0/ 427 KB
103 KB 34ms
34ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202311.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4ad3a7c4aa97b074c4d59a438bb5813ded8ad1d8bb8cf630abb4c6ee075d54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Jal9ZuZ5o01PB+RcMoFDzw==
age: 30316
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 105099
x-ms-lease-status: unlocked
last-modified: Wed, 20 Dec 2023 03:30:51 GMT
server: cloudflare
etag: 0x8DC010C10DEF255
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 390b8f8c-601e-0090-780f-3303ed000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 850d5905eff31e32-FRA

GET
H2 200 headerManagement
cxm-api.fifa.com/fifaplusweb/api/ 596 KB
50 KB 122ms
22ms Other
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/headerManagement?locale=es

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/67E6) /

Resource Hash

aca50fa1d88e66e52258dc63eeff7c30c86d4c9b2ba95498355b578b53a7fb8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
age: 2421
x-cache: HIT
content-length: 50960
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324
referrer-policy: same-origin, same-origin
last-modified: Mon, 05 Feb 2024 18:11:36 GMT
server: ECAcc (frb/67E6)
vary: Accept-Encoding
x-azure-ref: 20240205T181136Z-syzpxc61ut7dt87hk1aq80h4e8000000035g00000000gwvn
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=3600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin

GET
H2 200 canadamexicousa2026 Show response
cxm-api.fifa.com/fifaplusweb/api/pages/es/tournaments/mens/worldcup/ 4 KB
4 KB 556ms
516ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/pages/es/tournaments/mens/worldcup/canadamexicousa2026

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6B13) /

Resource Hash

24d71392333b202f7624ae7e99534f357586856a65bed2a713e3b1b62fe6ee21

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6B13)
x-azure-ref: 20240205T185157Z-p6aw36dzzh5n56ytgd2975646c0000000ch0000000011mhw
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/996debe1-708b-4ebc-95c8-5b7ee0d77d76/149dcd24-9db6-4697-bcff-7ccc514c5265/ 121 KB
27 KB 43ms
43ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/996debe1-708b-4ebc-95c8-5b7ee0d77d76/149dcd24-9db6-4697-bcff-7ccc514c5265/en.json

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4349b838b952c4d391b77321d20b1b9608196f8daab8ef69f6dcc7daf51316a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 5806
content-md5: 8TqjT5eY59u5aRSE+ICZ3A==
content-length: 27933
x-ms-lease-status: unlocked
last-modified: Wed, 17 Jan 2024 16:30:50 GMT
server: cloudflare
etag: 0x8DC1779AAB14ED4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e27482b2-601e-0090-7d62-4903ed000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 850d59066d224d6e-FRA
expires: Tue, 06 Feb 2024 18:51:57 GMT

GET
H2 200 iab2V2Data.json Show response
cdn.cookielaw.org/vendorlist/ 549 KB
71 KB 59ms
58ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/vendorlist/iab2V2Data.json

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb3fdb320ad11371bef6ed20fd92e63da916134f02302562ffd80df60eb7769e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: wjiZc71cHL2yM6XMewJbmA==
age: 17482
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 72460
x-ms-lease-status: unlocked
last-modified: Mon, 05 Feb 2024 13:35:37 GMT
server: cloudflare
etag: 0x8DC264F563BB291
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 4dddfb40-f01e-0049-0238-587b68000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 850d59066d254d6e-FRA

GET
H2 200 otTCF.js Show response
cdn.cookielaw.org/scripttemplates/202311.1.0/ 39 KB
12 KB 30ms
30ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202311.1.0/otTCF.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202311.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b225b553da329022367ef9806c9820cbb60051aede8489749a879cfc3bed0677

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: gyFx8CMZToitPimiGpQzBw==
age: 28840
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11706
x-ms-lease-status: unlocked
last-modified: Wed, 20 Dec 2023 03:30:50 GMT
server: cloudflare
etag: 0x8DC010C1013AA8F
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 3a4042ff-901e-003d-0515-334f98000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 850d590668a31e32-FRA

GET
H2 200 FIFA_Logo_White_Generic
digitalhub.fifa.com/transform/befe3a64-328b-453c-8b58-0faeb9103684/ 6 KB
7 KB 102ms
25ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/befe3a64-328b-453c-8b58-0faeb9103684/FIFA_Logo_White_Generic?io=transform:fill&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c8caef549b0190ec0e337f96aa78027be95ecfb6dc5aa3abc70afda206069c38

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 02:00:08 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1788710
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="FIFA_Logo_White_Generic.webp"; filename*=UTF-8''FIFA_Logo_White_Generic.webp
content-length: 5694
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 9ea50a1a-0b3d-62a7-2f3a-8ae8553bc17f
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: FSJwHw1RG3HpuFrWrLqFAtKIJMFg_Qw-hNJzqwAEVK18P4eGKSu1lg==

GET
H2 200 WC26_Logo
digitalhub.fifa.com/transform/157d23bf-7e13-4d7b-949e-5d27d340987e/ 2 KB
3 KB 100ms
24ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/157d23bf-7e13-4d7b-949e-5d27d340987e/WC26_Logo?io=transform:fill,height:105&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

078dbc253356ef7158f95ab56b9fdb16d1986edb2dc9b6645e7792aa5808753a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 23:36:38 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4734920
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="WC26_Logo.webp"; filename*=UTF-8''WC26_Logo.webp
content-length: 1666
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 390cc894-e6a4-47d5-de61-b652b76c70fb
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: 6RWKYNhM0gqhndmFDXwYZ3LZ05NDiWXHIGv1y2O2aUl829O8jJDhuA==

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202311.1.0/assets/ 13 KB
3 KB 34ms
34ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202311.1.0/assets/otFlat.json

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: k/F42BQAEUqNDKd4RaNADA==
age: 17181
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Wed, 20 Dec 2023 03:30:44 GMT
server: cloudflare
etag: 0x8DC010C0C89850E
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: e9402337-401e-0011-1cc9-43a337000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 850d5907fedc4d6e-FRA

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/202311.1.0/assets/v2/ 63 KB
13 KB 41ms
40ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202311.1.0/assets/v2/otPcTab.json

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bc6a125d698416498cdf5ef60cd959aef01db95a6e3e0d74a95f9b6d3d78feb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: SNv4Rfa+mOMLVCsj3I1O2Q==
age: 17181
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13588
x-ms-lease-status: unlocked
last-modified: Wed, 20 Dec 2023 03:30:46 GMT
server: cloudflare
etag: 0x8DC010C0E0C6896
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 49427488-301e-008d-0dc9-430e51000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 850d5907fee54d6e-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202311.1.0/assets/ 21 KB
4 KB 39ms
38ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202311.1.0/assets/otCommonStyles.css

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 17181
x-ms-lease-status: unlocked
last-modified: Wed, 20 Dec 2023 03:30:55 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: a7351e92-a01e-0054-32c9-4376d4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 850d5907feea4d6e-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
515 B 37ms
37ms Fetch
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 35281
x-ms-lease-status: unlocked
last-modified: Mon, 05 Feb 2024 03:34:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: fc3a340b-601e-0064-6300-58c81b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 850d59088fe14d6e-FRA

GET
H2 200 fcm_rgbf_s.png
cdn.cookielaw.org/logos/a22264f8-9d14-4ab8-ab4b-a61925d0e901/f9cfefe8-45ba-46cf-8da1-2a27e1e35084/ff8bdf07-4d8b-47cf-ba45-a6f4cf46492c/ 4 KB
4 KB 35ms
34ms Image
image/png 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/a22264f8-9d14-4ab8-ab4b-a61925d0e901/f9cfefe8-45ba-46cf-8da1-2a27e1e35084/ff8bdf07-4d8b-47cf-ba45-a6f4cf46492c/fcm_rgbf_s.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb5b84b03e2b10ce084ddccd3f8787dd0a436d1c39600c882a4f162b8a2ec161

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uWM/HWszkOdQXjEPXhaT7w==
age: 30486
content-length: 3762
x-ms-lease-status: unlocked
last-modified: Fri, 27 Oct 2023 08:50:18 GMT
server: cloudflare
etag: 0x8DBD6C9BF032BF3
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 553e3854-c01e-0042-3082-318003000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 850d5908ac2d1e32-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 37ms
37ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 42465
x-ms-lease-status: unlocked
last-modified: Mon, 05 Feb 2024 03:34:49 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 835cbc65-e01e-008e-3ee7-57ef35000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 850d5908ac311e32-FRA

GET
H2 200 128.7fc935c1.chunk.css
www.fifa.com/fifaplus/static/css/ 264 B
5 KB 39ms
39ms Stylesheet
text/css 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/css/128.7fc935c1.chunk.css

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48C6) /

Resource Hash

0a685b96d92a7d52330571aa2aa537afd18c0958bc38d977432657c41d0bf390

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113886
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 203
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/48C6)
etag: W/"108-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 128.b3e07b14.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 2 KB
5 KB 41ms
41ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/128.b3e07b14.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48C0) /

Resource Hash

d19b9e1509e1a5451fa22f764f619ff8d840fb1c73e17393f61db98bf4c74513

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113886
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 705
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/48C0)
etag: W/"660-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ 4 KB
2 KB 108ms
59ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:51:58 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 33 KB
12 KB 55ms
55ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7db34e84caae/759763b5faef/launch-ENf264c4ce0fad4ce4bf7503fd7be51245.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:58 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12163
expires: Mon, 05 Feb 2024 19:51:58 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 3 KB
2 KB 45ms
45ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7db34e84caae/759763b5faef/launch-ENf264c4ce0fad4ce4bf7503fd7be51245.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:58 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Mon, 05 Feb 2024 19:51:58 GMT

GET
H2 200 0.e0fe07b3.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 22 KB
11 KB 47ms
44ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/0.e0fe07b3.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4893) /

Resource Hash

2760ad794749bc3442a01b1643551e6b84067c0fbf544ccd2b287f1180164a2f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113886
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 6886
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/4893)
etag: W/"5719-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 1.4ac062e5.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 2 MB
614 KB 48ms
45ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/1.4ac062e5.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48DD) /

Resource Hash

12ba3f4f28cedf93fe25c32aa30d7f2bd72d423284840caa3fb927018c41ea7f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113886
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 623838
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/48DD)
etag: W/"22f138-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 21.e9ffd6c6.chunk.css
www.fifa.com/fifaplus/static/css/ 15 KB
7 KB 41ms
38ms Stylesheet
text/css 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/css/21.e9ffd6c6.chunk.css

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48BE) /

Resource Hash

9f8987da80502159c12dc31f4f6dd2e7b190e47dc2978acdd400715cbed1e493

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 5334822
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 2846
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 05 Dec 2023 01:01:48 GMT
server: ECAcc (ama/48BE)
etag: W/"3c5b-18c377ed460"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 21.ed99c55a.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 27 KB
13 KB 162ms
160ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/21.ed99c55a.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4897) /

Resource Hash

38b9df860cef411e00cad50c092eadf47355dad5064c3a55afedef70ea469ce3

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113886
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 8355
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/4897)
etag: W/"6dd3-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 13.da1f87ab.chunk.css
www.fifa.com/fifaplus/static/css/ 249 B
5 KB 43ms
40ms Stylesheet
text/css 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/css/13.da1f87ab.chunk.css

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4890) /

Resource Hash

86a0ede7d86475d40b8673b2b1c2fc72e34766e408b477f077c7c402e5bf4cdb

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113888
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 177
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/4890)
etag: W/"f9-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 13.2c156825.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 37 KB
29 KB 163ms
161ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/13.2c156825.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48B6) /

Resource Hash

777f9a799bf90026d7908e0c36ed34952a44f17c30bf44e51cce52914b20c5b4

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113888
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 24887
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/48B6)
etag: W/"95fc-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 56.a8d23d85.chunk.css
www.fifa.com/fifaplus/static/css/ 76 KB
15 KB 43ms
42ms Stylesheet
text/css 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/css/56.a8d23d85.chunk.css

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4898) /

Resource Hash

6fd23e8d923e1c475e222c214d8ac1867ca79d2a7716ed881a08e3490a604d58

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113886
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 10533
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/4898)
etag: W/"12fab-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 56.212e5d97.chunk.js Show response
www.fifa.com/fifaplus/static/js/ 108 KB
31 KB 166ms
165ms Script
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/js/56.212e5d97.chunk.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/es/tournaments/mens/worldcup/canadamexicousa2026

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48B8) /

Resource Hash

6873a676564300f11eb9552c8ffc7234d71d7c7076c96c78d269016d1df7ee16

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 1113886
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 27151
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Tue, 23 Jan 2024 19:30:00 GMT
server: ECAcc (ama/48B8)
etag: W/"1ae07-18d37cd06c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 cast_framework.js Show response
www.gstatic.com/cast/sdk/libs/sender/1.0/ 35 KB
12 KB 113ms
112ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2bdd8cb01353d4ed2a9ab4c7d7c263225f6908aa875614d015a2f39956d9d73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12197
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 23:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="chrome-dongle"
vary: Accept-Encoding
report-to: {"group":"chrome-dongle","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/chrome-dongle"}]}
content-type: text/javascript
cache-control: private, max-age=0
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:51:58 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/121/ 50 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/121/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 19:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85727
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14705
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 16:05:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Mon, 05 Feb 2024 19:03:11 GMT

GET
H2 200 CJNaWUNfccP1SmO8PfhCn Show response
cxm-api.fifa.com/fifaplusweb/api/sections/heroModule/ 11 KB
11 KB 668ms
668ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/heroModule/CJNaWUNfccP1SmO8PfhCn?locale=es

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6B12) /

Resource Hash

492457408b7df55dd4220aaebd37dda7d1cbf4cfd5e9ab7a6c934d0ed0bdd035

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6B12)
x-azure-ref: 20240205T185158Z-uwnas4g95t3mba7xshkk3qpgt400000007g000000000ztk8
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 4hG0ib58lrZR03KDtxWi9X Show response
cxm-api.fifa.com/fifaplusweb/api/sections/newsHeroGrid/ 10 KB
10 KB 307ms
307ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/newsHeroGrid/4hG0ib58lrZR03KDtxWi9X?locale=es

