urlscan.io logo urlscan.io
SecurityTrails logo

secure.winred.com Open in urlscan Pro
2606:4700::6813:d459  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://gop-way.com/9c86ct
Effective URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&a...
Submission: On November 20 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 23 IPs in 2 countries across 19 domains to perform 87 HTTP transactions. The main IP is 2606:4700::6813:d459, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure.winred.com. The Cisco Umbrella rank of the primary domain is 93759.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 22nd 2024. Valid for: a year.
This is the only time secure.winred.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.33.253.57 16509 (AMAZON-02)
1 11 2606:4700::68... 13335 (CLOUDFLAR...)
2 108.139.29.110 16509 (AMAZON-02)
4 2607:f8b0:400... 15169 (GOOGLE)
5 2600:9000:26f... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
10 2607:f8b0:400... 15169 (GOOGLE)
3 2a03:2880:f01... 32934 (FACEBOOK)
7 2001:4860:480... 15169 (GOOGLE)
8 108.139.29.88 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 2a03:2880:f10... 32934 (FACEBOOK)
3 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2001:4998:1c:... 14779 (YAHOO)
4 34.198.76.171 14618 (AMAZON-AES)
1 151.101.44.157 54113 (FASTLY)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 172.66.0.227 13335 (CLOUDFLAR...)
2 104.244.42.131 13414 (TWITTER)
2 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
1 52.72.192.139 14618 (AMAZON-AES)
3 2001:4860:480... 15169 (GOOGLE)
87 23
1    3.33.253.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: a88370b69dc0c4e51.awsglobalaccelerator.com
gop-way.com
11    2606:4700::6813:d459 (United States)

ASN13335 (CLOUDFLARENET, US)
secure.winred.com
2    108.139.29.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-110.jfk50.r.cloudfront.net
js.stripe.com
4    2607:f8b0:4006:80f::200a (United States)

ASN15169 (GOOGLE, US)
maps.googleapis.com
5    2600:9000:26fa:de00:0:7d26:ee00:93a1 (United States)

ASN16509 (AMAZON-02, US)
d35ligi1n5bgzc.cloudfront.net
1    2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
10    2607:f8b0:4006:80f::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
7    2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
8    108.139.29.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-88.jfk50.r.cloudfront.net
js.stripe.com
1    2606:4700::6813:d359 (United States)

ASN13335 (CLOUDFLARENET, US)
app.revv.co
6    2a03:2880:f10e:83:face:b00c:0:25de (Toronto, Canada)

ASN32934 (FACEBOOK, US)
www.facebook.com
3    2607:f8b0:4006:820::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
4    2607:f8b0:4004:c17::9c (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2001:4998:1c:800::1001 (United States)

ASN14779 (YAHOO, US)
s.yimg.com
4    34.198.76.171 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-198-76-171.compute-1.amazonaws.com
tags.srv.stackadapt.com
1    151.101.44.157 (San Francisco, United States)

ASN54113 (FASTLY, US)
static.ads-twitter.com
3    2606:4700::6810:e534 (United States)

ASN13335 (CLOUDFLARENET, US)
gtm.winred.com
2    172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)
t.co
2    104.244.42.131 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
2    2607:f8b0:4006:80b::2002 (United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    2607:f8b0:4006:81e::2002 (United States)

ASN15169 (GOOGLE, US)
td.doubleclick.net
1    52.72.192.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-192-139.compute-1.amazonaws.com
sp.analytics.yahoo.com
3    2001:4860:4802:38::181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
Apex Domain
Subdomains		 Transfer
14 winred.com
secure.winred.com — Cisco Umbrella Rank: 93759
gtm.winred.com — Cisco Umbrella Rank: 187020
217 KB
10 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
954 KB
10 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1073
181 KB
9 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 135
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
td.doubleclick.net — Cisco Umbrella Rank: 182
6 KB
7 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
22 KB
6 google.com
www.google.com — Cisco Umbrella Rank: 3
analytics.google.com — Cisco Umbrella Rank: 142
387 B
6 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
633 B
5 cloudfront.net
d35ligi1n5bgzc.cloudfront.net
784 KB
4 stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 2701
10 KB
4 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 466
234 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
80 KB
2 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 991
1 KB
2 t.co
t.co — Cisco Umbrella Rank: 904
1 KB
2 yimg.com
s.yimg.com — Cisco Umbrella Rank: 768
8 KB
1 yahoo.com
sp.analytics.yahoo.com — Cisco Umbrella Rank: 1654
677 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 1016
16 KB
1 revv.co
app.revv.co — Cisco Umbrella Rank: 362909
1 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 617
7 KB
1 gop-way.com
gop-way.com
280 B
87 19
Domain Requested by
11 secure.winred.com 1 redirects secure.winred.com
static.cloudflareinsights.com
10 www.googletagmanager.com secure.winred.com
www.googletagmanager.com
www.google-analytics.com
10 js.stripe.com secure.winred.com
js.stripe.com
7 www.google-analytics.com secure.winred.com
www.google-analytics.com
www.googletagmanager.com
6 www.facebook.com secure.winred.com
5 d35ligi1n5bgzc.cloudfront.net secure.winred.com
4 tags.srv.stackadapt.com secure.winred.com
tags.srv.stackadapt.com
4 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
secure.winred.com
4 maps.googleapis.com secure.winred.com
maps.googleapis.com
3 analytics.google.com www.googletagmanager.com
secure.winred.com
3 td.doubleclick.net www.googletagmanager.com
3 gtm.winred.com www.googletagmanager.com
3 www.google.com www.googletagmanager.com
secure.winred.com
3 connect.facebook.net secure.winred.com
connect.facebook.net
2 googleads.g.doubleclick.net www.googletagmanager.com
2 analytics.twitter.com secure.winred.com
2 t.co secure.winred.com
2 s.yimg.com secure.winred.com
s.yimg.com
1 sp.analytics.yahoo.com secure.winred.com
1 static.ads-twitter.com secure.winred.com
1 app.revv.co secure.winred.com
1 static.cloudflareinsights.com secure.winred.com
1 gop-way.com 1 redirects
87 23

This site contains links to these domains. Also see Links.

Domain
winred.com
www.nrcc.org
www.donaldjtrump.com
Subject Issuer Validity Valid
secure.winred.com
Cloudflare Inc ECC CA-3		 2024-01-22 -
2024-12-31		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-10-30 -
2025-02-06		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
cloudflareinsights.com
WE1		 2024-11-01 -
2025-01-30		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-08-29 -
2024-11-27		 3 months crt.sh
revv.co
WE1		 2024-10-31 -
2025-01-29		 3 months crt.sh
*.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2024-10-31 -
2024-12-18		 2 months crt.sh
*.srv.stackadapt.com
Amazon RSA 2048 M03		 2024-08-09 -
2025-09-06		 a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-06-25 -
2025-06-24		 a year crt.sh
winred.com
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh
t.co
E5		 2024-09-28 -
2024-12-27		 3 months crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-10-07 -
2025-10-06		 a year crt.sh
*.doubleclick.net
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2024-07-30 -
2025-01-22		 6 months crt.sh

This page contains 14 frames:

Primary Page: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Frame ID: 28FBDFDE9AE70CCD46C5CC2B2D22696F
Requests: 73 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-769b3a46247e671f98a3686148d00dc0.html
Frame ID: D8546C4EC3DCA8337F8DCCFC7AA92016
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-e861cccbde597814ac17e46db7ba27d0.html
Frame ID: 857E59C2CE6D20858B9C9348BD32198F
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-769b3a46247e671f98a3686148d00dc0.html
Frame ID: 0557752CD975CEB67BE7A11BD658690C
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-google-pay-72abc3024fc994edacfda4c062068efb.html
Frame ID: EF27DABE87F228A7DE69F53B975F3ACC
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-4c611b129c032d391ac8b97b90a71e0a.html
Frame ID: 2EE1D790EF3C532FD68E897883FF9B39
Requests: 1 HTTP requests in this frame

Frame: https://secure.winred.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js
Frame ID: F989226B474F525F7DEFA597034FEDDA
Requests: 2 HTTP requests in this frame