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6B24) /

Resource Hash

29619202252995b9f9a806a21984a2668c11a4f08058a33d19d65a965a8274a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6B24)
x-azure-ref: 20240205T185158Z-6gq4ksxnzd17va4sntmuzmt1c8000000027g000000003qty
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 5gAYgQPZeoSe9J2ngXcVxj Show response
cxm-api.fifa.com/fifaplusweb/api/sections/smallPortraitCarousel/ 6 KB
6 KB 335ms
335ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/smallPortraitCarousel/5gAYgQPZeoSe9J2ngXcVxj?locale=es&limit=20

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6AC5) /

Resource Hash

4bde2a9b5d6045f8993ce62e78ef39e2a66acf5493fbfeff9aa9d57ba4cc36a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6AC5)
x-azure-ref: 20240205T185158Z-su447v0r9d7k1ek1etum9ntz5w00000006k0000000003rfd
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 2GXVjlU9b1qLOjYniP0jcK Show response
cxm-api.fifa.com/fifaplusweb/api/sections/heroBanner/ 1 KB
2 KB 306ms
306ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/heroBanner/2GXVjlU9b1qLOjYniP0jcK?locale=es

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6ACE) /

Resource Hash

9f927d671965717b8bb011360590349f50f721d990545c38c3c1429d5c98ddb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6ACE)
x-azure-ref: 20240205T185158Z-nr34sq0w5512f3p164ftzf7res00000005fg00000000u058
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 4Yw7kRJHvikObnYFQVmUUu Show response
cxm-api.fifa.com/fifaplusweb/api/sections/smallPortraitCarousel/ 11 KB
12 KB 305ms
305ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/smallPortraitCarousel/4Yw7kRJHvikObnYFQVmUUu?locale=es&limit=20

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6A9F) /

Resource Hash

a13e4001bf008067b14b82bfea429c26fbb8123975c07590b168c389203d6309

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6A9F)
x-azure-ref: 20240205T185158Z-deg25p30cd14d11wmu9wb8zfzn00000000sg00000000a0rn
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 3jng80qXe2ZeGtcDxgwh6u Show response
cxm-api.fifa.com/fifaplusweb/api/sections/heroBanner/ 2 KB
2 KB 304ms
303ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/heroBanner/3jng80qXe2ZeGtcDxgwh6u?locale=es

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6AA3) /

Resource Hash

c50e8317ac4c60f3eabe65fb8875c1a77c720fa8a0477cc8b22accd61677c967

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6AA3)
x-azure-ref: 20240205T185158Z-x3hf67vz8x6295sxgpz54w329s0000000750000000010y33
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 4JoS2wwGkAXjt8F94oYvzj Show response
cxm-api.fifa.com/fifaplusweb/api/sections/smallPortraitCarousel/ 7 KB
7 KB 632ms
632ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/smallPortraitCarousel/4JoS2wwGkAXjt8F94oYvzj?locale=es&limit=20

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6B19) /

Resource Hash

88d72fa359eb02bc476d863e822352c8ac2cbd9266d8e6adc60b1bd3bd6360c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6B19)
x-azure-ref: 20240205T185158Z-4gm983wmc14wfbtnm1ya8c7h0s00000001s000000000890t
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 689ol0WdLQZR2MoVUV1Trm Show response
cxm-api.fifa.com/fifaplusweb/api/sections/heroBanner/ 2 KB
2 KB 300ms
299ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/heroBanner/689ol0WdLQZR2MoVUV1Trm?locale=es

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6B19) /

Resource Hash

abe8ef7cc6bcbfdc374223ef03d98f3de718f97c344ea6fdd3bb2d3799167d7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6B19)
x-azure-ref: 20240205T185158Z-qxudw26rh11z5dh0x7d2zvz9mn00000004q000000000gtpq
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 2JCM2oIf1E37uNLLLodCeH Show response
cxm-api.fifa.com/fifaplusweb/api/sections/smallLandscapeCarousel/ 4 KB
4 KB 377ms
376ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/smallLandscapeCarousel/2JCM2oIf1E37uNLLLodCeH?locale=es&limit=20

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6AEE) /

Resource Hash

d9f327e22bbcc852fce1e240bab93963f2af1dae18e39ae0ffaba339c37092c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6AEE)
x-azure-ref: 20240205T185158Z-n2yzrnu9sh7zt22prvsdn8wq1g00000000a000000000vh05
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 4eFpo6Dn3IRDhot0SVzWJi Show response
cxm-api.fifa.com/fifaplusweb/api/sections/smallPortraitCarousel/ 7 KB
7 KB 325ms
325ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/smallPortraitCarousel/4eFpo6Dn3IRDhot0SVzWJi?locale=es&limit=20

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6B69) /

Resource Hash

d15cec0e97a0ee4f6d2ea2baf75b527e5082b10bc9bedd89bfcb00305a1b8401

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6B69)
x-azure-ref: 20240205T185158Z-59yvcphsb56t7143383wtetat4000000052g00000000tf9h
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 718Py2ywmqXdJ6yWybyh9N Show response
cxm-api.fifa.com/fifaplusweb/api/sections/externalIntegrationEmbed/ 729 B
838 B 175ms
175ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/externalIntegrationEmbed/718Py2ywmqXdJ6yWybyh9N?locale=es

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6B64) /

Resource Hash

7f57f54191962ca5b3bac2c1887470d2629706d5d7fc21f22166c53661a8e74e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6B64)
x-azure-ref: 20240205T185158Z-3s8sd19yz95976td4uuc3xzu9w0000000680000000006680
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 62MVq8K46nL4BWH8sjlMAe Show response
cxm-api.fifa.com/fifaplusweb/api/sections/externalIntegrationEmbed/ 877 B
978 B 122ms
121ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/externalIntegrationEmbed/62MVq8K46nL4BWH8sjlMAe?locale=es

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6B38) /

Resource Hash

0a5dd52e4f05ffeeb2d47e3be280c6b04f219ec876a14447d033524d68841005

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6B38)
x-azure-ref: 20240205T185158Z-vs5my4882d1x37yqvdhsnw3w4000000006eg0000000073yu
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 1CQLHotImo6OfGpHAoHjKn Show response
cxm-api.fifa.com/fifaplusweb/api/sections/smallPortraitCarousel/ 3 KB
3 KB 309ms
309ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/smallPortraitCarousel/1CQLHotImo6OfGpHAoHjKn?locale=es&limit=20

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6AB2) /

Resource Hash

320b92d37dd1dee90f5df25e56cda4d5e67ee8dadf6bbf45ef7db68f099237c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6AB2)
x-azure-ref: 20240205T185158Z-6gq4ksxnzd17va4sntmuzmt1c80000000230000000006aep
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 4nT7mZbHaV2tXTfKDLJaXX Show response
cxm-api.fifa.com/fifaplusweb/api/sections/heroBanner/ 2 KB
2 KB 570ms
570ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/heroBanner/4nT7mZbHaV2tXTfKDLJaXX?locale=es

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6AFC) /

Resource Hash

e145a391df952f499758fd20de11ca61591ed0ae38667d7d79b1c1c5f5eb511e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6AFC)
x-azure-ref: 20240205T185158Z-ctkg8n32q50e768s0sb2cg00x0000000071000000000mk9c
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 resources Show response
cxm-api.fifa.com/fifaplusweb/api/ 643 B
728 B 518ms
517ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/resources?locale=es&identifier=p26Labels

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6B24) /

Resource Hash

cd543c2725509007cf78fa0111217b7cd41c0618a1671f76c45780038f6d05a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6B24)
x-azure-ref: 20240205T185159Z-nut631t7nt5578wadd0kx0ut8800000000gg00000001ddyr
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=3600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 S28NysX-t0ynntZoH0dfpQ Show response
cxm-api.fifa.com/fifaplusweb/api/videoPlayerData/ 2 KB
2 KB 247ms
247ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/videoPlayerData/S28NysX-t0ynntZoH0dfpQ?locale=es&isPreviewVideo=true

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6B09) /

Resource Hash

42ea923e41c47756bfdbf5ceef88fa1558dd7bf8dc886681ffb7676c4ba6e7bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6B09)
x-azure-ref: 20240205T185159Z-evwbg2yqdd1u92e0myyctnvzgw00000008d000000000wu8p
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 p26_hover_mask.svg
digitalhub.fifa.com/m/2d0a3d0e030421a3/original/ 2 KB
2 KB 29ms
29ms Image
image/svg+xml 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/m/2d0a3d0e030421a3/original/p26_hover_mask.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ede570f8f275ff0e50c6142a7c0f334242178a202ddc30df39823ad2dacd5792

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 08:04:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 38863
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: attachment;filename="p26_hover_mask.svg"
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/svg+xml
access-control-allow-origin: *
x-api-correlation-id: 20920e40-d267-5cc5-19d7-533add3e5408
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: k2ON_X2Bk4iy9zqC-VGnfQv-OEtHKPjg1w7JD3hL4ogDnEez7sLvOg==

GET
H2 200 573c87f5f6b74aa8b917273f8d04e1c2.json Show response
content.uplynk.com/preplay/ 522 B
789 B 304ms
65ms Fetch
application/json 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content.uplynk.com/preplay/573c87f5f6b74aa8b917273f8d04e1c2.json?v=2&tc=1%2C-1&rn=1306263912&exp=1707162719&ct=a&cid=573c87f5f6b74aa8b917273f8d04e1c2&expand=Shared_Ad_Params%2CWeb_VOD_Params&ad.npa=1&ad.cust_params=npa%253D1&allow_cc_ad=1&sig=7b96cbd4e0152f049989db15b0d1d03eaa851c987a93349040fd4fc12b5e7b6c&ad.sid=ff9481fa-8504-4c15-86af-be5385bf0e9e&ad.ppid=ff9481fa-8504-4c15-86af-be5385bf0e9e

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

dfa641c2a1027549e1f34c37d2f1d4831e4dbfcfe30bf8126f73838e1aa67204

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
content-type: application/json
access-control-allow-origin: *
x-services: 3ebcbb7354934787981e040b32dea59e
content-length: 522
x-xss-protection: 1; mode=block

GET
H2 200 p26_hover_mask.svg
digitalhub.fifa.com/m/2d0a3d0e030421a3/original/ 2 KB
2 KB 23ms
23ms Image
image/svg+xml 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/m/2d0a3d0e030421a3/original/p26_hover_mask.svg

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ede570f8f275ff0e50c6142a7c0f334242178a202ddc30df39823ad2dacd5792

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 08:04:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 38863
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: attachment;filename="p26_hover_mask.svg"
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/svg+xml
access-control-allow-origin: *
x-api-correlation-id: 20920e40-d267-5cc5-19d7-533add3e5408
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: I4q-o9X4c9y6x5G-9RipZCVO6jXkBMoeTsrmSG4BfecIscTPTxAXbQ==

GET
H2 200 Hero_image-1
digitalhub.fifa.com/transform/278fbc25-8253-44e7-a13f-725c63acf834/ 30 KB
32 KB 29ms
28ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/278fbc25-8253-44e7-a13f-725c63acf834/Hero_image-1?io=transform:fill,width:1600&quality=50

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f1fca6ca91d263eb28f9f19c324dd4e327288520a2229a5f7008e0fa96795e57

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 07:02:34 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 474565
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Hero_image-1.webp"; filename*=UTF-8''Hero_image-1.webp
content-length: 30898
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 21e252f4-87bc-f566-090e-ba5598e63080
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: eWj-wL0rS_3xTYNLJoQs_3gAydpYdLrY0gxCTPIaCamAsDBlHAmhig==

GET
H2 200 FIFA-World-Cup-2026-Match-Schedule-announcement
digitalhub.fifa.com/transform/3f88ae6c-d5ad-4712-a4a0-624eed566dc4/ 92 KB
94 KB 33ms
31ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/3f88ae6c-d5ad-4712-a4a0-624eed566dc4/FIFA-World-Cup-2026-Match-Schedule-announcement?io=transform:fill,aspectratio:16x9,width:1024&quality=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cca6ae0b6adf9c7f891d13a29a3de511056875e3a9a9a181e53857da07616c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 13:20:56 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 19863
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="FIFA-World-Cup-2026-Match-Schedule-announcement.webp"; filename*=UTF-8''FIFA-World-Cup-2026-Match-Schedule-announcement.webp
content-length: 94556
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 0fe1e468-3934-107e-7cdf-5325f8fbfad5
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: wXC0tBL46ILcyPYL463NKT6dhMToqEf4DLEQ3Tia2GFG57iJkJhq5Q==

GET
H2 200 Fussball-NASL-Saison-USA-1977-01-05-1977-Franz-BECKENBAUER-links-und-PELE-rechts-beide-Cosmos-New-York
digitalhub.fifa.com/transform/f5ed3b23-bb62-4a96-9c5a-ebf08c5c07c1/ 38 KB
40 KB 32ms
31ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/f5ed3b23-bb62-4a96-9c5a-ebf08c5c07c1/Fussball-NASL-Saison-USA-1977-01-05-1977-Franz-BECKENBAUER-links-und-PELE-rechts-beide-Cosmos-New-York?io=transform:fill,aspectratio:16x9,width:468&quality=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8f65b6b25787a1b0eb5e1c22364623cdd54b1def03e79bb64ae4dd26043e2e19

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 21:23:55 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 77284
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Fussball-NASL-Saison-USA-1977-01-05-1977-Franz-BECKENBAUER-links-und-PELE-rechts-beide-Cosmos-New-York.webp"; filename*=UTF-8''Fussball-NASL-Saison-USA-1977-01-05-1977-Franz-BECKENBAUER-links-und-PELE-rechts-beide-Cosmos-New-York.webp
content-length: 39274
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 051ea7d0-4afa-4474-a5ba-78c0bf5d7070
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: pnvT_wPaKmy7eANvJ_fbZdVLBv5wPX7bcc9R45qtjNelG-f2qZzPaw==

GET
H2 200 Manuel-Negrete-scores-for-Mexico-against-Bulgaria-in-1986
digitalhub.fifa.com/transform/2524f514-39b5-4a43-bfea-7d60db0b38e7/ 89 KB
91 KB 91ms
90ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/2524f514-39b5-4a43-bfea-7d60db0b38e7/Manuel-Negrete-scores-for-Mexico-against-Bulgaria-in-1986?io=transform:fill,aspectratio:16x9,width:468&quality=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4860052dc0231c10cd9d047e3b7c55ee7b8b51d3c1fe2a64524b22bd6c696756