Frame: https://js.stripe.com/v3/link-modal-inner-f430da4c8d7a6e21359105408a30d3c6.html
Frame ID: 49DF349C0F10272C8C8C23C82134DFB8
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fsecure.winred.com
Frame ID: 9F97AA69A7D1466E6A245690F6C13168
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/815133722?random=1732130257270&cv=11&fst=1732130257270&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bj0v892291033z871312789za201zb71312789&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&hn=www.googleadservices.com&frm=0&tiba=America%20First!&npa=0&pscdl=noapi&auid=1848102487.1732130257&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: C09199551F9F4C803DD0A9FCE8CC443E
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-9J5139D7ZF&gacid=1875082056.1732130256&gtm=45je4bk0h2v9139044878za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&_ng=1&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=1464893806
Frame ID: CB369F07BCA3CFE33D3BA67AB4615AA0
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/815133722?random=1732130257615&cv=11&fst=1732130257615&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bj0v892291033za200zb72410129&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&hn=www.googleadservices.com&frm=0&tiba=America%20First!&npa=0&pscdl=noapi&auid=1848102487.1732130257&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: B7ECF976DEA5690E54E91F86E7D70EE1
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/hcaptcha-invisible-0a26bdc1b1e8d0a712e9cdb216dd10f5.html
Frame ID: 7E4950CB37C47A3B14BEBBE009708A0A
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: E5454E5154B5860487DEA278D9BC2A07
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

America First!

Page URL History Show full URLs

  1. http://gop-way.com/9c86ct HTTP 307
    https://gop-way.com/9c86ct HTTP 301
    https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

87
Requests

99 %
HTTPS

67 %
IPv6

19
Domains

23
Subdomains

23
IPs

2
Countries

2523 kB
Transfer

6644 kB
Size

43
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://gop-way.com/9c86ct HTTP 307
    https://gop-way.com/9c86ct HTTP 301
    https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25
  • https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://secure.winred.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js

87 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
secure.winred.com/nrcc/amer-first-agenda-audit/
Redirect Chain
  • http://gop-way.com/9c86ct
  • https://gop-way.com/9c86ct
  • https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
76 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95203168fbff94f627760dbcf208302b18fd372fbdbb915c119c5eb825fe07e2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=0, private, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8e5ac7f06bc543ed-EWR
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 19:17:35 GMT
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
server-timing
cfCacheStatus;desc="DYNAMIC"
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-rack-cors
miss; no-origin
x-request-id
e2c41601-df14-43f3-91ab-c928ddcd97e6
x-revv-cache
Hit from Revv
x-revv-landing-page
1
x-runtime
0.040478
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, no-store
content-length
0
date
Wed, 20 Nov 2024 19:17:34 GMT
engine
Rebrandly.redirect, version 2.1
expires
-1
location
https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
strict-transport-security
max-age=15552000
/
js.stripe.com/v3/ 		690 KB
180 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-110.jfk50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
7c695c704c8750689470c96ffda8632eb44568383a0833caf6be9007763c8726
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
etag
W/"d0461d5272b2714327853ab15aabc5d0"
age
32
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
BHu3zSpe48AHjw-ach050KoK3ZNSsnrJc3ENlk0x-EdyhipUNPKbBw==
date
Wed, 20 Nov 2024 19:17:04 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 20 Nov 2024 18:46:20 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=60
timing-allow-origin
*
via
1.1 f391dfb0806f29cccc5f1df3e1ae836e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
JFK50-P2
server
Cloudfront
landing_page-6039c7fb49af57af18c66c1f088ebc528623b4d6ac05ce2e3229ba0b335bc92b.css
secure.winred.com/assets/ 		223 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/assets/landing_page-6039c7fb49af57af18c66c1f088ebc528623b4d6ac05ce2e3229ba0b335bc92b.css
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6039c7fb49af57af18c66c1f088ebc528623b4d6ac05ce2e3229ba0b335bc92b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"0d589e3ee739618497567fffac3f6955"
age
1892
x-amz-version-id
D2DwqyBLy6zvaIoaXr4.652u.C9cECqD
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 23:17:35 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:35 GMT
content-type
text/css
last-modified
Sat, 02 Nov 2024 01:19:12 GMT
vary
Accept-Encoding
x-amz-id-2
C5mMUm9BpIp790XVavYwUSwhI4tw+cHdBh9R+VtaLznTo8s2b4PXVm7YB8UPRDPmhdHUhen9qI0=
strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=14400
cf-ray
8e5ac7f21e4d43ed-EWR
x-amz-request-id
DW6XBV74QV0V94AJ
server
cloudflare
1731600795.css
secure.winred.com/stylesheets/rv_page_01jc65nh48d4ytg9tvq0t9477q/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/stylesheets/rv_page_01jc65nh48d4ytg9tvq0t9477q/1731600795.css
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8df68609568bd8d042a57fa461b5384308856ea78de356ec2acf6149ce4b1e1a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573

Response headers

x-request-id
2d283fde-4472-4a12-b596-ecadded8af5c
content-encoding
gzip
cf-cache-status
HIT
age
529450
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Fri, 21 Nov 2025 01:06:47 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:35 GMT
content-type
text/css; charset=utf-8
last-modified
Thu, 14 Nov 2024 16:13:18 GMT
vary
Accept-Encoding
x-runtime
0.060999
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=31556952
x-rack-cors
miss; no-origin
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
8e5ac7f21e4f43ed-EWR
x-xss-protection
1; mode=block
server
cloudflare
js
maps.googleapis.com/maps/api/ 		384 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
c701dd9795d6d5dc024c3bb95aca8d56d5a66a99efc77b3dfbba7d5f97b3085b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

cache-control
public, max-age=1800, stale-while-revalidate=3600
timing-allow-origin
*
content-encoding
gzip
etag
717b00c5
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
122973
date
Wed, 20 Nov 2024 19:17:35 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
vary
Accept-Language, Origin, X-Origin, Referer
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
application-landing-page-505b517318f5ba1c04205d8daa065b5fe48bfff9f753a471bf7421b0164aa73e.js
secure.winred.com/assets/ 		492 KB
139 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/assets/application-landing-page-505b517318f5ba1c04205d8daa065b5fe48bfff9f753a471bf7421b0164aa73e.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
505b517318f5ba1c04205d8daa065b5fe48bfff9f753a471bf7421b0164aa73e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"e75fd1678f79abd85c65c4549db07868"
age
3552
x-amz-version-id
AKYKbeAXl92hpo15FpubXj3OCfb.qIfh
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 23:17:35 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:35 GMT
content-type
application/javascript
last-modified
Sat, 02 Nov 2024 01:19:07 GMT
vary
Accept-Encoding
x-amz-id-2
mZWRzkLk+A5Ih6VRcLEX2SfoifutjTPkSZs7bg8PaV1ASbBzWQKAwW6nZyhN7x7JTx8Lw66MJ7o=
strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=14400
cf-ray
8e5ac7f21e5643ed-EWR
x-amz-request-id
CA6GPE9ZDYP6TDTA
server
cloudflare
1000x500_%2856%29.jpg
d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/001/169/438/large/ 		312 KB
312 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/001/169/438/large/1000x500_%2856%29.jpg
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26fa:de00:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
de40225dd57bbe81245f6191285db93d60e60c1c418fef85ce7586e4207fc9db