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 08:09:26 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 38553
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Manuel-Negrete-scores-for-Mexico-against-Bulgaria-in-1986.webp"; filename*=UTF-8''Manuel-Negrete-scores-for-Mexico-against-Bulgaria-in-1986.webp
content-length: 91404
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 04d340eb-885a-774e-a19f-0e2d1699f87f
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: 5dY2y4Zfl1b3leoNbudLLMUx1o1eUWN4f7pE0BkG4bzkNvEQZSHtEw==

GET
H2 200 The-Rose-Bowl-during-the-USA-1994-final
digitalhub.fifa.com/transform/f7979ef5-d18c-49f4-9be8-e89d44df9b01/ 91 KB
92 KB 89ms
88ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/f7979ef5-d18c-49f4-9be8-e89d44df9b01/The-Rose-Bowl-during-the-USA-1994-final?io=transform:fill,aspectratio:16x9,width:468&quality=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c3208bf867638c7a0dd6fe243b2ca42ce3ce8445e94e48bb6397badd3d7a7c78

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 21:03:57 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 78482
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="The-Rose-Bowl-during-the-USA-1994-final.webp"; filename*=UTF-8''The-Rose-Bowl-during-the-USA-1994-final.webp
content-length: 92984
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: ebf3cbf5-f5d2-a532-6dca-88209c5f549c
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: S_zgKQCFMgM36b2dQEjWnw_1oGZYvNvEy628ZtrkeNBRD5HfBOF0tg==

GET
H2 200 West-Germany-s-Lothar-Matthaus-fouls-Argentina-s-Diego-Maradona-in-the-Mexico-1986-final
digitalhub.fifa.com/transform/d72322a5-8169-4b27-9201-3e22934aa9a5/ 76 KB
77 KB 91ms
91ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/d72322a5-8169-4b27-9201-3e22934aa9a5/West-Germany-s-Lothar-Matthaus-fouls-Argentina-s-Diego-Maradona-in-the-Mexico-1986-final?io=transform:fill,aspectratio:16x9,width:468&quality=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4bbab94e9323c77371dd2c13901015b3d9237c5ebcd24dcb13d00eb0d27741a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 08:09:25 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 38554
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="West-Germany-s-Lothar-Matthaus-fouls-Argentina-s-Diego-Maradona-in-the-Mexico-1986-final.webp"; filename*=UTF-8''West-Germany-s-Lothar-Matthaus-fouls-Argentina-s-Diego-Maradona-in-the-Mexico-1986-final.webp
content-length: 77518
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 9345a3db-5f46-eaf7-b332-29db37fd2e32
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: aRawS7G3fyKzFHJEoVx1afNXfuntvwJbKHbM1uPRvxSs6GPD4IopJA==

GET
H2 200 1920-live-stream-hero
digitalhub.fifa.com/transform/1ede86c3-c488-416d-83de-ccd8b9ce93f3/ 13 KB
14 KB 108ms
108ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/1ede86c3-c488-416d-83de-ccd8b9ce93f3/1920-live-stream-hero?io=transform:fill,width:1455&quality=100

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/21.e9ffd6c6.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

67f0f661888a4ff38dfbb3ed01a2f30f7f61de0b43a029a4c38efd827de713c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 16:42:40 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 353359
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="1920-live-stream-hero.webp"; filename*=UTF-8''1920-live-stream-hero.webp
content-length: 13350
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 68848bd7-0ba2-dab4-d35f-2e7a2134ac0e
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: UMnXEEvfOBDvrJPZRTgnw-J2fXkMFn__y7EvNDbh6fq7l18VX2vjbg==

GET
H2 200 register_interest_background
digitalhub.fifa.com/transform/1ca6e372-c084-4190-824a-67bb66e6ae72/ 11 KB
12 KB 132ms
132ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/1ca6e372-c084-4190-824a-67bb66e6ae72/register_interest_background?io=transform:fill,width:1455&quality=100

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/21.e9ffd6c6.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

39c4ba098195245d90c94af1664983daae71df7b15165e75c06ae138e15b8d83

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 08:59:17 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 11267562
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="register_interest_background.webp"; filename*=UTF-8''register_interest_background.webp
content-length: 10980
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 6a600ed9-8dfd-e4a7-e78d-c25edb8d5662
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: yk8X_eHeD2e3bzfIzjKmjE7Gq_fIkNVoRZ48upvsdNiCWLYL8vlXAg==

GET
H2 200 FPLS_FBSWC2024_Thumbnail_01
digitalhub.fifa.com/transform/6683dd74-9978-471f-9617-e5416a6328ac/ 73 KB
75 KB 109ms
108ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/6683dd74-9978-471f-9617-e5416a6328ac/FPLS_FBSWC2024_Thumbnail_01?io=transform:fill,aspectratio:106x75,width:1440&quality=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4e8a291e11bb589fd1aad0db9544896d93079df0fcba6b4b7cac40c5e33ce54b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 13:01:45 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2094614
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="FPLS_FBSWC2024_Thumbnail_01.webp"; filename*=UTF-8''FPLS_FBSWC2024_Thumbnail_01.webp
content-length: 74860
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 249e0972-69f5-a5ba-1c3f-35db098e91f9
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: t0DoDSp_o5ZWpIPUke_krsAyMjWFBYGSDillnW7-LcITzKHaIQjbiw==

GET
H2 200 Olympics-Paris-2024-Logo
digitalhub.fifa.com/transform/b4d0cf3d-795e-438c-9b59-753a030d2e24/ 46 KB
48 KB 108ms
107ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/b4d0cf3d-795e-438c-9b59-753a030d2e24/Olympics-Paris-2024-Logo?io=transform:fill,aspectratio:106x75,width:1440&quality=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d9419a242f2612bfd1ca9f14c60f29e662a433d85ed813e0b4aee98b6a0582de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 14:03:26 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 9434913
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Olympics-Paris-2024-Logo.webp"; filename*=UTF-8''Olympics-Paris-2024-Logo.webp
content-length: 47122
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 2757de9c-ac55-068a-7232-e7b5aa635984
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: i-rbRYCgyFxNonsStoSfqd0gdCsgW4CcuXEPRPrKNVBjR-dhl56xiw==

GET
H2 200 FIFA-Futsal-World-Cup-Colombia-2016-Trophies
digitalhub.fifa.com/transform/42fc69c4-13e8-490d-9fc3-9c53c1a6fb87/ 55 KB
57 KB 120ms
119ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/42fc69c4-13e8-490d-9fc3-9c53c1a6fb87/FIFA-Futsal-World-Cup-Colombia-2016-Trophies?io=transform:fill,aspectratio:106x75,width:1440&quality=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20f1a9de0facf493369c80aeb3e6649df5ee30817ae53e053ad1632f81a62d7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 24 Sep 2023 06:03:09 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 11623730
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="FIFA-Futsal-World-Cup-Colombia-2016-Trophies.webp"; filename*=UTF-8''FIFA-Futsal-World-Cup-Colombia-2016-Trophies.webp
content-length: 56632
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 6b58edaa-2761-6d12-d3bc-fdb7efdab7f3
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: TK6GZ1dQbxNdT-K-MGxnUqKVEyWFPE3CojS8FCi7evPM_fdM9PQsXg==

GET
H2 200 FPS_FWC26_Hero_PostLaunch
digitalhub.fifa.com/transform/235ddd27-575c-405c-9568-ef6ef2d05ec4/ 58 KB
60 KB 121ms
120ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/235ddd27-575c-405c-9568-ef6ef2d05ec4/FPS_FWC26_Hero_PostLaunch?io=transform:fill,aspectratio:106x75,width:1440&quality=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ec5f0ed855a823e72cb6dc00613aff4e83cfe83bb428e9d1db01891247e51def

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 06:12:50 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 11882349
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="FPS_FWC26_Hero_PostLaunch.webp"; filename*=UTF-8''FPS_FWC26_Hero_PostLaunch.webp
content-length: 59632
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: c61f467c-5309-3034-9500-f9cb7acc8bc9
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: bsjGe9FlHa18fmgmTp8sDCtY1NG1S8CmODBhQhlUlhbXP_wQc15eVQ==

GET
H2 200 country_menu_bg_ca
digitalhub.fifa.com/transform/efdfee3f-ae38-4486-a7a1-3573f210ece1/ 21 KB
22 KB 126ms
123ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/efdfee3f-ae38-4486-a7a1-3573f210ece1/country_menu_bg_ca

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/56.a8d23d85.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20198ea05b33c2dcd1ae34d7fec2e879cbb0db8f730ce036f94310fcc3a1c2c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 13:32:26 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 7535973
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="country_menu_bg_ca.webp"; filename*=UTF-8''country_menu_bg_ca.webp
content-length: 21270
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 86c8e79c-cc71-e43c-ac32-d7d5e9c374c3
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: --6gBGGleRQ6bqfw-r40CnpUePhexUfgCxpZBAvQOk5bl5Qhj9YaYw==

GET
H2 200 country_menu_bg_mx
digitalhub.fifa.com/transform/34b4879c-2e54-45a0-9395-5a4b257714e1/ 24 KB
25 KB 132ms
129ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/34b4879c-2e54-45a0-9395-5a4b257714e1/country_menu_bg_mx

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/56.a8d23d85.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e976974bd2385b5c15551843801864c05d8b11021fb0c5e5715300017acc83f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 13:32:25 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 7535974
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="country_menu_bg_mx.webp"; filename*=UTF-8''country_menu_bg_mx.webp
content-length: 24576
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: a87f9ef4-d122-6e8d-b0ae-7ddfaf927a4f
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: suFIKJYZfY7ux8uiB6BpFMHlLtS1BstLUa-XdB__7O0oCggboRQg1g==

GET
H2 200 country_menu_bg_us
digitalhub.fifa.com/transform/3f679848-6068-44ee-8b0e-2d290bd5970a/ 21 KB
22 KB 131ms
129ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/3f679848-6068-44ee-8b0e-2d290bd5970a/country_menu_bg_us

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/56.a8d23d85.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ce92cf1c5f111f69ad492de0abe0a7d169cd437b7841c7c683852e7ce1bdac69

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 00:32:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 6459584
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="country_menu_bg_us.webp"; filename*=UTF-8''country_menu_bg_us.webp
content-length: 21270
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 07603a67-cbb7-9305-15dc-0054bd230d97
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: 9qdfoqskxq8hFT-YZA0hvuHAS3CpA-pw-CtGGGI793Y7bYBfoGjuPw==

GET
H2 200 FWC2026-UltraCondensedBold.0e7149b5.woff2
www.fifa.com/fifaplus/static/media/ 39 KB
43 KB 38ms
37ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/FWC2026-UltraCondensedBold.0e7149b5.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/main.827b374c.chunk.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48EF) /

Resource Hash

1b37c3e0644d4ef85cbc527ef0beb47586924966262a888b4e923da40219df26

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341851
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 39708
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48EF)
etag: W/"9b1c-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 NotoSans-Medium.2994073c.woff2
www.fifa.com/fifaplus/static/media/ 167 KB
172 KB 40ms
39ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/NotoSans-Medium.2994073c.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/main.827b374c.chunk.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48FD) /

Resource Hash

996f52a06e4470d3cc2ab1ddf13e1051ed0c41e2c2e519274b76859e3899dc59

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341851
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 171172
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48FD)
etag: W/"29ca4-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 FWC2026-NormalBlack.2bd896c8.woff2
www.fifa.com/fifaplus/static/media/ 45 KB
49 KB 45ms
43ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/FWC2026-NormalBlack.2bd896c8.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/main.827b374c.chunk.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48CD) /

Resource Hash

b854663e83865f46900ad48b0f947a586bc35a847725abb7aadccc4fcafb6f8f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341851
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 45620
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48CD)
etag: W/"b234-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 FWC2026-CondensedLight.c11e508e.woff2
www.fifa.com/fifaplus/static/media/ 41 KB
46 KB 119ms
118ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/FWC2026-CondensedLight.c11e508e.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/main.827b374c.chunk.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48A6) /

Resource Hash

1c26f0664910e31e9c4f2971cfc67c54a7a295777d7497e59b846e2d6b5e98f0

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341851
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 42396
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48A6)
etag: W/"a59c-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 FWC2026-SemiExpandedBlack.e378fa1c.woff2
www.fifa.com/fifaplus/static/media/ 45 KB
50 KB 123ms
122ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/FWC2026-SemiExpandedBlack.e378fa1c.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/main.827b374c.chunk.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48F4) /

Resource Hash

2d6b8f53d1e25822116c74ad810425792696f6cba8759e1f60c964c0e616a7c9

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341851
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 46512
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48F4)
etag: W/"b5b0-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 FWC2026-ExpandedBlack.e49451e9.woff2
www.fifa.com/fifaplus/static/media/ 43 KB
48 KB 84ms
83ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/FWC2026-ExpandedBlack.e49451e9.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/main.827b374c.chunk.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/489F) /

Resource Hash

04492174a44ec7cdff662765038cfd7cdef1cec8d8c83748599f7e30c2116dec

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341851
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 44508
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/489F)
etag: W/"addc-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 wallsio-widget-1.2.js Show response
walls.io/js/ 16 KB
5 KB 125ms
34ms Script
application/javascript 18.197.160.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://walls.io/js/wallsio-widget-1.2.js

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/main.b40ad3f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.197.160.1 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-197-160-1.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6351e8ab6ab8b105d6394c01ef86cf2e437fe78267b6bb5cd3dec84e01ea56ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Mon, 05 Feb 2024 19:51:59 GMT
date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 05 Feb 2024 11:17:11 GMT
server: nginx
content-encoding: gzip
etag: W/"65c0c3b7-3f2b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=3600, public
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge

GET
H2 200 3sAylRL5CDbaMWLqJOgBAH Show response
cxm-api.fifa.com/fifaplusweb/api/videoPlayerData/ 2 KB
2 KB 441ms
441ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/videoPlayerData/3sAylRL5CDbaMWLqJOgBAH?locale=es&isPreviewVideo=true