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

x-amz-version-id
2RH6ss0scx30fqLxZz1XS2mr12CgcSiZ
etag
"716710ad6a7a8ab6bd03c94f269abfe5"
age
1560
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
TkaYNszNS7dOhk8ZrL0eN7b8opbKuZrep1NK9aDIuirvkXsF5ExJyg==
date
Wed, 20 Nov 2024 18:51:36 GMT
content-type
image/jpeg
vary
accept-encoding
last-modified
Wed, 30 Oct 2024 00:48:08 GMT
via
1.1 1461aa0cc0d6d2fb29baf25a00e64194.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
319085
x-amz-cf-pop
JFK52-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
logo_winred_%282%29.png
d35ligi1n5bgzc.cloudfront.net/profiles/images/000/036/332/square/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d35ligi1n5bgzc.cloudfront.net/profiles/images/000/036/332/square/logo_winred_%282%29.png
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26fa:de00:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d974342d079c80c412efb82a7492bbbe45e3694ce4bfabf820e39937ce20d1a5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

x-amz-version-id
E0gR7csO6..2PQ7GMKZAYZqT.00QzE06
etag
"0a6c3f92e998f341b4be4472768ab1bb"
age
79558
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
8SmGDoPfMXlEi_Yr1ObnVeJ3wMKEgfjXsNRG8jn1K4AP0FgjcCenmg==
date
Tue, 19 Nov 2024 21:11:38 GMT
content-type
image/png
vary
accept-encoding
last-modified
Sat, 17 Jul 2021 19:35:50 GMT
via
1.1 1461aa0cc0d6d2fb29baf25a00e64194.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
6960
x-amz-cf-pop
JFK52-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
kUuht00m_400x400.jpg
d35ligi1n5bgzc.cloudfront.net/profiles/images/000/894/828/square/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d35ligi1n5bgzc.cloudfront.net/profiles/images/000/894/828/square/kUuht00m_400x400.jpg
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26fa:de00:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1e19ab777d416ab8585e83bb348451e0a4717b92e7cbb1f74900af55876f2ad9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

x-amz-version-id
e6vRznToLKSFlkxhhZl3uvfZed2SXwEW
etag
"86e9d3432d2077771820250698fbb99b"
age
45000
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
LWhOCDIgfAPLH4elp_pUTLSHyia2EIiwtUHmE1vuHel2KEnRd4rq1g==
date
Wed, 20 Nov 2024 06:47:36 GMT
content-type
image/jpeg
vary
accept-encoding
last-modified
Wed, 20 Mar 2024 15:42:11 GMT
via
1.1 1461aa0cc0d6d2fb29baf25a00e64194.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
8995
x-amz-cf-pop
JFK52-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png
secure.winred.com/assets/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.winred.com/assets/win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573

Response headers

cf-cache-status
HIT
etag
"972c0cca8d1e490484e89513f902e847"
age
3699
cf-bgj
imgq:85,h2pri
x-amz-version-id
dXIH3dEWJ3Rui7mgD_aBNL2LpLuJ4a.5
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 23:17:35 GMT
cf-polished
origFmt=png, origSize=11635
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:35 GMT
content-type
image/webp
content-disposition
inline; filename="win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.webp"
vary
Accept, Accept-Encoding
last-modified
Sat, 02 Nov 2024 01:19:14 GMT
x-amz-id-2
vcHiExJ1U4xXBgcpL11HCHzG5bKjRApapCSY6L+h6v3679OEeM5QN/Ep/OpVflU2Ic13iTCXdg4=
strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=14400
cf-ray
8e5ac7f29efb43ed-EWR
x-amz-request-id
2EFYJFY1FEACPBPY
accept-ranges
bytes
content-length
8708
server
cloudflare
win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
secure.winred.com/assets/ 		19 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.winred.com/assets/win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"d31530d4186af669daf4f47099614593"
age
1778
x-amz-version-id
f4pEcXiD8ytcKkhv6Jg8V_T5YyE04Z7F
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 23:17:35 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:35 GMT
content-type
image/svg+xml
last-modified
Sat, 02 Nov 2024 01:19:14 GMT
vary
Accept-Encoding
x-amz-id-2
j+n8sc6yBOSbNY1WWoK8we0pA58Rd9/RTFgIGcd60x7hS35bSjVtABVnjxqkDraSdqxM7v7dzu4=
strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=14400
cf-ray
8e5ac7f2ff7843ed-EWR
x-amz-request-id
0R58VQ1AKC7E5YBS
server
cloudflare
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://secure.winred.com
Referer
https://secure.winred.com/

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
8e5ac7f39cb1c409-EWR
access-control-allow-origin
*
date
Wed, 20 Nov 2024 19:17:35 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
gtm.js
www.googletagmanager.com/ 		510 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
84d4dfbc160116b77e2a2f70431c399d1091d20f17e234b90f64f429234630b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 20 Nov 2024 19:17:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 20 Nov 2024 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
120727
x-xss-protection
0
server
Google Tag Manager
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
43a683165a27224ef2d2717bd57c8c203aa570ce39140504d086562eefbb0f1f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-SMpEwV9n' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:35 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-SMpEwV9n' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=2, rtx=0, c=23, mss=1232, tbw=4448, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
IDEcwS537GQCdccQpXWIePhDZCHi+1BwdLsZ/nbUuPrecsm3qf/828oWysswBkqb2ibmFG0OO9zTonNkA/jspg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62152
x-xss-protection
0
origin-agent-cluster
?1
gtm.js
www.googletagmanager.com/ 		357 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5F48L7
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
21d3b79c944f3b6376cfcfcad107d107a87786c43855ece01d6ddc06f47aecbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 20 Nov 2024 19:17:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 20 Nov 2024 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
118735
x-xss-protection
0
server
Google Tag Manager
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
gzip
age
4128
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 20:08:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 18:08:48 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
1920x1080_%2810%29-min.jpg
d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/825/825/large/ 		453 KB
454 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/825/825/large/1920x1080_%2810%29-min.jpg
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/stylesheets/rv_page_01jc65nh48d4ytg9tvq0t9477q/1731600795.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:26fa:de00:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
475992f81e7b842772e185df256538f135de8a63656953f55f65fb53d8e7eb29

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

x-amz-version-id
Y6Fkm47zq.KfOcmaafbRU11wzHJcKtNw
age
73974
etag
"b5a3dd108f3753792bf650fea91fc21d"
via
1.1 6c1e463b1907685097cce9e63f1cf75a.cloudfront.net (CloudFront)
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
464160
x-amz-cf-id
QD2GGuh_hpuDo0Ic9wUR2cBD3Svs3LNU43Ui98dMw9CX-Fyq0FyEDA==
date
Tue, 19 Nov 2024 22:44:43 GMT
content-type
image/jpeg
last-modified
Wed, 10 Jan 2024 16:45:35 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P1
x-amz-server-side-encryption
AES256
icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.png
secure.winred.com/assets/ 		290 B
834 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.winred.com/assets/icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.png
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/assets/landing_page-6039c7fb49af57af18c66c1f088ebc528623b4d6ac05ce2e3229ba0b335bc92b.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96b04ef160f8b50520a48707a452fecdd6e6771c643706d5949020a2dea15962
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/assets/landing_page-6039c7fb49af57af18c66c1f088ebc528623b4d6ac05ce2e3229ba0b335bc92b.css