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (amb/6A9E) /

Resource Hash

2021461ef5be80a0804e071c4daad1d93f931d5c338201907dc4194cb2e34807

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
referrer-policy: same-origin, same-origin
x-content-type-options: nosniff, nosniff
server: ECAcc (amb/6A9E)
x-azure-ref: 20240205T185159Z-3q8pz3ntnd2hv8xhna82u1qae0000000056000000000czu8
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324

GET
H2 200 Need-to-know-01b
digitalhub.fifa.com/transform/0246ced6-8291-48f5-9f51-cbfe22c454c2/ 167 B
2 KB 84ms
82ms Image
image/svg+xml 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/0246ced6-8291-48f5-9f51-cbfe22c454c2/Need-to-know-01b?io=transform:fill,aspectratio:3x4,height:312&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6870aa293c721c746438ab6d4d9ff3f9b15a126618bdf920a07f4ab5baad4b09

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 01:17:48 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 8184851
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Need-to-know-01b.svg"; filename*=UTF-8''Need-to-know-01b.svg
content-length: 167
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/svg+xml
access-control-allow-origin: *
x-api-correlation-id: 10ab1afc-7d7d-75a8-1715-e134b53d59eb
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: w1Nlvck_kEhTXiyXiK9W4mJidq2gffVk0CKKr2DEeYMQgfmMH1fPkQ==

GET
H2 200 Need-to-know-02a
digitalhub.fifa.com/transform/89816922-4ac0-4c07-bf0f-1001a925a1a5/ 167 B
2 KB 102ms
101ms Image
image/svg+xml 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/89816922-4ac0-4c07-bf0f-1001a925a1a5/Need-to-know-02a?io=transform:fill,aspectratio:3x4,height:312&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

981a2df29fe9b8dbd2a31f577d909b5ae84dc7d4af19f5664523b31eefcdcef2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 16:55:57 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4154162
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Need-to-know-02a.svg"; filename*=UTF-8''Need-to-know-02a.svg
content-length: 167
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/svg+xml
access-control-allow-origin: *
x-api-correlation-id: 97f07d62-62ed-6171-f216-685a601da5c9
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: JSP42URbi36hGm2DYAbDrNLa3_8rNP1TjePerk2HruBDJ-pp_vAAqw==

GET
H2 200 Need-to-know-02b
digitalhub.fifa.com/transform/62b467d9-9923-45a9-87a6-f647b2c6ac46/ 167 B
2 KB 90ms
88ms Image
image/svg+xml 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/62b467d9-9923-45a9-87a6-f647b2c6ac46/Need-to-know-02b?io=transform:fill,aspectratio:3x4,height:312&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

42e3c0f43f37caca83ab160c10be1f52f5daeff6cd0da126a71a79ab48806cf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 15:48:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 11675024
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Need-to-know-02b.svg"; filename*=UTF-8''Need-to-know-02b.svg
content-length: 167
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/svg+xml
access-control-allow-origin: *
x-api-correlation-id: dd540f25-ac94-9095-8af6-fbb15c23ca75
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: z74mDJuXubfSNG4v_DNdwCinwheoRGUDYpoFIzqUZ4B1wg4G3qpy9w==

GET
H2 200 Need-to-know-03b
digitalhub.fifa.com/transform/c21d581e-f921-455a-b57e-1037bfd94950/ 167 B
2 KB 88ms
87ms Image
image/svg+xml 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/c21d581e-f921-455a-b57e-1037bfd94950/Need-to-know-03b?io=transform:fill,aspectratio:3x4,height:312&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

bbd5787740e2dc5cfabf53e8dbb910927056f44000f22d746fdbbddd7bba63bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 22:29:06 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4738973
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Need-to-know-03b.svg"; filename*=UTF-8''Need-to-know-03b.svg
content-length: 167
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/svg+xml
access-control-allow-origin: *
x-api-correlation-id: e192488f-1861-72fc-1b44-fcf1db00147c
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: -74r5q5R0-PTX4wdhGcvsX29me_epY-vpE2sGrHg0RiX2JNCj9F4mQ==

GET
H2 200 Need-to-know-04a
digitalhub.fifa.com/transform/532670c8-b872-46d1-b265-e42a0957517b/ 167 B
2 KB 90ms
90ms Image
image/svg+xml 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/532670c8-b872-46d1-b265-e42a0957517b/Need-to-know-04a?io=transform:fill,aspectratio:3x4,height:312&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

aea236ef70c30d8fe320a012c774ea8cee7c5aa4ffa943c91472c911880bc53c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:59:48 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 10050731
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Need-to-know-04a.svg"; filename*=UTF-8''Need-to-know-04a.svg
content-length: 167
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/svg+xml
access-control-allow-origin: *
x-api-correlation-id: 495b0ebc-35c9-5491-8005-cfc840d32b09
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: 1NQHV4-izk1JcDUUVphLqafv5EIGnENDeq-BfTx3290RCFO3WXCnwA==

GET
H2 200 Hero_image-1
digitalhub.fifa.com/transform/278fbc25-8253-44e7-a13f-725c63acf834/ 30 KB
32 KB 56ms
41ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/278fbc25-8253-44e7-a13f-725c63acf834/Hero_image-1?io=transform:fill,width:1600&quality=50

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f1fca6ca91d263eb28f9f19c324dd4e327288520a2229a5f7008e0fa96795e57

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 07:02:34 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 474565
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Hero_image-1.webp"; filename*=UTF-8''Hero_image-1.webp
content-length: 30898
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 21e252f4-87bc-f566-090e-ba5598e63080
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: DU3GS8hgx_U_yK1jycsH_xnqxh2uluaQiT-zZOfdmWtLflpRfdQyEA==

GET
H2 200 FWC2026-UltraCondensedBlack.8e6ba053.woff2
www.fifa.com/fifaplus/static/media/ 37 KB
42 KB 38ms
37ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/FWC2026-UltraCondensedBlack.8e6ba053.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/main.827b374c.chunk.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48A0) /

Resource Hash

d5cc99b66288d5ad06890ba94fe2b09ebe81ee2b133691dc34b334b35a4c0c96

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341851
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 38184
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48A0)
etag: W/"9528-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 FWC2026-CondensedBlack.adf42119.woff2
www.fifa.com/fifaplus/static/media/ 41 KB
45 KB 40ms
40ms Font
font/woff2 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/static/media/FWC2026-CondensedBlack.adf42119.woff2

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/main.827b374c.chunk.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48A4) /

Resource Hash

372480f2a0bd04ffa56262e105c5d3d14a2912858257bbb36724a14c84a60aa7

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.fifa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
date: Mon, 05 Feb 2024 18:51:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341851
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 41692
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:44:00 GMT
server: ECAcc (ama/48A4)
etag: W/"a2dc-18bfca34380"
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 573c87f5f6b74aa8b917273f8d04e1c2.json Show response
content.uplynk.com/player/assetinfo/ 1 KB
2 KB 45ms
45ms Fetch
application/json 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content.uplynk.com/player/assetinfo/573c87f5f6b74aa8b917273f8d04e1c2.json?pbs=b1553ea8f8a7484a93e32b8ba8515550

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

78417ebbea63f1b233530be6e839bb6e5e7123c2c3c6602f37fad3eb5a331fc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
content-type: application/json
access-control-allow-origin: *
x-services: 96f4961f5a044ffb8d43f73a58ec7c95
content-length: 1425
x-xss-protection: 1; mode=block

GET
H2 200 Hero_image-1
digitalhub.fifa.com/transform/278fbc25-8253-44e7-a13f-725c63acf834/ 116 KB
118 KB 26ms
25ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/278fbc25-8253-44e7-a13f-725c63acf834/Hero_image-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3bbabe65bdd88e54e75306bfb98834d80ae4ee3b04cbc5d910af2ad6121171fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 22:05:26 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 10788393
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Hero_image-1.webp"; filename*=UTF-8''Hero_image-1.webp
content-length: 118814
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 404c6372-25fe-8cd7-32d8-613f6deeaf2b
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: zQDECVoLEkd0J-GyYed7kk9UXE0EshKQmFI8EnXwgjD83zhT7uVZkQ==

GET
H2 200 theoplayer.e.js
www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/ 157 KB
57 KB 38ms
37ms Other
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/theoplayer.e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4884) /

Resource Hash

a801f2d1cd1a2fa11922c5b14f0d8bd072dd8954e1472847b6e00425f9deec3e

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341883
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 53566
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:40:32 GMT
server: ECAcc (ama/4884)
etag: W/"2735f-18bfca01700"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 theoplayer.p.js
www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/ 99 KB
37 KB 40ms
39ms Other
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/theoplayer.p.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4896) /

Resource Hash

d2be63ad82addbd4d3e45024482d4ea32daaa8a01fb147ce3b7f797519225a4c

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:51:59 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341883
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 32960
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:40:32 GMT
server: ECAcc (ama/4896)
etag: W/"18b08-18bfca01700"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 aerMfiQKqh2oRlCS9XfUV52GzaiuqJhSpNkmIzvrBVS.m3u8 Show response
content-aeui1.uplynk.com/preplay2/573c87f5f6b74aa8b917273f8d04e1c2/30ee4c58b69ccdee3e9d52ae8e17b2f4/ 3 KB
960 B 73ms
49ms Fetch
application/vnd.apple.mpegurl 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/preplay2/573c87f5f6b74aa8b917273f8d04e1c2/30ee4c58b69ccdee3e9d52ae8e17b2f4/aerMfiQKqh2oRlCS9XfUV52GzaiuqJhSpNkmIzvrBVS.m3u8?pbs=b1553ea8f8a7484a93e32b8ba8515550

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

075b5ef17fffb5a8bf8653d408c34bc5f87d4ff80edf27538cafae6eca7d9a15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 3ebcbb7354934787981e040b32dea59e
content-length: 643
x-xss-protection: 1; mode=block

GET
H2 200 a.m3u8 Show response
content-aeui1.uplynk.com/573c87f5f6b74aa8b917273f8d04e1c2/ 3 KB
969 B 47ms
47ms Fetch
application/vnd.apple.mpegurl 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/573c87f5f6b74aa8b917273f8d04e1c2/a.m3u8?pbs=b1553ea8f8a7484a93e32b8ba8515550

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

93c546bd5f9d493bfbdc8cc9e62dd31143aac6cbae03beff91ddcd9f5d23b8b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:51:59 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 49d7a2fbe6dc4ee79812bb55aadf075b
content-length: 652
x-xss-protection: 1; mode=block

GET
H2 200 A00000000.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/ 124 KB
124 KB 148ms
30ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/A00000000.ts?pbs=b1553ea8f8a7484a93e32b8ba8515550&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=P3g_k0n71wGfdeD48y2_BuTk0eFxS49UmQ5kgEUw_S5nqAyVzv5ChI-HsV-U9tvlT_tXXHG4dezjA_FyV09pIwT_eW0dERfRe7iTSGEB89h1hWtyYdyauHIVomVR0megvzDU33KJRbgZqfXw1w6-H9s9RpK8qk9YSqmljXMV30wypdYK2C0fH7YMb74tQxmtks9VgOLpd597nvTfst1qSlMW2NtnJcC9sO7tCqm56Oliu5R9pq1H8XPk
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CA5) /
Resource Hash: 4ca514f5eb90ab8953dcc02b11f293e8931c6503ae9e4d3d6b5cbe5bf8f6cf60

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
age: 2087919
x-amz-request-id: BTVFGWQCYCJEMJ5W
x-amz-server-side-encryption: AES256
x-cache: HIT
cdn-request-id: 1749563657670351056911494737412313046311
content-length: 126912
x-amz-id-2: i7pUM2K2RMCtoS3+bGwlMExxlHcAM6TWy5W/DBLeVCKtjf0/3WzGmOeywhjy5CZR6YAAdAQ2XTk=
last-modified: Fri, 16 Jun 2023 10:41:32 GMT
server: ECAcc (frc/4CA5)
etag: "f65f90b805d98e219c40dafd244af611"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:51:59 GMT

GET
H2 200 b609a81a087f44e491688db54a0bca73.json Show response
content.uplynk.com/preplay/ 523 B
790 B 69ms
68ms Fetch
application/json 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content.uplynk.com/preplay/b609a81a087f44e491688db54a0bca73.json?v=2&tc=1%2C-1&rn=1275941998&exp=1707162719&ct=a&cid=b609a81a087f44e491688db54a0bca73&expand=Shared_Ad_Params%2CWeb_VOD_Params&ad.npa=1&ad.cust_params=npa%253D1&allow_cc_ad=1&sig=e676e35acecb8ee21d4a44bddf921f8e46f501a340bbd300ba0c861334b9417d&ad.sid=ff9481fa-8504-4c15-86af-be5385bf0e9e&ad.ppid=ff9481fa-8504-4c15-86af-be5385bf0e9e

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

930956c31c9e633f8c3c310cfb99b82ad1089bc05f607b64b397725a8c8429ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
content-type: application/json
access-control-allow-origin: *
x-services: 96f4961f5a044ffb8d43f73a58ec7c95
content-length: 523
x-xss-protection: 1; mode=block

GET
H2 200 Video_fallback_LA
digitalhub.fifa.com/transform/0a072c29-74b2-4951-848c-55432925e4d9/ 90 KB
91 KB 25ms
25ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/0a072c29-74b2-4951-848c-55432925e4d9/Video_fallback_LA?io=transform:fill,width:1600&quality=50

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b6731918e8554e8daa56f47bb28c04dd0b4a0e2cc0001a9d90a15be7806b0db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 07:02:34 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 474566
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Video_fallback_LA.webp"; filename*=UTF-8''Video_fallback_LA.webp
content-length: 91868
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: bb8cabff-7026-0abb-3234-d151c7c562df
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: 2Q4lwPUrwSlSmlscg1AIzwutC-7AUvXkQvk_dXsWIN_BQ_6eN2sTfA==

GET
H2 200 Video_fallback_LA
digitalhub.fifa.com/transform/0a072c29-74b2-4951-848c-55432925e4d9/ 90 KB
91 KB 25ms
25ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/0a072c29-74b2-4951-848c-55432925e4d9/Video_fallback_LA?io=transform:fill,width:1600&quality=50

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b6731918e8554e8daa56f47bb28c04dd0b4a0e2cc0001a9d90a15be7806b0db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 07:02:34 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 474566
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Video_fallback_LA.webp"; filename*=UTF-8''Video_fallback_LA.webp
content-length: 91868
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: bb8cabff-7026-0abb-3234-d151c7c562df
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: CSc0jGEL-LROLPP2cq8Ssx0ScINLF-ZWe_VyA8XkCX2r4sD1DEuFyw==

GET
H2 200 b609a81a087f44e491688db54a0bca73.json Show response
content.uplynk.com/player/assetinfo/ 1 KB
2 KB 47ms
47ms Fetch
application/json 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content.uplynk.com/player/assetinfo/b609a81a087f44e491688db54a0bca73.json?pbs=8f6a5cec91dd429baa1be6e22840d9f1

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cb31f0bd21d9df05deb34d2519227c4098df659dc89f0caeb222d8851097a722

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
content-type: application/json
access-control-allow-origin: *
x-services: 96f4961f5a044ffb8d43f73a58ec7c95
content-length: 1480
x-xss-protection: 1; mode=block

GET
H2 200 theoplayer.e.js
www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/ 157 KB
57 KB 39ms
37ms Other
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/theoplayer.e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4884) /

Resource Hash

a801f2d1cd1a2fa11922c5b14f0d8bd072dd8954e1472847b6e00425f9deec3e

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:52:00 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341884
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 53566
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:40:32 GMT
server: ECAcc (ama/4884)
etag: W/"2735f-18bfca01700"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 theoplayer.p.js
www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/ 99 KB
37 KB 41ms
40ms Other
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/theoplayer.p.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/4896) /

Resource Hash

d2be63ad82addbd4d3e45024482d4ea32daaa8a01fb147ce3b7f797519225a4c

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:52:00 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341884
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 32960
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:40:32 GMT
server: ECAcc (ama/4896)
etag: W/"18b08-18bfca01700"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 Video_fallback_LA
digitalhub.fifa.com/transform/0a072c29-74b2-4951-848c-55432925e4d9/ 408 KB
410 KB 23ms
23ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/0a072c29-74b2-4951-848c-55432925e4d9/Video_fallback_LA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d3652dc3aa942b89bddb0a04adcac6a8c36a8f50cbe8faa130442646d4d1d515

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 03:49:14 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 9558166
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Video_fallback_LA.webp"; filename*=UTF-8''Video_fallback_LA.webp
content-length: 418224
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: f0140323-ef26-29c4-0ac1-745564d23d11
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: 3Nae2YeCgktIuIPgter1jnevDj0c6hShspQ4wC-WBlAdHEPcF1M6Rw==

GET
H2 200 3bSODbZwiLSZ7VpdAGF90a54yTyIfprwWzdMSvC5DSPA.m3u8 Show response
content-aeui1.uplynk.com/preplay2/b609a81a087f44e491688db54a0bca73/30ee4c58b69ccdee3e9d52ae8e17b2f4/ 3 KB
953 B 52ms
51ms Fetch
application/vnd.apple.mpegurl 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/preplay2/b609a81a087f44e491688db54a0bca73/30ee4c58b69ccdee3e9d52ae8e17b2f4/3bSODbZwiLSZ7VpdAGF90a54yTyIfprwWzdMSvC5DSPA.m3u8?pbs=8f6a5cec91dd429baa1be6e22840d9f1

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e0cde5287d8c9f03804bc420e51ef211ae7c1e641e803dab4ad6fd18e4662678

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 3ebcbb7354934787981e040b32dea59e
content-length: 636
x-xss-protection: 1; mode=block

GET
H2 200 check2 Show response
content-aeui1.uplynk.com/ 16 B
311 B 50ms
50ms Fetch
application/octet-stream 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/check2?b=573c87f5f6b74aa8b917273f8d04e1c2&v=573c87f5f6b74aa8b917273f8d04e1c2&r=a&pbs=b1553ea8f8a7484a93e32b8ba8515550

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a25bc6588d5b2e1e21c5ab6e5df559abb0c03546346f21adb3e21d3aa163e8ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 3ebcbb7354934787981e040b32dea59e
content-length: 16
x-xss-protection: 1; mode=block

GET
H2 200 a.m3u8 Show response
content-aeui1.uplynk.com/b609a81a087f44e491688db54a0bca73/ 10 KB
1010 B 50ms
50ms Fetch
application/vnd.apple.mpegurl 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/b609a81a087f44e491688db54a0bca73/a.m3u8?pbs=8f6a5cec91dd429baa1be6e22840d9f1

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

96b774257ae8221244fc3a8d31055d99b6acb71d6bfc7e81f2d3a428c5b18267

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 49d7a2fbe6dc4ee79812bb55aadf075b
content-length: 693
x-xss-protection: 1; mode=block

GET
H2 200 A00000001.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/ 127 KB
127 KB 26ms
26ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/A00000001.ts?pbs=b1553ea8f8a7484a93e32b8ba8515550&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=P3g_k0n71wGfdeD48y2_BuTk0eFxS49UmQ5kgEUw_S5nqAyVzv5ChI-HsV-U9tvlT_tXXHG4dezjA_FyV09pIwT_eW0dERfRe7iTSGEB89h1hWtyYdyauHIVomVR0megvzDU33KJRbgZqfXw1w6-H9s9RpK8qk9YSqmljXMV30wypdYK2C0fH7YMb74tQxmtks9VgOLpd597nvTfst1qSlMW2NtnJcC9sO7tCqm56Oliu5R9pq1H8XPk
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CC4) /
Resource Hash: e734c6c209e6222eb5260d2fab3a5bfcc0685e6c11f18557fc670fec0f1ba140

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
age: 2087912
x-amz-request-id: CDCNYDJE8RGTSMW1
x-amz-server-side-encryption: AES256
x-cache: HIT
cdn-request-id: 1284102379237828539418279864913127523319
content-length: 129920
x-amz-id-2: 7pqfj1zafV5B5DmmJYiWK1wBZczdpt9fnFBzsj8y3cJrUs2CVPEfKjPkZspGEpTjP0OsaRcaL1k=
last-modified: Fri, 16 Jun 2023 10:41:35 GMT
server: ECAcc (frc/4CC4)
etag: "a408fefbb4232ba8def74ac15eecc7c5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:51:59 GMT

GET
H2 200 theoplayer.d.js
www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/ 93 KB
35 KB 38ms
37ms Other
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/theoplayer.d.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48F8) /

Resource Hash

dbe20b537ed17fbff493b74a70886e185a60bf42591b65fbe9b6f1a272a8d4f4

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:52:00 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341882
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 30931
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:40:32 GMT
server: ECAcc (ama/48F8)
etag: W/"174bb-18bfca01700"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 j.m3u8 Show response
content-aeui1.uplynk.com/573c87f5f6b74aa8b917273f8d04e1c2/ 3 KB
972 B 48ms
48ms Fetch
application/vnd.apple.mpegurl 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/573c87f5f6b74aa8b917273f8d04e1c2/j.m3u8?pbs=b1553ea8f8a7484a93e32b8ba8515550

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

1eefe01a843ee60ae0111c55d2b47439a600e8a3c0b39807e9f8041bbade3d34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 49d7a2fbe6dc4ee79812bb55aadf075b
content-length: 655
x-xss-protection: 1; mode=block

GET
H2 200 A00000000.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/ 145 KB
145 KB 28ms
27ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/A00000000.ts?pbs=8f6a5cec91dd429baa1be6e22840d9f1&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=dUxuWE-a3RbQHZVX8YXMhPfA8rYlJaJAbXOxiUbg9JRslJ9WeIR3NixgH6DnbZstmZyYHFDkgntaDJfgTXlpx7r7UcnFuY7dyl1bR5kdvszEGdC73HPyB1ZUZifYsTDEuSMeVi2V9xyRrddwq_bdYwE6lykVoTbnzFREXbodh4nsB2JMPqUa2_S2XheRei2qgtKGSrxadwi0pe29vchtArJE8V_3wDeWHCajXBdnk-x-cg-b-3gcQubz
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CA9) /
Resource Hash: bf3367e6708664e5ab5cf7521c662b6bb9cfb239c3f6a1bc464247e49217ad9f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
age: 2057724
x-amz-request-id: WSQP50HDKR1Y5SKZ
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 497501818414264636718086183685876596118
content-length: 147968
x-amz-id-2: yRghmcEK9O2aZsVjWXRpNvmZNDdxV91/iGo4ARwb0OJ1sWvcQGgUrcwepoc74o3+xRg4KtN1hYAERM6GAYx5LQ==
last-modified: Wed, 17 May 2023 22:18:28 GMT
server: ECAcc (frc/4CA9)
etag: "3f20a684851c4e8abd13619a53d3a50e"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:51:59 GMT

GET
H2 200 check2 Show response
content-aeui1.uplynk.com/ 16 B
311 B 47ms
47ms Fetch
application/octet-stream 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/check2?b=b609a81a087f44e491688db54a0bca73&v=b609a81a087f44e491688db54a0bca73&r=a&pbs=8f6a5cec91dd429baa1be6e22840d9f1

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2b0c0075a033682efadba78fe375d9895f5a28a366979725040eb3772a0bb4cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 49d7a2fbe6dc4ee79812bb55aadf075b
content-length: 16
x-xss-protection: 1; mode=block

GET
H2 200 j.m3u8 Show response
content-aeui1.uplynk.com/573c87f5f6b74aa8b917273f8d04e1c2/ 3 KB
968 B 48ms
47ms Fetch
application/vnd.apple.mpegurl 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/573c87f5f6b74aa8b917273f8d04e1c2/j.m3u8?pbs=b1553ea8f8a7484a93e32b8ba8515550

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

563ea20c87d563afa1fe47cfc36a4d71e68650c95018c7c4da66a4c58042da39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 96f4961f5a044ffb8d43f73a58ec7c95
content-length: 650
x-xss-protection: 1; mode=block

GET
H2 200 j.m3u8 Show response
content-aeui1.uplynk.com/b609a81a087f44e491688db54a0bca73/ 10 KB
1013 B 47ms
46ms Fetch
application/vnd.apple.mpegurl 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/b609a81a087f44e491688db54a0bca73/j.m3u8?pbs=8f6a5cec91dd429baa1be6e22840d9f1

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7ab12143573b5af61efad20a15f06a2661b1e3af60473f594884675cfd6f6cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 49d7a2fbe6dc4ee79812bb55aadf075b
content-length: 696
x-xss-protection: 1; mode=block

POST
H2 200 / Show response
license.theoplayer.com/ 0
194 B 95ms
23ms Fetch 151.101.193.91
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://license.theoplayer.com/
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.91 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

x-cache-hits: 0
date: Mon, 05 Feb 2024 18:52:00 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1707159121.508951,VS0,VE1
x-cache: HIT
access-control-allow-methods: GET, HEAD, POST
access-control-allow-origin: *
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-fra-eddf8230092-FRA

GET
H2 200 theoplayer.d.js
www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/ 93 KB
35 KB 38ms
38ms Other
application/javascript 152.199.19.82
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/fifaplus/vendor/theoplayer.13b559657e4beee9d9d5899594caaad2/theoplayer.d.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.82 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ama/48F8) /

Resource Hash

dbe20b537ed17fbff493b74a70886e185a60bf42591b65fbe9b6f1a272a8d4f4

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 05 Feb 2024 18:52:00 GMT
strict-transport-security: max-age=15552000; includeSubDomains
age: 6341882
x-cache: HIT
cross-origin-resource-policy: same-origin
content-length: 30931
x-xss-protection: 0
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
referrer-policy: no-referrer
last-modified: Thu, 23 Nov 2023 14:40:32 GMT
server: ECAcc (ama/48F8)
etag: W/"174bb-18bfca01700"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
accept-ranges: bytes

GET
H2 200 CJNaWUNfccP1SmO8PfhCn Show response
cxm-api.fifa.com/fifaplusweb/api/sections/heroModule/ 11 KB
3 KB 32ms
32ms XHR
application/json 68.232.34.143
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cxm-api.fifa.com/fifaplusweb/api/sections/heroModule/CJNaWUNfccP1SmO8PfhCn?locale=es

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

68.232.34.143 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/67ED) /

Resource Hash

492457408b7df55dd4220aaebd37dda7d1cbf4cfd5e9ab7a6c934d0ed0bdd035

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	sameorigin, sameorigin
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=63072000; includeSubDomains, max-age=63072000; includeSubDomains
age: 2
x-cache: HIT
content-length: 3104
x-xss-protection: 1; mode=block, 1; mode=block
request-context: appId=cid-v1:5d31a4ac-bee1-416e-88cd-f2c6ceb03324
referrer-policy: same-origin, same-origin
last-modified: Mon, 05 Feb 2024 18:51:59 GMT
server: ECAcc (frb/67ED)
vary: Accept-Encoding
x-azure-ref: 20240205T185158Z-uwnas4g95t3mba7xshkk3qpgt400000007g000000000ztk8
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1, s-maxage=600
access-control-allow-credentials: true
x-frame-options: sameorigin, sameorigin

GET
H2 200 J00000000.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/ 2 MB
2 MB 27ms
26ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/J00000000.ts?pbs=b1553ea8f8a7484a93e32b8ba8515550&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=dvlHXQqMITcvEs83dBsTEX64N5_gYgZCT6GB2s1XTDD9PDJFcn9ZXAR0KFnkLrq8bW_a7parrGG8WgxnaAg1WLRh-Qk-gipWB4wdiRGysoPEsh0WAwi8keXVi7FBrQQPyx5g98diA3ZsfubKW13E4bOxVRQWYbBfTKy2GmYhjmAEOqUuMKA__ootFbODBQlJb5pD-p7LPEIPfskMriEko99DLlh-_4t36yQ7J8vjX2rvkYzo1msY77H6
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CFD) /
Resource Hash: e2cfc92eac61d799e0219eecd4f31ffe471428841092750cedf707de2400038a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
age: 2087800
x-amz-request-id: K7RTN0E3R4EH9PW7
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 50513169202641276403887285053605856902
content-length: 2112192
x-amz-id-2: gd5s5ET2Ld4dfz5V0Mp9tpaUEzXmos13VeOb5mPigL8eyGf2e+0UfoikCFoNnjD0yXbrSpZOGzw=
last-modified: Fri, 16 Jun 2023 10:41:32 GMT
server: ECAcc (frc/4CFD)
etag: "099d01b4ce9741973e493f2e61587090"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:51:59 GMT