Response headers

cf-cache-status
HIT
etag
"571ee659b7ee9af9291e7dd8176721d5"
age
6880
cf-bgj
imgq:85,h2pri
x-amz-version-id
SeGtL31.4Z5Qx1ZWraBfxpsE4qrh8aPV
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 23:17:36 GMT
cf-polished
origFmt=png, origSize=560
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
image/webp
content-disposition
inline; filename="icon-dropdown-background-52b35865280d33e30f9708871085b8db6862e75bc159d6e8e3cd77af6c36bdde.webp"
vary
Accept, Accept-Encoding
last-modified
Sat, 02 Nov 2024 01:19:11 GMT
x-amz-id-2
UYvY0aPvBlIUt5VoNHLstSAjt9E4+KgRq6U5eVdghpHi8pw2D1UqCYDsWBJKnPhs3MO0Z5UUA2U=
strict-transport-security
max-age=15552000; includeSubDomains
cache-control
public, max-age=14400
cf-ray
8e5ac7f4495743ed-EWR
x-amz-request-id
BAV61BCKB0827XQS
accept-ranges
bytes
content-length
290
server
cloudflare
437395704254527
connect.facebook.net/signals/config/ 		79 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/437395704254527?v=2.9.177&r=stable&domain=secure.winred.com&hme=c3e4904c1dde42d643265ef909b9e193c41cedcd6f559a3ff5e1b178e36647fa&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7736922e7900e4685b36fe51f916801f3881a1e994339225f89f6fc45bbe6081
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-gYeckOdN' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-gYeckOdN' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=4, rtx=0, c=70, mss=1232, tbw=70304, tp=65, tpl=0, uplat=4, ullat=-1
pragma
public
x-fb-debug
Nc4R8eNTZDGVTs7dzA1j3XRFgPnZ/qjhHwk9t5jLNT53pKvsGiyb3BDomFQtdbwakA0bE9Rn+DZYfQw23d2jZQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
16155
x-xss-protection
0
origin-agent-cluster
?1
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
44 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-origin
https://secure.winred.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
date
Wed, 20 Nov 2024 19:17:36 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
vary
Origin, X-Origin, Referer
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
controller-with-preconnect-769b3a46247e671f98a3686148d00dc0.html
js.stripe.com/v3/ Frame D854 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-with-preconnect-769b3a46247e671f98a3686148d00dc0.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-88.jfk50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
59
alt-svc
h3=":443"; ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-length
651
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 19:16:37 GMT
etag
"769b3a46247e671f98a3686148d00dc0"
last-modified
Wed, 20 Nov 2024 18:03:30 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 8cdf4e2d4f4070992665477c4dbca0c0.cloudfront.net (CloudFront)
x-amz-cf-id
iO0KMRo67OY8L2WSFJ0yoq9eb-6eSInu8GbIR-KTcLsy2CvTrzSXfA==
x-amz-cf-pop
JFK50-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
elements-inner-card-e861cccbde597814ac17e46db7ba27d0.html
js.stripe.com/v3/ Frame 857E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/elements-inner-card-e861cccbde597814ac17e46db7ba27d0.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-88.jfk50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
554
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-encoding
gzip
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src data: https:; form-action 'none'; frame-src 'self' https://www.affirm.com https://checkout.link.com https://b.stripecdn.com; img-src 'self' https://q.stripe.com https://b.stripecdn.com https://js.stripe.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 19:08:27 GMT
etag
W/"e861cccbde597814ac17e46db7ba27d0"
last-modified
Wed, 20 Nov 2024 18:03:30 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 8cdf4e2d4f4070992665477c4dbca0c0.cloudfront.net (CloudFront)
x-amz-cf-id
AxW9Z0stvKVjNSvwRsA7Ns_FQcgnooXOaoXAMajzFbWCN-U-WIJRcQ==
x-amz-cf-pop
JFK50-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
current_with_info
app.revv.co/api/v3/users/ 		162 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.revv.co/api/v3/users/current_with_info?organization_token=rv_org_6KNvU36Z2qWJ2gfUBWqGZGoc&redirect=https://secure.winred.com/nrcc/amer-first-agenda-audit?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-505b517318f5ba1c04205d8daa065b5fe48bfff9f753a471bf7421b0164aa73e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:d359 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca2eff3df4b16bbefa673bdca1d2eca698d08af9088a006f09c7f5eb277ee360
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://secure.winred.com/

Response headers

access-control-max-age
0
x-request-id
0bf0b838-05a0-4a6c-86c0-9a6679bdfd3f
access-control-expose-headers
content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"ca2eff3df4b16bbefa673bdca1d2eca6"
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
x-rack-cors-original-access-control-max-age
0
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/vnd.api+json
vary
Origin, Accept-Encoding
x-runtime
0.011084
x-rack-cors-original-access-control-allow-origin
https://secure.winred.com
strict-transport-security
max-age=15552000; includeSubDomains
cache-control
max-age=0, private, must-revalidate
x-rack-cors
hit
access-control-allow-credentials
true
x-rack-cors-original-access-control-expose-headers
cf-ray
8e5ac7f68d608cee-EWR
x-rack-cors-original-access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://secure.winred.com
x-rack-cors-original-access-control-allow-credentials
true
server
cloudflare
controller-with-preconnect-769b3a46247e671f98a3686148d00dc0.html
js.stripe.com/v3/ Frame 0557 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-with-preconnect-769b3a46247e671f98a3686148d00dc0.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-88.jfk50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
59
alt-svc
h3=":443"; ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-length
651
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 19:16:37 GMT
etag
"769b3a46247e671f98a3686148d00dc0"
last-modified
Wed, 20 Nov 2024 18:03:30 GMT
origin-agent-cluster
?1
server
Cloudfront
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 8cdf4e2d4f4070992665477c4dbca0c0.cloudfront.net (CloudFront)
x-amz-cf-id
iO0KMRo67OY8L2WSFJ0yoq9eb-6eSInu8GbIR-KTcLsy2CvTrzSXfA==
x-amz-cf-pop
JFK50-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
payment-request-inner-google-pay-72abc3024fc994edacfda4c062068efb.html
js.stripe.com/v3/ Frame EF27 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/payment-request-inner-google-pay-72abc3024fc994edacfda4c062068efb.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.139.29.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-88.jfk50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
544
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-length
408
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 19:08:40 GMT
etag
"72abc3024fc994edacfda4c062068efb"
last-modified
Wed, 20 Nov 2024 18:03:45 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 c1685d59e35fdb859ab8a1f97feb5652.cloudfront.net (CloudFront)
x-amz-cf-id
JJ4X8BRzAHJhwClJ3L2x8xVta7Sn7Gfa5sVU87hvwbdpqOnbFo6qzw==
x-amz-cf-pop
JFK50-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
payment-request-inner-browser-4c611b129c032d391ac8b97b90a71e0a.html
js.stripe.com/v3/ Frame 2EE1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/payment-request-inner-browser-4c611b129c032d391ac8b97b90a71e0a.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.139.29.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-88.jfk50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
25
alt-svc
h3=":443"; ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-length
344
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com https://www.gstatic.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 19:17:11 GMT
etag
"4c611b129c032d391ac8b97b90a71e0a"
last-modified
Wed, 20 Nov 2024 18:03:45 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 c1685d59e35fdb859ab8a1f97feb5652.cloudfront.net (CloudFront)
x-amz-cf-id
JHU_LYzoSVPEveonMbqd8bAP7SP7o8i8jU4clxRSpdQ1aSO1QqrQ5A==
x-amz-cf-pop
JFK50-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
main.js
secure.winred.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/ Frame F989
Redirect Chain
  • https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://secure.winred.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Server
2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac6814e2952fa312bc5411abf844498db3b39008b1c514984476707fd9f528e2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding
br
x-content-type-options
nosniff
cf-ray
8e5ac7f71d8843ed-EWR
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Redirect headers

strict-transport-security
max-age=15552000; includeSubDomains
cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
x-content-type-options
nosniff
cf-ray
8e5ac7f69ce943ed-EWR
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 20 Nov 2024 19:17:36 GMT
vary
Accept-Encoding
server
cloudflare
collect
www.google-analytics.com/j/ 		15 B
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1564997566&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&ul=en-us&de=UTF-8&dt=America%20First!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1814878117&gjid=915628048&cid=1875082056.1732130256&tid=UA-15267911-1&_gid=1841063964.1732130256&_r=1&_slc=1&z=1906891949
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
ad278fe8eae121836378c0f601a92379a53ee8658f93ae53567e8b0a6476eeb0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://secure.winred.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://secure.winred.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
15
server
Golfe2
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=437395704254527&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&rl=&if=false&ts=1732130256534&sw=1600&sh=1200&v=2.9.177&r=stable&ec=0&o=4126&fbp=fb.1.1732130256528.718631369135991615&cs_est=true&ler=empty&cdl=API_unavailable&it=1732130256153&coo=false&rqm=GET
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=23, mss=1232, tbw=4590, tp=12, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=437395704254527&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&rl=&if=false&ts=1732130256534&sw=1600&sh=1200&v=2.9.177&r=stable&ec=0&o=4126&fbp=fb.1.1732130256528.718631369135991615&cs_est=true&ler=empty&cdl=API_unavailable&it=1732130256153&coo=false&rqm=FGET
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7439442803335054536"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
image/png
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7439442803335054536", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-debug
gTre1JLVsQM+Daz2GESASs//1oMKH+4yQ1v+XvsfvXi2wOYXj+klxhK+rOW/egfotlMNaE9L+nWCg3AG7V3lJw==
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=24, mss=1232, tbw=5125, tp=17, tpl=0, uplat=70, ullat=0
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=437395704254527&ev=CompleteRegistration&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&rl=&if=false&ts=1732130256543&sw=1600&sh=1200&v=2.9.177&r=stable&ec=1&o=4126&fbp=fb.1.1732130256528.718631369135991615&ler=empty&cdl=API_unavailable&it=1732130256153&coo=false&rqm=GET
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=23, mss=1232, tbw=4862, tp=13, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=437395704254527&ev=CompleteRegistration&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&rl=&if=false&ts=1732130256543&sw=1600&sh=1200&v=2.9.177&r=stable&ec=1&o=4126&fbp=fb.1.1732130256528.718631369135991615&ler=empty&cdl=API_unavailable&it=1732130256153&coo=false&rqm=FGET
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7439442804073598610"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xcb7badee7046d1e0","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"3":["3737590639694570"]},"debug_reporting":true,"debug_key":"4409927797194360781"}
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
6nBe75Fc8UtG3HyRDHb8feqq2xX6zBX8DskkhZQC+cNY40lIJ1KoXUy880AXbxhye39FOIywtvCHm44dmAf3yA==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7439442804073598610", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=26, mss=1232, tbw=8565, tp=20, tpl=0, uplat=97, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
js
www.googletagmanager.com/gtag/ 		392 KB
128 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c&gtm=45He4bj0v72410129za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7a7c01d3c9f2fff7465e670e329df792cfcd630d90abb23f748a06114552677c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 20 Nov 2024 19:17:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
130732
x-xss-protection
0
server
Google Tag Manager
collect
www.google.com/ccm/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=115116932.1732130257&dt=America%20First!&auid=1848102487.1732130257&npa=0&gtm=45He4bj0v72410129za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&tft=1732130256616&tfd=1768&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers
collect
www.google-analytics.com/j/ 		3 B
26 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1564997566&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&ul=en-us&de=UTF-8&dt=America%20First!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiEABBAAAACAEK~&jid=1676448019&gjid=2100408158&cid=1875082056.1732130256&tid=UA-73658561-7&_gid=1841063964.1732130256&_slc=1&gtm=45He4bj0n71NTQZ9Nv72410129za200&cd61=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=2120189862
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://secure.winred.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://secure.winred.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
3
server
Golfe2
collect
stats.g.doubleclick.net/j/ 		1 B
647 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-73658561-7&cid=1875082056.1732130256&jid=1676448019&gjid=2100408158&_gid=1841063964.1732130256&_u=aGDAiEABBAAAAGAEK~&z=987721800
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://secure.winred.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgdc:149:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgdc:149:0
access-control-allow-origin
https://secure.winred.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
1
server
Golfe2
js
www.googletagmanager.com/gtag/ 		294 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-B57E59LMFB&l=dataLayer&cx=c&gtm=45He4bj0v71312789za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F48L7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9d1867e84d6cad1f64079a868d497db92b88e4371fc36306f3353cb5afacdd11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 20 Nov 2024 19:17:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
103416
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		294 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CM6HT6HPTV&l=dataLayer&cx=c&gtm=45He4bj0v71312789za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F48L7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
88cc19b0e56e19b0644e6db53fe30b10737f4a771f111e5dbea407eb70e8421e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 20 Nov 2024 19:17:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
103417
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		228 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-9232116
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F48L7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
88d77a631e19dae10d5fc39e7b52d79fdd73aa3961ea6fe8c0804062556572a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 20 Nov 2024 19:17:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 20 Nov 2024 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
83631
x-xss-protection
0
server
Google Tag Manager
destination
www.googletagmanager.com/gtag/ 		259 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-815133722&l=dataLayer&cx=c&gtm=45He4bj0v71312789za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F48L7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a41c11413d83e5d1ac723f70c87916ac03d388617a5d9dc149ae78d189dcd87d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Wed, 20 Nov 2024 19:17:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 20 Nov 2024 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
93766
x-xss-protection
0
server
Google Tag Manager
collect
stats.g.doubleclick.net/j/ 		1 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-15267911-1&cid=1875082056.1732130256&jid=1670470498&gjid=1144909801&_gid=1841063964.1732130256&_u=aGDAiEABBAAAAGAEK~&z=1641849484
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://secure.winred.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgdc:149:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgdc:149:0
access-control-allow-origin
https://secure.winred.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
1
server
Golfe2
ytc.js
s.yimg.com/wi/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4998:1c:800::1001 , United States, ASN14779 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
aebe8df81ee2ba5bc51e3abc322910ee5122a0ac06edfbcf7a04e1659d17dc9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
gzip
etag
"bc033c3a83e1880e480086bf11ac0b0a-df"
x-amz-version-id
JRuD6BVFDpXh1T7iUrCVWNpcX_ACBwVG
age
109
date
Wed, 20 Nov 2024 19:15:48 GMT
last-modified
Wed, 28 Aug 2024 12:33:10 GMT
vary
Origin, Accept-Encoding
x-amz-expiration
expiry-date="Fri, 03 Oct 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
content-type
application/javascript
x-amz-id-2
O57NvW3oLob/r3+JBiu8Cz4RZn0b6UGslniwLopdIr3sInBhGygK060F4DyElvt3cpuczwR6mQE245hOFNEAxIQ8Ou8FEP/myAh1ePmPrjo=
strict-transport-security
max-age=31536000
cache-control
public,max-age=3600
ats-carp-promotion
1, 1
referrer-policy
no-referrer-when-downgrade
x-amz-request-id
B87TQY0HDB4W2R0A
accept-ranges
bytes
content-length
6826
server
ATS
x-amz-server-side-encryption
AES256
316720908987052
connect.facebook.net/signals/config/ 		26 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/316720908987052?v=2.9.177&r=stable&domain=secure.winred.com&hme=c3e4904c1dde42d643265ef909b9e193c41cedcd6f559a3ff5e1b178e36647fa&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113%2C201%2C200%2C202%2C207%2C208%2C209%2C205%2C197%2C132%2C134%2C163%2C196%2C198%2C122%2C157%2C145%2C151%2C129%2C234%2C116%2C126%2C127%2C235%2C165%2C119%2C237%2C166%2C136%2C123%2C154%2C148%2C193%2C114%2C128
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e667fc2b45fdde06b5c0b9dae262a71137a69b261cf78e271ef1618dbdf4f375
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-GmNK53Hz' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-GmNK53Hz' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=3, rtx=0, c=84, mss=1232, tbw=87568, tp=82, tpl=0, uplat=3, ullat=-1
pragma
public
x-fb-debug
3Pn04shgQmjXk4FHLg0YHcTzaG2UpKWpp2nL0SO1HnriwbRrYQ/CD2wUvO7mmHERv+EJm8Q1TPJMuftgMABtlA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
3246
x-xss-protection
0
origin-agent-cluster
?1
events.js
tags.srv.stackadapt.com/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.198.76.171 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-198-76-171.compute-1.amazonaws.com
Software
/
Resource Hash
2462394973d6f2a0f913f26ea1e6c8b863f7fba2c6ba4e23990e36078f08cbab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

access-control-allow-origin
*
cache-control
max-age=5
content-encoding
gzip
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
text/javascript
uwt.js
static.ads-twitter.com/ 		57 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.44.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

vary
Accept-Encoding,Host
cache-control
no-cache
content-encoding
gzip
etag
"4328e910de583ad53b3a7a76455af005+gzip+gzip"
accept-ranges
bytes
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length
15926
date
Wed, 20 Nov 2024 19:17:36 GMT
x-tw-cdn
FT
last-modified
Tue, 29 Oct 2024 01:22:31 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-iad-kiad7000145-IAD, cache-nyc-kteb1890052-NYC
x-amz-server-side-encryption
AES256
js
www.googletagmanager.com/gtag/ 		378 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-9J5139D7ZF&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7c25cc80e2c1b479825a9afbdb4c17f10a8673629b4162879c22edb9ab29aeca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 20 Nov 2024 19:17:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:36 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
127471
x-xss-protection
0
server
Google Tag Manager
collect
www.google-analytics.com/ 		35 B
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1564997566&t=event&ni=0&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&ul=en-us&de=UTF-8&dt=America%20First!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=donation%20landing%20page&ea=user%20session%20start&el=landing%20page%20settings&_u=aGDAiEABBAAAAGAEK~&jid=&gjid=&cid=1875082056.1732130256&tid=UA-73658561-7&_gid=1841063964.1732130256&gtm=45He4bj0n71NTQZ9Nv72410129za200&cd41=anonymous&cd58=f&cd61=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=913537892
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