GET
H2 200 General-Graphic-3840-x-2160-8
digitalhub.fifa.com/transform/4e4717fc-7f87-4ea4-b989-7f5730ec94ae/ 33 KB
35 KB 26ms
24ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/4e4717fc-7f87-4ea4-b989-7f5730ec94ae/General-Graphic-3840-x-2160-8?io=transform:fill,height:768,width:1440&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5ece7b95aa11de4d07f7cfb35e4ac92326b94f2169812e5ed9b992511b5b5e4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 21:25:23 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 77197
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="General-Graphic-3840-x-2160-8.webp"; filename*=UTF-8''General-Graphic-3840-x-2160-8.webp
content-length: 33888
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: b34abc68-bede-6918-c4d3-eaae0ee26d76
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: SDQYwAE0cloe7MUA3GpavQd8zLi6Qv1BtmvtYVD1cTiloHiFH4vHXw==

GET
H2 200 FWC26_Hospitality_Register-your-interest_Banner
digitalhub.fifa.com/transform/22bde446-b5dd-4e59-9474-f8b3d801074b/ 37 KB
39 KB 27ms
25ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/22bde446-b5dd-4e59-9474-f8b3d801074b/FWC26_Hospitality_Register-your-interest_Banner?io=transform:fill,height:768,width:1440&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

21484bdbfbdded8276f66117a5e7176b5b98f083093ad35b64e1f00f697d7d29

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 23:33:22 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 69518
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="FWC26_Hospitality_Register-your-interest_Banner.webp"; filename*=UTF-8''FWC26_Hospitality_Register-your-interest_Banner.webp
content-length: 38216
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: efd0a5fb-26e8-73b3-677c-86ed4e0c17ed
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: uaSUPmCclRj8-2qTqQs6vW_HhypviBcSjzACeB6oyHBahQxaQPedLQ==

GET
H2 200 FIFA-World-Cup-2026-Match-Schedule-Announcement
digitalhub.fifa.com/transform/6ca55d4c-939e-41f4-a652-065ec1788bb8/ 101 KB
103 KB 51ms
50ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/6ca55d4c-939e-41f4-a652-065ec1788bb8/FIFA-World-Cup-2026-Match-Schedule-Announcement?io=transform:fill,height:768,width:1440&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

fb5d5c0ed919a963f62d1cf62e7b2f077f06904f1981b40c99eabdcf586cd4a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 10:13:17 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 31123
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="FIFA-World-Cup-2026-Match-Schedule-Announcement.webp"; filename*=UTF-8''FIFA-World-Cup-2026-Match-Schedule-Announcement.webp
content-length: 103468
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 653dd915-61a4-0e55-138f-67c12b854447
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: LJM22Beh1KJbw4FgsZ2Asqv8aE3CP3INmVA19gN7IwZnCD2oi3SayQ==

GET
H2 200 Image-FWC-Maradona-at-the-World-Cup
digitalhub.fifa.com/transform/31ac7e16-ad8a-42d2-920b-16140f871fe8/ 65 KB
66 KB 39ms
38ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/31ac7e16-ad8a-42d2-920b-16140f871fe8/Image-FWC-Maradona-at-the-World-Cup?io=transform:fill,height:768,width:1440&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

323c5fc4ff347e7b1f10c1bbeb9600dda2818f78cceb9dfcbd962b1e0be83417

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 10:05:48 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 290772
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="Image-FWC-Maradona-at-the-World-Cup.webp"; filename*=UTF-8''Image-FWC-Maradona-at-the-World-Cup.webp
content-length: 66320
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: 4356a189-8ad0-284a-554d-c7299d147714
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: jkzLyx4R-8Db_jh5yzCmenwzz5cadP4e6IDB5R5FxqrDmWVYH1nM4A==

GET
H2 200 1990-World-Cup-Finals-Milan-Italy-8th-June-1990-Argentina-0-v-Cameroon-1-Cameroon-players-pile-on-top-of-each-other-as-they-celebrate-the-only-goal-scored-by-Omam-Biyick-Photo-by-Bob-Thomas-Sports-...
digitalhub.fifa.com/transform/bcee1eb2-5e1a-4509-a753-f04ce6123936/ 127 KB
129 KB 43ms
42ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/bcee1eb2-5e1a-4509-a753-f04ce6123936/1990-World-Cup-Finals-Milan-Italy-8th-June-1990-Argentina-0-v-Cameroon-1-Cameroon-players-pile-on-top-of-each-other-as-they-celebrate-the-only-goal-scored-by-Omam-Biyick-Photo-by-Bob-Thomas-Sports-Photography-via-Getty-Images?io=transform:fill,height:768,width:1440&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

75d04643c461b0070802e56e935a7486187f88b2abfd4924e88f61a071df7485

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 08:26:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 383156
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="1990-World-Cup-Finals-Milan-Italy-8th-June-1990-Argentina-0-v-Cameroon-1-Cameroon-players-pile-on-top-of-each-other-as-they-celebrate-the-only-goal-scored-by-Omam-Biyick-Photo-by-Bob-Thomas-Sports-Photography-via-Getty-Images.webp"; filename*=UTF-8''1990-World-Cup-Finals-Milan-Italy-8th-June-1990-Argentina-0-v-Cameroon-1-Cameroon-players-pile-on-top-of-each-other-as-they-celebrate-the-only-goal-scored-by-Omam-Biyick-Photo-by-Bob-Thomas-Sports-Photography-via-Getty-Images.webp
content-length: 129740
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: ba0c4650-f772-a361-2bd5-8412b839bc06
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: rvpx_PxhRvRpo-bZjYyR5pyP-w2fLbg7tf4pc-lXUWCoFCtpBoMMRw==

GET
H2 200 FPS_UnifyPattern03b_SideHeader_DT
digitalhub.fifa.com/transform/3f9c2ccb-d1d2-4bfb-9f27-7cd1ffc34c03/ 9 KB
11 KB 40ms
39ms Image
image/webp 2600:9000:223f:d000:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/3f9c2ccb-d1d2-4bfb-9f27-7cd1ffc34c03/FPS_UnifyPattern03b_SideHeader_DT

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/css/56.a8d23d85.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:d000:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e11bcc619c859795164e5937905533db9bda531dc7214360f32461f4e944699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 02:05:19 GMT
strict-transport-security: max-age=63072000; includeSubdomains
x-content-type-options: nosniff
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 7145201
content-security-policy-report-only: default-src 'self'; child-src https://*; connect-src 'self' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net wss://digitalhub.fifa.com https://staging2-apiv2.webdamdb.com/oauth2/token https://apiv2.webdamdb.com/oauth2/token; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://d1gx5xnbxsi8e4.cloudfront.net https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com fast.appcues.com; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=54eb95cff224477bbb80958bc3e5f251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="FPS_UnifyPattern03b_SideHeader_DT.webp"; filename*=UTF-8''FPS_UnifyPattern03b_SideHeader_DT.webp
content-length: 9278
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: nginx
content-type: image/webp
access-control-allow-origin: *
x-api-correlation-id: dd09f782-cf5a-6af2-e6bd-4e16f5da3a83
cache-control: public, max-age=900, s-maxage=15552000
permissions-policy: camera=(), geolocation=(), microphone=()
x-amz-cf-id: cRb0ig4KYzz1g4njfbxrKhdMkimvRsE5cOItu5rMRd7qnn_-ogX_qw==

POST
H2 200 / Show response
license.theoplayer.com/ 0
56 B 22ms
21ms Fetch 151.101.193.91
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://license.theoplayer.com/
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.91 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

x-cache-hits: 0
date: Mon, 05 Feb 2024 18:52:00 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1707159121.838818,VS0,VE1
x-cache: HIT
access-control-allow-methods: GET, HEAD, POST
access-control-allow-origin: *
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-fra-eddf8230092-FRA

GET
H2 200 j.m3u8 Show response
content-aeui1.uplynk.com/b609a81a087f44e491688db54a0bca73/ 10 KB
1010 B 48ms
47ms Fetch
application/vnd.apple.mpegurl 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/b609a81a087f44e491688db54a0bca73/j.m3u8?pbs=8f6a5cec91dd429baa1be6e22840d9f1

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

37a05cf00e018a335aa4bea0e43812929c13d3dd550525661ceab973efc14e6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
content-encoding: br
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 3ebcbb7354934787981e040b32dea59e
content-length: 693
x-xss-protection: 1; mode=block

GET
H2 200 J00000000.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/ 3 MB
3 MB 142ms
138ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/J00000000.ts?pbs=8f6a5cec91dd429baa1be6e22840d9f1&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=ajJuBB2NX9HwpIYn6TtKa7egM4Ezu53AaSZmu-kMC2Iel2ECQP8-jLtnL2wZ8nKhoZjAThjTc-7AD5FzrpRj2dJiLQTEUleo2lYmPOQQfJVG56fzXFIbFFZ1LwoE-4_KYuf8l-wzXK7WG4m8ILVZfcDIV9hSL8wD-A-e_HJOFIXpk55KwKgFX1ZS9FgNmwPVLmrUIRQ-ZLQMMQy30dxMgf1NyFecXsiK6KKxxD9oTGPzjUAzC-BL6q2N
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CC0) /
Resource Hash: 8b8939d4dff9694971bfe9dcb5a82e48052fb7c0f24e6f55f6acc709ce06a1d6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:00 GMT
age: 2057679
x-amz-request-id: AWB884K7MJHWQ5RZ
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 33023164040382575165157548364779638683
content-length: 2722816
x-amz-id-2: kgNP6snnpuvCYoXIfSLWQ0eJ/VdH+hShZUf1ttGcoaUxv1bB+d1hN5MS0DI5SSnxQECNK4qmi87Ao7FPy0aiEw==
last-modified: Wed, 17 May 2023 22:18:28 GMT
server: ECAcc (frc/4CC0)
etag: "fd43396853172f68b075a2bcd6b5ec01"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:51:59 GMT

GET
H2 200 check2 Show response
content-aeui1.uplynk.com/ 16 B
312 B 47ms
47ms Fetch
application/octet-stream 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/check2?b=573c87f5f6b74aa8b917273f8d04e1c2&v=573c87f5f6b74aa8b917273f8d04e1c2&r=j&pbs=b1553ea8f8a7484a93e32b8ba8515550

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cf24857ffe0daf1dee181dba65aa08bc61db109a67f02a3c560965dc1f198485

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 96f4961f5a044ffb8d43f73a58ec7c95
content-length: 16
x-xss-protection: 1; mode=block

GET
H2 200 J00000001.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/ 1 MB
1 MB 119ms
118ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/J00000001.ts?pbs=b1553ea8f8a7484a93e32b8ba8515550&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=dvlHXQqMITcvEs83dBsTEX64N5_gYgZCT6GB2s1XTDD9PDJFcn9ZXAR0KFnkLrq8bW_a7parrGG8WgxnaAg1WLRh-Qk-gipWB4wdiRGysoPEsh0WAwi8keXVi7FBrQQPyx5g98diA3ZsfubKW13E4bOxVRQWYbBfTKy2GmYhjmAEOqUuMKA__ootFbODBQlJb5pD-p7LPEIPfskMriEko99DLlh-_4t36yQ7J8vjX2rvkYzo1msY77H6
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CEB) /
Resource Hash: 84dfd0e54b4925642917b11cbb1e9b46e50a3acfd4f2bd2a2fd7d61cb12b36ac

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:01 GMT
age: 2087799
x-amz-request-id: SR8E5D1TBPGSNGYN
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 912306120364344871911576407870066022479
content-length: 1534656
x-amz-id-2: NZu9V3Po45VTw/RiJcVPhbID5otXjLG5JBrApHDxXMM43ci2W6RF37KTmyJJ2vbAGK9JGfNTHHs=
last-modified: Fri, 16 Jun 2023 10:41:35 GMT
server: ECAcc (frc/4CEB)
etag: "b3ddb3c64f07acdda0b84c3858c6d283"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:52:00 GMT

GET
H2 200 check2 Show response
content-aeui1.uplynk.com/ 16 B
311 B 55ms
55ms Fetch
application/octet-stream 2a05:d018:11d:9e00:a450:2133:625e:b343
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://content-aeui1.uplynk.com/check2?b=b609a81a087f44e491688db54a0bca73&v=b609a81a087f44e491688db54a0bca73&r=j&pbs=8f6a5cec91dd429baa1be6e22840d9f1

Requested by

Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:11d:9e00:a450:2133:625e:b343 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7c32cdc1ab5835d3388537d770517d557b340c5bd1fe95ca8115e68b5a559e98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: nginx
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache, no-store
x-services: 3ebcbb7354934787981e040b32dea59e
content-length: 16
x-xss-protection: 1; mode=block

GET
H2 200 J00000001.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/ 3 MB
3 MB 51ms
50ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/J00000001.ts?pbs=8f6a5cec91dd429baa1be6e22840d9f1&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=ajJuBB2NX9HwpIYn6TtKa7egM4Ezu53AaSZmu-kMC2Iel2ECQP8-jLtnL2wZ8nKhoZjAThjTc-7AD5FzrpRj2dJiLQTEUleo2lYmPOQQfJVG56fzXFIbFFZ1LwoE-4_KYuf8l-wzXK7WG4m8ILVZfcDIV9hSL8wD-A-e_HJOFIXpk55KwKgFX1ZS9FgNmwPVLmrUIRQ-ZLQMMQy30dxMgf1NyFecXsiK6KKxxD9oTGPzjUAzC-BL6q2N
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CEB) /
Resource Hash: e5f9f7c5db205a36ab8764fc900f18a897f4431db2a7526e72b2dcaee190315a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:01 GMT
age: 2057682
x-amz-request-id: KCE8TSY3NXK1HCEW
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 67525660643850441247683513907092612229
content-length: 2746880
x-amz-id-2: Xtrp51GT5JbgAeVcnuiNJh0/MxQK2bwE8mGzaYgDgIJf11vr/yC0qbtXczrHKWn8tmK6mU/UwUY=
last-modified: Wed, 17 May 2023 22:18:29 GMT
server: ECAcc (frc/4CEB)
etag: "7753b43ecbb1ff89786e9d113f678d60"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:52:00 GMT