age
82224
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 19 Nov 2024 20:27:12 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
35
server
Golfe2
collect
www.google-analytics.com/ 		35 B
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1564997566&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&ul=en-us&de=UTF-8&dt=America%20First!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiEABBAAAAGAEK~&jid=1670470498&gjid=1144909801&cid=1875082056.1732130256&tid=UA-15267911-1&_gid=1841063964.1732130256&gtm=45He4bj0n715F48L7v71312789za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=1543731714
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

age
82224
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 19 Nov 2024 20:27:12 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
35
server
Golfe2
link-modal-inner-f430da4c8d7a6e21359105408a30d3c6.html
js.stripe.com/v3/ Frame 49DF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/link-modal-inner-f430da4c8d7a6e21359105408a30d3c6.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.139.29.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-88.jfk50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com https://errors.stripe.com https://api.stripe.com https://merchant-ui-api.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com https://checkout.link.com; img-src 'self' https://js.stripe.com https://q.stripe.com https://b.stripecdn.com; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
52
alt-svc
h3=":443"; ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-length
807
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com https://errors.stripe.com https://api.stripe.com https://merchant-ui-api.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com https://checkout.link.com; img-src 'self' https://js.stripe.com https://q.stripe.com https://b.stripecdn.com; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com https://errors.stripe.com https://api.stripe.com https://merchant-ui-api.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com https://checkout.link.com; img-src 'self' https://js.stripe.com https://q.stripe.com https://b.stripecdn.com; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 19:16:44 GMT
etag
"f430da4c8d7a6e21359105408a30d3c6"
last-modified
Wed, 20 Nov 2024 18:03:44 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 c1685d59e35fdb859ab8a1f97feb5652.cloudfront.net (CloudFront)
x-amz-cf-id
x9UDkil17ianAEd34tgMEQgNqC2APoZCKnB2MHA8NECyutDj2m4QsQ==
x-amz-cf-pop
JFK50-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
sw_iframe.html
www.googletagmanager.com/static/service_worker/4bj0/ Frame 9F97 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fsecure.winred.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
81781
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Nov 2024 20:34:35 GMT
expires
Wed, 19 Nov 2025 20:34:35 GMT
last-modified
Tue, 19 Nov 2024 10:38:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
8e5ac7f06bc543ed
secure.winred.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame F989 		0
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/cdn-cgi/challenge-platform/h/b/jsd/r/8e5ac7f06bc543ed
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-ray
8e5ac7fa79f843ed-EWR
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=316720908987052&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&rl=&if=false&ts=1732130257058&sw=1600&sh=1200&v=2.9.177&r=stable&ec=0&o=4125&fbp=fb.1.1732130256528.718631369135991615&ler=empty&cdl=API_unavailable&it=1732130256153&coo=false&rqm=GET
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=27, mss=1232, tbw=9845, tp=24, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=316720908987052&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&rl=&if=false&ts=1732130257058&sw=1600&sh=1200&v=2.9.177&r=stable&ec=0&o=4125&fbp=fb.1.1732130256528.718631369135991615&ler=empty&cdl=API_unavailable&it=1732130256153&coo=false&rqm=FGET
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7439442806921729780"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
/vNDjVfiz+itt9d9ZI17tVAH1/9AAtbfUFctRSlUAxbHEEIqEytgdmMKyx0MZEH95S0Q1Wf54/2tqtgukpqjlQ==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7439442806921729780", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=28, mss=1232, tbw=10085, tp=27, tpl=0, uplat=71, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
collect
gtm.winred.com/g/ 		688 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je4bj0v867905447z872410129za200zb72410129&_p=1732130255748&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1875082056.1732130256&ecid=997826232&ul=en-us&sr=1600x1200&_fplc=0&ur=US-NY&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sst.tft=1732130255748&sst.ude=0&_s=1&sid=1732130257&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&dt=America%20First!&en=page_view&_fv=1&_ss=1&ep.pagepath=%2Fnrcc%2Famer-first-agenda-audit%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit&epn.load_time_sec=-1732130254.8&epn.event_fire_time=1732130256585&ep.event_uuid=c8bb6d8e-49fc-40e4-97ac-c57dfade4f08&ep.isVideoPage=f&ep.referrer=&tfd=2271&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c&gtm=45He4bj0v72410129za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:e534 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0cedea475a3b6ce922dba663091cfb437680951c88fa84068e44800c8b15eb4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
cache-control
no-cache
content-encoding
gzip
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
cf-ray
8e5ac7fb3e661778-EWR
access-control-allow-origin
https://secure.winred.com
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain
vary
Accept-Encoding
server
cloudflare
10148631.json
s.yimg.com/wi/config/ 		46 B
579 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/config/10148631.json
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4998:1c:800::1001 , United States, ASN14779 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
7802514279d805a825923d8ff3b2746e3fa7d4c719d791292b6f860bc2acf20d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

x-amz-version-id
B9SCINrqe.XAZ.0bdS8Now5ezHRmKVtk
etag
"d858dce265978fc7a1a7968464b2fe67"
age
2248
access-control-allow-methods
GET
date
Wed, 20 Nov 2024 18:40:10 GMT
last-modified
Wed, 20 Nov 2024 15:57:07 GMT
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-expiration
expiry-date="Fri, 26 Dec 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
content-type
application/json
x-amz-id-2
0cfQeLG7NoTNTiJUe0azVZ6MTAK0vKTOvKoXG2pDC1bNkf5tRLTHHj+JrxOsuHzNTqr7dTs+pYSxEzLbE1/y1Q==
strict-transport-security
max-age=31536000
ats-carp-promotion
1, 1
referrer-policy
no-referrer-when-downgrade
x-amz-request-id
B6GSZ93E4CZEWR8T
accept-ranges
bytes
access-control-allow-origin
*
content-length
46
server
ATS
x-amz-server-side-encryption
AES256
adsct
t.co/1/i/ 		43 B
626 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=7e444eb8-c984-489a-8311-de83ca8b6589&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=43181192-908a-41f4-90e4-d1f2b9e48278&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&tw_iframe_status=0&txn_id=oey2z&type=javascript&version=2.3.31
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

strict-transport-security
max-age=0
x-transaction-id
6bcccdd867ad4e02
cache-control
no-cache, no-store, max-age=0
x-connection-hash
c02a92b2aa65deece937d2305a0806ae7e235509064fc5830e060f673221ad7b
cf-cache-status
DYNAMIC
cf-ray
8e5ac7fb8b88c325-EWR
x-response-time
73
content-length
43
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
image/gif;charset=utf-8
perf
7402827104
server
cloudflare tsa_b
adsct
analytics.twitter.com/1/i/ 		43 B
723 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=7e444eb8-c984-489a-8311-de83ca8b6589&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=43181192-908a-41f4-90e4-d1f2b9e48278&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&tw_iframe_status=0&txn_id=oey2z&type=javascript&version=2.3.31
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

strict-transport-security
max-age=631138519
x-transaction-id
43e0189f137abc33
cache-control
no-cache, no-store, max-age=0
x-connection-hash
b1d8f9085be91406990385c643c1aebe87921b51b82fcb70de628aafa4a07f95
x-response-time
75
content-length
43
date
Wed, 20 Nov 2024 19:17:36 GMT
perf
7402827104
content-type
image/gif;charset=utf-8
server
tsa_b
adsct
t.co/1/i/ 		43 B
470 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=8e382a2e-5397-426d-be7b-006f9f07db07&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=43181192-908a-41f4-90e4-d1f2b9e48278&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&tw_iframe_status=0&txn_id=olqgl&type=javascript&version=2.3.31
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