GET
H2 200 J00000002.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/ 2 MB
2 MB 65ms
65ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/J00000002.ts?pbs=b1553ea8f8a7484a93e32b8ba8515550&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=dvlHXQqMITcvEs83dBsTEX64N5_gYgZCT6GB2s1XTDD9PDJFcn9ZXAR0KFnkLrq8bW_a7parrGG8WgxnaAg1WLRh-Qk-gipWB4wdiRGysoPEsh0WAwi8keXVi7FBrQQPyx5g98diA3ZsfubKW13E4bOxVRQWYbBfTKy2GmYhjmAEOqUuMKA__ootFbODBQlJb5pD-p7LPEIPfskMriEko99DLlh-_4t36yQ7J8vjX2rvkYzo1msY77H6
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4D0C) /
Resource Hash: 4c6d748bdbbf02645fe9bfc54757ccdb7dd06d4104455c68a4f555332f13314b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:01 GMT
age: 2087864
x-amz-request-id: WVMHCNTTX2N8Y0NY
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 42545315219274054428580787255890883250
content-length: 2560384
x-amz-id-2: hezvM8dCuYrRppuCs/lmkNdUfnZZxkG4ZCjNNSqy/LVJTqmyQ27b7jFH7hyShba0L9zaNPVOeqPDGuht9bNyow==
last-modified: Fri, 16 Jun 2023 10:41:35 GMT
server: ECAcc (frc/4D0C)
etag: "da81382d70a6098f5a1c49f57a0934ad"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:52:00 GMT

GET
H2 200 J00000003.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/ 1 MB
1 MB 48ms
48ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/573/5d8e9ef63a204d0b8cb71b50093bde7d/573c87f5f6b74aa8b917273f8d04e1c2/J00000003.ts?pbs=b1553ea8f8a7484a93e32b8ba8515550&cloud=aws&cdn=eci&si=0&d=2.816&cdntoken=dvlHXQqMITcvEs83dBsTEX64N5_gYgZCT6GB2s1XTDD9PDJFcn9ZXAR0KFnkLrq8bW_a7parrGG8WgxnaAg1WLRh-Qk-gipWB4wdiRGysoPEsh0WAwi8keXVi7FBrQQPyx5g98diA3ZsfubKW13E4bOxVRQWYbBfTKy2GmYhjmAEOqUuMKA__ootFbODBQlJb5pD-p7LPEIPfskMriEko99DLlh-_4t36yQ7J8vjX2rvkYzo1msY77H6
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4C9C) /
Resource Hash: 39a186711cdddcb36b328f0a43126d935271e3ceb305b0c8b35b873e99d97534

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:02 GMT
age: 2087797
x-amz-request-id: YBABQM7V2S962RDV
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 723835586846436841210898218793997022583
content-length: 1182720
x-amz-id-2: 8EizMgjZQjLk6FEBi0lvTrRGOJDBP8VlL5ROWH5HWVAh+20Ku3/DPAjp85N8tubRCs0pMrbV250=
last-modified: Fri, 16 Jun 2023 10:41:34 GMT
server: ECAcc (frc/4C9C)
etag: "0a9fe8f636f4571adc3cc40909b1b6f1"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:52:01 GMT

GET
H2 200 J00000002.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/ 3 MB
3 MB 29ms
29ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/J00000002.ts?pbs=8f6a5cec91dd429baa1be6e22840d9f1&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=ajJuBB2NX9HwpIYn6TtKa7egM4Ezu53AaSZmu-kMC2Iel2ECQP8-jLtnL2wZ8nKhoZjAThjTc-7AD5FzrpRj2dJiLQTEUleo2lYmPOQQfJVG56fzXFIbFFZ1LwoE-4_KYuf8l-wzXK7WG4m8ILVZfcDIV9hSL8wD-A-e_HJOFIXpk55KwKgFX1ZS9FgNmwPVLmrUIRQ-ZLQMMQy30dxMgf1NyFecXsiK6KKxxD9oTGPzjUAzC-BL6q2N
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CB3) /
Resource Hash: 7dafe263fb69eb4dc1c52574b7af06ecaff086e8be5601d35626bc0117d3f2e7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:03 GMT
age: 2059728
x-amz-request-id: C58VEYQ63B0ARC7K
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 868888682064599907716195272948762438526
content-length: 2668672
x-amz-id-2: qeusg4KyyNvBatNaAgUIGGctMWo5NnRD/P9PE9+Ol4i0f7I9nz38IRduiGp4N94mhod3xp8arts=
last-modified: Wed, 17 May 2023 22:18:32 GMT
server: ECAcc (frc/4CB3)
etag: "a0eef6e7b6ac835047c8de65202ea521"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:52:02 GMT

GET
H2 200 J00000003.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/ 3 MB
3 MB 28ms
27ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/J00000003.ts?pbs=8f6a5cec91dd429baa1be6e22840d9f1&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=ajJuBB2NX9HwpIYn6TtKa7egM4Ezu53AaSZmu-kMC2Iel2ECQP8-jLtnL2wZ8nKhoZjAThjTc-7AD5FzrpRj2dJiLQTEUleo2lYmPOQQfJVG56fzXFIbFFZ1LwoE-4_KYuf8l-wzXK7WG4m8ILVZfcDIV9hSL8wD-A-e_HJOFIXpk55KwKgFX1ZS9FgNmwPVLmrUIRQ-ZLQMMQy30dxMgf1NyFecXsiK6KKxxD9oTGPzjUAzC-BL6q2N
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CF1) /
Resource Hash: ea66dc2855e10cba179b3136c310bfd86b5dc50905b11876877405728f9c7959

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:03 GMT
age: 2059674
x-amz-request-id: SVKAWCP8XVWHRSGN
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 74732700756260996318654835729802555415
content-length: 2707776
x-amz-id-2: sEml9BaamjvNety9yaSMAm360k10f0iQL6NPGJS648PA4qPp6oYidB0fOwHIY6Kzxp2GsmlHuTw=
last-modified: Wed, 17 May 2023 22:18:31 GMT
server: ECAcc (frc/4CF1)
etag: "680330c76b4355dde9a80e2592117261"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:52:02 GMT

GET
H2 200 J00000004.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/ 3 MB
3 MB 34ms
33ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/J00000004.ts?pbs=8f6a5cec91dd429baa1be6e22840d9f1&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=ajJuBB2NX9HwpIYn6TtKa7egM4Ezu53AaSZmu-kMC2Iel2ECQP8-jLtnL2wZ8nKhoZjAThjTc-7AD5FzrpRj2dJiLQTEUleo2lYmPOQQfJVG56fzXFIbFFZ1LwoE-4_KYuf8l-wzXK7WG4m8ILVZfcDIV9hSL8wD-A-e_HJOFIXpk55KwKgFX1ZS9FgNmwPVLmrUIRQ-ZLQMMQy30dxMgf1NyFecXsiK6KKxxD9oTGPzjUAzC-BL6q2N
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CDC) /
Resource Hash: 3740f9b30a2da2c21cb4ee739028b862dd84d60182dff02e3fff07937a2d3030

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:05 GMT
age: 2059676
x-amz-request-id: SVK0VPFCYHNB1Q90
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 129000518922882749998595745447854390555
content-length: 2725824
x-amz-id-2: IXLcXdAAX3sbnY0hW9o0QJEyLCbiywd09bBB1DJxILpT54XU5o0b0K1+XlOQ2/ZFiuQkIiMTsTpAIM+DoRngVg==
last-modified: Wed, 17 May 2023 22:18:36 GMT
server: ECAcc (frc/4CDC)
etag: "4c5de166627c4420a855cfc1eb6f295d"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:52:04 GMT

GET
H2 200 J00000005.ts Show response
x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/ 3 MB
3 MB 167ms
166ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/J00000005.ts?pbs=8f6a5cec91dd429baa1be6e22840d9f1&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=ajJuBB2NX9HwpIYn6TtKa7egM4Ezu53AaSZmu-kMC2Iel2ECQP8-jLtnL2wZ8nKhoZjAThjTc-7AD5FzrpRj2dJiLQTEUleo2lYmPOQQfJVG56fzXFIbFFZ1LwoE-4_KYuf8l-wzXK7WG4m8ILVZfcDIV9hSL8wD-A-e_HJOFIXpk55KwKgFX1ZS9FgNmwPVLmrUIRQ-ZLQMMQy30dxMgf1NyFecXsiK6KKxxD9oTGPzjUAzC-BL6q2N
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CB7) /
Resource Hash: 17e4f7282dedb86583a9032a3409655ba8333e3f1b8979157874f46c43f8a292

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:06 GMT
age: 2059677
x-amz-request-id: SVK1QGZ2Y2MEYGNB
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 1516619091329724144912340689667481312936
content-length: 2671680
x-amz-id-2: 6E4OgxDFkD78gF1vl5omxgJGEkRTj3IV1atyAHLQkH2iKGZygqPl8kA4XgfpDoeycBl5HGT679FVB5Hfiaa79A==
last-modified: Wed, 17 May 2023 22:18:38 GMT
server: ECAcc (frc/4CB7)
etag: "8c08958692945808961f8951404899ac"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:52:05 GMT

GET
H2 200 J00000006.ts
x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/ 848 KB
0 77ms
76ms Fetch
application/octet-stream 2606:2800:133:202d:cd5:25f1:103b:1d26
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://x-default-sstgec.uplynk.com/aeuw1/slices/b60/5d8e9ef63a204d0b8cb71b50093bde7d/b609a81a087f44e491688db54a0bca73/J00000006.ts?pbs=8f6a5cec91dd429baa1be6e22840d9f1&cloud=aws&cdn=eci&si=0&d=4.096&cdntoken=ajJuBB2NX9HwpIYn6TtKa7egM4Ezu53AaSZmu-kMC2Iel2ECQP8-jLtnL2wZ8nKhoZjAThjTc-7AD5FzrpRj2dJiLQTEUleo2lYmPOQQfJVG56fzXFIbFFZ1LwoE-4_KYuf8l-wzXK7WG4m8ILVZfcDIV9hSL8wD-A-e_HJOFIXpk55KwKgFX1ZS9FgNmwPVLmrUIRQ-ZLQMMQy30dxMgf1NyFecXsiK6KKxxD9oTGPzjUAzC-BL6q2N
Requested by: Host: www.fifa.com
URL: https://www.fifa.com/fifaplus/static/js/54.b6dc58ac.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:202d:cd5:25f1:103b:1d26 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CAB) /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 18:52:06 GMT
age: 2059673
x-amz-request-id: VN993TW2JHYB4PH4
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-storage-class: STANDARD_IA
cdn-request-id: 63585102047891966329855591860868288533
content-length: 2707776
x-amz-id-2: H6FGIAfFr+pcWrGKz7y2lZt87NQ9511WfH6bIqKZuCNXaNRscLlZhnO9iw+mqRe/Vu4GgChq7vk=
last-modified: Wed, 17 May 2023 22:18:39 GMT
server: ECAcc (frc/4CAB)
etag: "c86e0463e171b9f475093d0afa907250"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
expires: Mon, 05 Feb 2024 18:52:05 GMT

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fifa.com/fifaplus/es/tournaments/mens/worldcup	1969-12-31 23:59:59	Name: ffsid Value: %22ff9481fa-8504-4c15-86af-be5385bf0e9e%22
www.fifa.com/	1970-01-21 02:58:15	Name: ai_user Value: Hl6R5q55Fe+s3stFpB9x1i\|2024-02-05T18:51:57.693Z
www.fifa.com/	1970-01-20 18:12:40	Name: ai_session Value: 8aDg6ieBsFR05BFvB7BpzI\|1707159117864\|1707159117864
.fifa.com/	1970-01-21 02:58:15	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Feb+05+2024+19%3A51%3A58+GMT%2B0100+(Central+European+Standard+Time)&version=202311.1.0&browserGpcFlag=0&isIABGlobal=false&consentId=e1088a11-5d13-4d39-b2d9-c011472d0f44&interactionCount=0&landingPath=https%3A%2F%2Fwww.fifa.com%2Ffifaplus%2Fes%2Ftournaments%2Fmens%2Fworldcup%2Fcanadamexicousa2026&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2CV2STACK42%3A0&hosts=H98%3A1%2CH113%3A1%2CH96%3A1%2CH99%3A1%2CH68%3A0%2CH39%3A0%2CH3%3A0%2CH1%3A0%2CH51%3A0%2CH36%3A0%2CH81%3A0%2CH94%3A0%2CH84%3A0%2CH87%3A0%2CH88%3A0%2CH70%3A0%2CH37%3A0%2CH89%3A0%2CH90%3A0%2CH48%3A0%2CH91%3A0%2CH71%3A0%2CH49%3A0%2CH69%3A0%2CH52%3A0%2CH43%3A0%2CH127%3A0%2CH5%3A0%2CH9%3A0&genVendors=