strict-transport-security
max-age=0
x-transaction-id
299807de8355cdda
cache-control
no-cache, no-store, max-age=0
x-connection-hash
6df07b34d2f6e52edbc21a5ad0d28770b024d908f07b9cee3c5e8dab74ed2767
cf-cache-status
DYNAMIC
cf-ray
8e5ac7fb7b87c325-EWR
x-response-time
81
content-length
43
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
image/gif;charset=utf-8
perf
7402827104
server
cloudflare tsa_b
adsct
analytics.twitter.com/1/i/ 		43 B
544 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=8e382a2e-5397-426d-be7b-006f9f07db07&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=43181192-908a-41f4-90e4-d1f2b9e48278&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&tw_iframe_status=0&txn_id=olqgl&type=javascript&version=2.3.31
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

strict-transport-security
max-age=631138519
x-transaction-id
b0d387d00badd623
cache-control
no-cache, no-store, max-age=0
x-connection-hash
b1d8f9085be91406990385c643c1aebe87921b51b82fcb70de628aafa4a07f95
x-response-time
81
content-length
43
date
Wed, 20 Nov 2024 19:17:36 GMT
perf
7402827104
content-type
image/gif;charset=utf-8
server
tsa_b
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-B57E59LMFB&gtm=45je4bj0v878724311z871312789za200zb71312789&_p=1732130255748&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1875082056.1732130256&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1732130257&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&dt=America%20First!&en=page_view&_fv=1&_ss=1&ep.ex_tid=20241120_DB110NR.116776_t1580528-573&tfd=2360
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B57E59LMFB&l=dataLayer&cx=c&gtm=45He4bj0v71312789za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://secure.winred.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain
server
Golfe2
sa.css
tags.srv.stackadapt.com/ 		65 B
203 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.198.76.171 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-198-76-171.compute-1.amazonaws.com
Software
/
Resource Hash
da18f719423cf48f2b886317b78ff4c105214691666cff7a542c4d107e707c8b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

access-control-allow-origin
*
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
65
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/css
sa.jpeg
tags.srv.stackadapt.com/ 		0
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.198.76.171 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-198-76-171.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

access-control-allow-origin
*
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
651
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
image/jpeg
js
www.googletagmanager.com/gtag/ 		259 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-815133722&l=dataLayer&cx=c&gtm=45He4bj0v72410129za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
20ca285463ffd5707cdac3c170c374bbb0ee3e7504d6f79c09126c80aca93661
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 20 Nov 2024 19:17:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 20 Nov 2024 18:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
93806
x-xss-protection
0
server
Google Tag Manager
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/815133722/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/815133722/?random=1732130257270&cv=11&fst=1732130257270&bg=ffffff&guid=ON&async=1&gtm=45be4bj0v892291033z871312789za201zb71312789&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&hn=www.googleadservices.com&frm=0&tiba=America%20First!&npa=0&pscdl=noapi&auid=1848102487.1732130257&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-815133722&l=dataLayer&cx=c&gtm=45He4bj0v71312789za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
606badb105a624cc110fcc6e3794690b251245841268d2cd40bb0ebd02a58ea6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2424
date
Wed, 20 Nov 2024 19:17:37 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
815133722
td.doubleclick.net/td/rul/ Frame C091 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/815133722?random=1732130257270&cv=11&fst=1732130257270&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bj0v892291033z871312789za201zb71312789&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&hn=www.googleadservices.com&frm=0&tiba=America%20First!&npa=0&pscdl=noapi&auid=1848102487.1732130257&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-815133722&l=dataLayer&cx=c&gtm=45He4bj0v71312789za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://secure.winred.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Nov 2024 19:17:37 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-CM6HT6HPTV&gtm=45je4bj0v883914665z871312789za200zb71312789&_p=1732130255748&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1875082056.1732130256&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1732130257&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&dt=America%20First!&en=page_view&_fv=1&_ss=1&ep.ex_tid=20241120_DB110NR.116776_t1580528-573&tfd=2536
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CM6HT6HPTV&l=dataLayer&cx=c&gtm=45He4bj0v71312789za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://secure.winred.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain
server
Golfe2
sp.pl
sp.analytics.yahoo.com/ 		43 B
677 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2020%20Nov%202024%2019%3A17%3A37%20GMT&n=10&b=America%20First!&.yp=10148631&f=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&enc=UTF-8&yv=1.16.5&tagmgr=gtm
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.72.192.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-192-139.compute-1.amazonaws.com
Software
ATS/9.1.10.144 /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
cache-control
no-cache, no-store, private, must-revalidate
pragma
no-cache
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-content-type-options
nosniff
via
http/1.1 traffic_server (ApacheTrafficServer/9.1.10.144)
expires
Wed, 20 Nov 2024 19:17:37 GMT
accept-ranges
bytes
referrer-policy
strict-origin-when-cross-origin
content-length
43
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
image/gif
server
ATS/9.1.10.144
x-frame-options
DENY
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-9J5139D7ZF&gtm=45je4bk0h2v9139044878za200&_p=1732130255748&_gaz=1&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&ul=en-us&sr=1600x1200&cid=1875082056.1732130256&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&dt=America%20First!&sid=1732130257&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2652
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9J5139D7ZF&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://secure.winred.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
269 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-9J5139D7ZF&cid=1875082056.1732130256&gtm=45je4bk0h2v9139044878za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9J5139D7ZF&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://secure.winred.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame CB36 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-9J5139D7ZF&gacid=1875082056.1732130256&gtm=45je4bk0h2v9139044878za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&_ng=1&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=1464893806
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9J5139D7ZF&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://secure.winred.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Nov 2024 19:17:37 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.google.com/pagead/1p-user-list/815133722/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/815133722/?random=1732130257270&cv=11&fst=1732129200000&bg=ffffff&guid=ON&async=1&gtm=45be4bj0v892291033z871312789za201zb71312789&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&hn=www.googleadservices.com&frm=0&tiba=America%20First!&npa=0&pscdl=noapi&auid=1848102487.1732130257&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7duOLCal874GlluIuzEJ_4jxEUkO3JbA&random=892770789&rmt_tld=0&ipr=y
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 20 Nov 2024 19:17:37 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
analytics.google.com/g/s/ 		0
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.google.com/g/s/collect?dma=0&npa=0&gcd=13l3l3l3l1l1&gtm=45j91e4bj0v867905447z872410129z9867900975za200zb72410129&tag_exp=101925629~102067555~102067808~102077855~102081485&_gsid=X6H0114PDFtQBP5s0EkmsApXqg2fV04A
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:194:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:194:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&dma=0&npa=0&gcd=13l3l3l3l1l1&tid=G-X6H0114PDF&cid=%2FL7tNbs2nqZSKf%2B2%2FzSgSk6Gc5fnmn8sU6GZCYS%2BJX0%3D.1732130256&gtm=45j91e4bj0v867905447z872410129z9867900975za200zb72410129&tag_exp=101925629~102067555~102067808~102077855~102081485&aip=1
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain
server
Golfe2
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/815133722/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/815133722/?random=1732130257615&cv=11&fst=1732130257615&bg=ffffff&guid=ON&async=1&gtm=45be4bj0v892291033za200zb72410129&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&hn=www.googleadservices.com&frm=0&tiba=America%20First!&npa=0&pscdl=noapi&auid=1848102487.1732130257&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-815133722&l=dataLayer&cx=c&gtm=45He4bj0v72410129za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b45afbb6577345d5866e8ff0e3720e4048e28335e480bd4b01f82632927cdb5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2457
date
Wed, 20 Nov 2024 19:17:37 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
815133722
td.doubleclick.net/td/rul/ Frame B7EC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/815133722?random=1732130257615&cv=11&fst=1732130257615&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bj0v892291033za200zb72410129&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&hn=www.googleadservices.com&frm=0&tiba=America%20First!&npa=0&pscdl=noapi&auid=1848102487.1732130257&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-815133722&l=dataLayer&cx=c&gtm=45He4bj0v72410129za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://secure.winred.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Nov 2024 19:17:37 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
hcaptcha-invisible-0a26bdc1b1e8d0a712e9cdb216dd10f5.html
js.stripe.com/v3/ Frame 7E49 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/hcaptcha-invisible-0a26bdc1b1e8d0a712e9cdb216dd10f5.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.139.29.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-88.jfk50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-ONPtbdSe20IAx3KF4p6KDgLIPLJfpwI/xYAAgUlvAIY='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
823
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-encoding
br
content-security-policy
base-uri 'none'; connect-src 'self' https://errors.stripe.com https://r.stripe.com; default-src 'self'; form-action 'none'; frame-src 'self' https://b.stripecdn.com; img-src 'self' https://q.stripe.com; object-src 'none'; script-src 'self' 'sha256-ONPtbdSe20IAx3KF4p6KDgLIPLJfpwI/xYAAgUlvAIY='; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 19:03:55 GMT
etag
W/"f292e7c27d1d9efcfb748ef3b96f0a82"
last-modified
Wed, 20 Nov 2024 18:03:44 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 c1685d59e35fdb859ab8a1f97feb5652.cloudfront.net (CloudFront)
x-amz-cf-id
KNtbfiG7ZEIJjJZ5-rhx7psJJcyK_qyLiEoQgtHq8cyszxwOvp6y7Q==
x-amz-cf-pop
JFK50-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
collect
gtm.winred.com/g/ 		65 B
540 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je4bj0v867905447z872410129za200zb72410129&_p=1732130255748&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1875082056.1732130256&ecid=997826232&ul=en-us&sr=1600x1200&_fplc=0&ur=US-NY&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sst.tft=1732130255748&sst.ude=0&_s=2&sid=1732130257&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&dt=America%20First!&en=user%20session%20start&ep.pagepath=%2Fnrcc%2Famer-first-agenda-audit%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit&epn.load_time_sec=-1732130254.8&epn.event_fire_time=1732130256656&ep.event_uuid=c906f336-7e3f-4589-a1fe-f3abb7f40d0a&ep.isVideoPage=f&ep.referrer=&ep.category=donation%20landing%20page&ep.action=user%20session%20start&ep.label=landing%20page%20settings&ep.customCSS=f&ep.usercategory=anonymous&_et=9&tfd=2848&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c&gtm=45He4bj0v72410129za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:e534 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
cache-control
no-cache
content-encoding
gzip
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
cf-ray
8e5ac7febb671778-EWR
access-control-allow-origin
https://secure.winred.com
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain
vary
Accept-Encoding
server
cloudflare
/
www.google.com/pagead/1p-user-list/815133722/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/815133722/?random=1732130257615&cv=11&fst=1732129200000&bg=ffffff&guid=ON&async=1&gtm=45be4bj0v892291033za200zb72410129&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&hn=www.googleadservices.com&frm=0&tiba=America%20First!&npa=0&pscdl=noapi&auid=1848102487.1732130257&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQCa7L7dS50MtYUaNHTOJyJdfKGlXos-v7ev0T9ugWUX7pkhF44KkqKz&random=2028918570&rmt_tld=0&ipr=y
Requested by
Host: secure.winred.com
URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 20 Nov 2024 19:17:37 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
saq_pxl
tags.srv.stackadapt.com/ 		94 B
288 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=7WlXqkCbytjp_O_OKWgGWg&is_js=true&landing_url=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&t=America%20First!&tip=gy1b5jato5JH-WcD58TfBXIERkssVurJWBPO30vqyeg&host=https%3A%2F%2Fsecure.winred.com&sa_conv_data_css_value=%270-ba3703a4-7d3e-54e2-5ce4-4b4c13ecf31c%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9ba3703a47d3e54e25ce44b4c13ecf31c05b5ea84&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKILSiotaG3ZUsNbieaTSkS6VQ7x-Z9q5FOkocBcJ1Y3L1ENYBGAQg0Ov4uQYwAToEQiu0oEIEmQRLDA.3ycZt%252ByBg17LTb16u0LHviX8oJJ9YD4oSP0iJILeK3Q&sa-user-id-v2=s%253AujcDpH0-VOJc5EtME-zzHAW16oQ.W8lYU%252FILDOP5O1h7knAoZzm4kKrVdxUnxIrhnbGwOg4&sa-user-id=s%253A0-ba3703a4-7d3e-54e2-5ce4-4b4c13ecf31c.gf2Wp9k%252FaoOgGUwOJs44Flcmi0jMyn5BPpcoIi%252BpKtc
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.198.76.171 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-198-76-171.compute-1.amazonaws.com
Software
/
Resource Hash
078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