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cdn.theoplayer.com/conviva/conviva-4.0.12.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
other	warning	URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Message: A preload for 'https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost: cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
cdn.cookielaw.org
cdn.theoplayer.com
content-aeui1.uplynk.com
content.uplynk.com
cxm-api.fifa.com
digitalhub.fifa.com
geolocation.onetrust.com
license.theoplayer.com
play.fifa.com
walls.io
www.fifa.com
www.gstatic.com
x-default-sstgec.uplynk.com
151.101.193.91
152.199.19.82
18.197.160.1
2600:9000:223f:d000:11:c1cc:72c0:93a1
2606:2800:133:202d:cd5:25f1:103b:1d26
2606:4700:4400::6812:2089
2606:4700::6812:83ec
2a00:1450:4001:82b::2003
2a02:26f0:3500:587::1e80
2a05:d018:11d:9e00:a450:2133:625e:b343
52.222.236.47
68.232.34.143
037900764deb1df4e2cf4bf8eef12ad15ef4aa0e24541b18590c53b7a6a0f7d7
04492174a44ec7cdff662765038cfd7cdef1cec8d8c83748599f7e30c2116dec
05b21c83774b77ef5d85267b9fc27fef02100767a5138bbecd2e6406c0040048
075b5ef17fffb5a8bf8653d408c34bc5f87d4ff80edf27538cafae6eca7d9a15
0774b280d94641683d68a56c4836df9264beef00cbfff7c0cb481344d52a328c
078dbc253356ef7158f95ab56b9fdb16d1986edb2dc9b6645e7792aa5808753a
0a35d92fb603a0e8dc7501e0eeead6c01fcd0478509dd3514a40756be1fbd4fb
0a5dd52e4f05ffeeb2d47e3be280c6b04f219ec876a14447d033524d68841005
0a685b96d92a7d52330571aa2aa537afd18c0958bc38d977432657c41d0bf390
12ba3f4f28cedf93fe25c32aa30d7f2bd72d423284840caa3fb927018c41ea7f
16bb3d8fb5c371c9e4fa6b5f313c0a5e2edd911c0ce6d0f9c3cee01e9560a2b3
17e4f7282dedb86583a9032a3409655ba8333e3f1b8979157874f46c43f8a292
1b37c3e0644d4ef85cbc527ef0beb47586924966262a888b4e923da40219df26
1c26f0664910e31e9c4f2971cfc67c54a7a295777d7497e59b846e2d6b5e98f0
1eefe01a843ee60ae0111c55d2b47439a600e8a3c0b39807e9f8041bbade3d34
20198ea05b33c2dcd1ae34d7fec2e879cbb0db8f730ce036f94310fcc3a1c2c7
2021461ef5be80a0804e071c4daad1d93f931d5c338201907dc4194cb2e34807
20f1a9de0facf493369c80aeb3e6649df5ee30817ae53e053ad1632f81a62d7b
21484bdbfbdded8276f66117a5e7176b5b98f083093ad35b64e1f00f697d7d29
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
24d71392333b202f7624ae7e99534f357586856a65bed2a713e3b1b62fe6ee21
2760ad794749bc3442a01b1643551e6b84067c0fbf544ccd2b287f1180164a2f
29619202252995b9f9a806a21984a2668c11a4f08058a33d19d65a965a8274a2
2b0c0075a033682efadba78fe375d9895f5a28a366979725040eb3772a0bb4cf
2bc6a125d698416498cdf5ef60cd959aef01db95a6e3e0d74a95f9b6d3d78feb
2d6b8f53d1e25822116c74ad810425792696f6cba8759e1f60c964c0e616a7c9
320b92d37dd1dee90f5df25e56cda4d5e67ee8dadf6bbf45ef7db68f099237c9
323c5fc4ff347e7b1f10c1bbeb9600dda2818f78cceb9dfcbd962b1e0be83417
372480f2a0bd04ffa56262e105c5d3d14a2912858257bbb36724a14c84a60aa7
3740f9b30a2da2c21cb4ee739028b862dd84d60182dff02e3fff07937a2d3030
37a05cf00e018a335aa4bea0e43812929c13d3dd550525661ceab973efc14e6b
38b9df860cef411e00cad50c092eadf47355dad5064c3a55afedef70ea469ce3
39a186711cdddcb36b328f0a43126d935271e3ceb305b0c8b35b873e99d97534
39c4ba098195245d90c94af1664983daae71df7b15165e75c06ae138e15b8d83
3bbabe65bdd88e54e75306bfb98834d80ae4ee3b04cbc5d910af2ad6121171fb
42e3c0f43f37caca83ab160c10be1f52f5daeff6cd0da126a71a79ab48806cf3
42ea923e41c47756bfdbf5ceef88fa1558dd7bf8dc886681ffb7676c4ba6e7bc
436550bca96196905470e78e30ca33b0702746c8a48ee7850d20071546c15382
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
4860052dc0231c10cd9d047e3b7c55ee7b8b51d3c1fe2a64524b22bd6c696756
48dcc3805547ec45ce52bc3610e1648e9a2c49624b65bab11a4871a93d0ddf94
48eb74a45169ea3d83367b03ba9fcfaa84db06cc587da680c6e9b864a15b4e5b
492457408b7df55dd4220aaebd37dda7d1cbf4cfd5e9ab7a6c934d0ed0bdd035
4bbab94e9323c77371dd2c13901015b3d9237c5ebcd24dcb13d00eb0d27741a2
4bde2a9b5d6045f8993ce62e78ef39e2a66acf5493fbfeff9aa9d57ba4cc36a6
4be1addf4ee8c28eff431ef8bfbc475913c1234f6315c50047bc1eda86de71f3
4c6d748bdbbf02645fe9bfc54757ccdb7dd06d4104455c68a4f555332f13314b
4ca514f5eb90ab8953dcc02b11f293e8931c6503ae9e4d3d6b5cbe5bf8f6cf60
4e4537190781df6baaadf41223d09831a736924061aa674f730c727e46f6af87
4e8a291e11bb589fd1aad0db9544896d93079df0fcba6b4b7cac40c5e33ce54b
55655f7d2dbe6228d02546899765814fd90185d3f0123f449a5917cd791071fb
563ea20c87d563afa1fe47cfc36a4d71e68650c95018c7c4da66a4c58042da39
5ece7b95aa11de4d07f7cfb35e4ac92326b94f2169812e5ed9b992511b5b5e4a
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6351e8ab6ab8b105d6394c01ef86cf2e437fe78267b6bb5cd3dec84e01ea56ce
67f0f661888a4ff38dfbb3ed01a2f30f7f61de0b43a029a4c38efd827de713c0
6870aa293c721c746438ab6d4d9ff3f9b15a126618bdf920a07f4ab5baad4b09
6873a676564300f11eb9552c8ffc7234d71d7c7076c96c78d269016d1df7ee16
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a2f4003a98a3d8b367702823291c5e43078623288deff831d9d83c8f2db9b16
6fd23e8d923e1c475e222c214d8ac1867ca79d2a7716ed881a08e3490a604d58
73c4d92fd8a85b6e0189c5b7f1096b9a44effcf56c7b5f3e70a4bbd977a58b61
75d04643c461b0070802e56e935a7486187f88b2abfd4924e88f61a071df7485
777f9a799bf90026d7908e0c36ed34952a44f17c30bf44e51cce52914b20c5b4
78417ebbea63f1b233530be6e839bb6e5e7123c2c3c6602f37fad3eb5a331fc9
7ab12143573b5af61efad20a15f06a2661b1e3af60473f594884675cfd6f6cff
7c32cdc1ab5835d3388537d770517d557b340c5bd1fe95ca8115e68b5a559e98
7dafe263fb69eb4dc1c52574b7af06ecaff086e8be5601d35626bc0117d3f2e7
7f57f54191962ca5b3bac2c1887470d2629706d5d7fc21f22166c53661a8e74e
84dfd0e54b4925642917b11cbb1e9b46e50a3acfd4f2bd2a2fd7d61cb12b36ac
86a0ede7d86475d40b8673b2b1c2fc72e34766e408b477f077c7c402e5bf4cdb
88d72fa359eb02bc476d863e822352c8ac2cbd9266d8e6adc60b1bd3bd6360c0
8b8939d4dff9694971bfe9dcb5a82e48052fb7c0f24e6f55f6acc709ce06a1d6
8f65b6b25787a1b0eb5e1c22364623cdd54b1def03e79bb64ae4dd26043e2e19
900a116048d76068496554aa043c9b506841246e60f467920bc91c8befd380e8
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
930956c31c9e633f8c3c310cfb99b82ad1089bc05f607b64b397725a8c8429ab
93c546bd5f9d493bfbdc8cc9e62dd31143aac6cbae03beff91ddcd9f5d23b8b9
96b774257ae8221244fc3a8d31055d99b6acb71d6bfc7e81f2d3a428c5b18267
981a2df29fe9b8dbd2a31f577d909b5ae84dc7d4af19f5664523b31eefcdcef2
996f52a06e4470d3cc2ab1ddf13e1051ed0c41e2c2e519274b76859e3899dc59
9cc0e306632679162f6394648779802c9cfb35d4ba5e98efbd537e13e55f290c
9f8987da80502159c12dc31f4f6dd2e7b190e47dc2978acdd400715cbed1e493
9f927d671965717b8bb011360590349f50f721d990545c38c3c1429d5c98ddb8
a13e4001bf008067b14b82bfea429c26fbb8123975c07590b168c389203d6309
a25bc6588d5b2e1e21c5ab6e5df559abb0c03546346f21adb3e21d3aa163e8ba
a2bdd8cb01353d4ed2a9ab4c7d7c263225f6908aa875614d015a2f39956d9d73
a801f2d1cd1a2fa11922c5b14f0d8bd072dd8954e1472847b6e00425f9deec3e
a954c0a79c10d3b1bc92da8061a74c4bf99ade39a5f0b385de63e14e569a23db
abe8ef7cc6bcbfdc374223ef03d98f3de718f97c344ea6fdd3bb2d3799167d7e
aca50fa1d88e66e52258dc63eeff7c30c86d4c9b2ba95498355b578b53a7fb8a
aea236ef70c30d8fe320a012c774ea8cee7c5aa4ffa943c91472c911880bc53c
b225b553da329022367ef9806c9820cbb60051aede8489749a879cfc3bed0677
b268b22bb0b4ca2e1460f079b7eb4ae29754b622928f27a6d9263f74b1a745a3
b4349b838b952c4d391b77321d20b1b9608196f8daab8ef69f6dcc7daf51316a
b6731918e8554e8daa56f47bb28c04dd0b4a0e2cc0001a9d90a15be7806b0db3
b854663e83865f46900ad48b0f947a586bc35a847725abb7aadccc4fcafb6f8f
bb5b84b03e2b10ce084ddccd3f8787dd0a436d1c39600c882a4f162b8a2ec161
bbd5787740e2dc5cfabf53e8dbb910927056f44000f22d746fdbbddd7bba63bf
bca0cbef4d9a1480419d2e87f92f86f2b04237f91c1a36800ff4929370b931a4
bf3367e6708664e5ab5cf7521c662b6bb9cfb239c3f6a1bc464247e49217ad9f
c250ef9f65a41bfb82579dff3c68fcf0109bb987f9624d6ac020ac8a4823a7e4
c293b3aeb4898d08cc511c812408a728d6c707c464078342d9af91adcb3adc8a
c3208bf867638c7a0dd6fe243b2ca42ce3ce8445e94e48bb6397badd3d7a7c78
c50e8317ac4c60f3eabe65fb8875c1a77c720fa8a0477cc8b22accd61677c967
c85082bdf7f65c12bc734139c95a14b1a61778437d527b5097f0b025c1466c6c
c8caef549b0190ec0e337f96aa78027be95ecfb6dc5aa3abc70afda206069c38
cb31f0bd21d9df05deb34d2519227c4098df659dc89f0caeb222d8851097a722
cca6ae0b6adf9c7f891d13a29a3de511056875e3a9a9a181e53857da07616c8f
cd543c2725509007cf78fa0111217b7cd41c0618a1671f76c45780038f6d05a0
ce92cf1c5f111f69ad492de0abe0a7d169cd437b7841c7c683852e7ce1bdac69
cea2053be8e509589fe917b989317c05a16799e2d89ed1ea89b21870e3153631
cf24857ffe0daf1dee181dba65aa08bc61db109a67f02a3c560965dc1f198485
d15cec0e97a0ee4f6d2ea2baf75b527e5082b10bc9bedd89bfcb00305a1b8401
d19b9e1509e1a5451fa22f764f619ff8d840fb1c73e17393f61db98bf4c74513
d2be63ad82addbd4d3e45024482d4ea32daaa8a01fb147ce3b7f797519225a4c
d3652dc3aa942b89bddb0a04adcac6a8c36a8f50cbe8faa130442646d4d1d515
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d5cc99b66288d5ad06890ba94fe2b09ebe81ee2b133691dc34b334b35a4c0c96
d9419a242f2612bfd1ca9f14c60f29e662a433d85ed813e0b4aee98b6a0582de
d9f327e22bbcc852fce1e240bab93963f2af1dae18e39ae0ffaba339c37092c3
dbe20b537ed17fbff493b74a70886e185a60bf42591b65fbe9b6f1a272a8d4f4
dfa641c2a1027549e1f34c37d2f1d4831e4dbfcfe30bf8126f73838e1aa67204
e0cde5287d8c9f03804bc420e51ef211ae7c1e641e803dab4ad6fd18e4662678
e11bcc619c859795164e5937905533db9bda531dc7214360f32461f4e944699a
e145a391df952f499758fd20de11ca61591ed0ae38667d7d79b1c1c5f5eb511e
e2cfc92eac61d799e0219eecd4f31ffe471428841092750cedf707de2400038a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ad3a7c4aa97b074c4d59a438bb5813ded8ad1d8bb8cf630abb4c6ee075d54e
e5f9f7c5db205a36ab8764fc900f18a897f4431db2a7526e72b2dcaee190315a
e734c6c209e6222eb5260d2fab3a5bfcc0685e6c11f18557fc670fec0f1ba140
e976974bd2385b5c15551843801864c05d8b11021fb0c5e5715300017acc83f6
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ea66dc2855e10cba179b3136c310bfd86b5dc50905b11876877405728f9c7959
ec5f0ed855a823e72cb6dc00613aff4e83cfe83bb428e9d1db01891247e51def
ede570f8f275ff0e50c6142a7c0f334242178a202ddc30df39823ad2dacd5792
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
f1fca6ca91d263eb28f9f19c324dd4e327288520a2229a5f7008e0fa96795e57
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
f9947515ada0af97c9f138a55bf4b733905d3cd11010e806a501c32d20b18ecb
fb3fdb320ad11371bef6ed20fd92e63da916134f02302562ffd80df60eb7769e
fb5d5c0ed919a963f62d1cf62e7b2f077f06904f1981b40c99eabdcf586cd4a9

www.fifa.com Open in urlscan Pro 152.199.19.82 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

152 Requests

100 %HTTPS

58 %IPv6

8 Domains

14 Subdomains

12 IPs

3 Countries

28586 kBTransfer

34975 kBSize

4 Cookies

4 Outgoing links

Redirected requests

152 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fifa.com Open in urlscan Pro
152.199.19.82 Public Scan

Screenshot
Live screenshot

Full Image

152
Requests

100 %
HTTPS

58 %
IPv6

8
Domains

14
Subdomains

12
IPs

3
Countries

28586 kB
Transfer

34975 kB
Size

4
Cookies

152 HTTP transactions
0 data transactions