access-control-allow-methods
GET
access-control-allow-origin
https://secure.winred.com
content-length
94
date
Wed, 20 Nov 2024 19:17:37 GMT
content-type
text/plain; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
*
rum
secure.winred.com/cdn-cgi/ 		0
142 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.winred.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:d459 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type
application/json
Referer
https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
POST,OPTIONS
x-content-type-options
nosniff
cf-ray
8e5ac8018c0743ed-EWR
access-control-allow-origin
https://secure.winred.com
date
Wed, 20 Nov 2024 19:17:38 GMT
vary
Origin
server
cloudflare
x-frame-options
DENY
Artboard.png
d35ligi1n5bgzc.cloudfront.net/favicons/favicon_assets/000/015/569/original/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://d35ligi1n5bgzc.cloudfront.net/favicons/favicon_assets/000/015/569/original/Artboard.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:26fa:de00:0:7d26:ee00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fc1c77849ba3a6020b87884599c1aefa09a9e1d7bfed95ad3deec6a5d4c08902

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

x-amz-version-id
FN8PLjpE4LnyaM50_d0emgSd0vAz496F
age
52208
etag
"7b9c8b7070c8f9c81fc9a133d26daf4e"
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
RhuA-xfrKAEkMaU-f8yHw5Qjk7zVHrc8b6F6b3LMNr1foNXeVHqsWw==
date
Wed, 20 Nov 2024 04:47:31 GMT
content-type
image/png
vary
accept-encoding
last-modified
Wed, 10 Jul 2019 18:21:57 GMT
via
1.1 6c1e463b1907685097cce9e63f1cf75a.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
1512
x-amz-cf-pop
JFK52-P1
server
AmazonS3
x-amz-server-side-encryption
AES256
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame E545 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.139.29.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-88.jfk50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://secure.winred.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2618
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 18:34:03 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 15 Nov 2024 21:14:25 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 c1685d59e35fdb859ab8a1f97feb5652.cloudfront.net (CloudFront)
x-amz-cf-id
lmUKA6lrPVSrFw2nDwpwGkzAuz0rlResIAbOYfGxVtPZj7NUeYNBow==
x-amz-cf-pop
JFK50-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
common.js
maps.googleapis.com/maps-api-v3/api/js/58/11a/ 		267 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/58/11a/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87969313ec0e62ca6dd87f362f5d80be5d5850df5cc92e40aea16d405a80b9b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
age
12951
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
x-content-type-options
nosniff
expires
Thu, 20 Nov 2025 15:41:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 15:41:50 GMT
last-modified
Tue, 29 Oct 2024 22:44:00 GMT
content-type
text/javascript
vary
Accept-Encoding, Origin
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
accept-ranges
bytes
content-length
56823
x-xss-protection
0
server
sffe
util.js
maps.googleapis.com/maps-api-v3/api/js/58/11a/ 		191 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/58/11a/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bfd7735ba4bbccdafb1fd3c00d9182d5ed058e194a1c33a15c096091b5a2a630
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

content-encoding
br
age
2234
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
x-content-type-options
nosniff
expires
Thu, 20 Nov 2025 18:40:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 18:40:27 GMT
last-modified
Tue, 29 Oct 2024 22:44:00 GMT
content-type
text/javascript
vary
Accept-Encoding, Origin
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
accept-ranges
bytes
content-length
59447
x-xss-protection
0
server
sffe
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-9J5139D7ZF&gtm=45je4bk0h2v9139044878za200&_p=1732130255748&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&ul=en-us&sr=1600x1200&cid=1875082056.1732130256&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=ABAI&_s=2&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&dt=America%20First!&sid=1732130257&sct=1&seg=1&en=page_view&_ee=1&_et=51&tfd=7718
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9J5139D7ZF&cx=c&_slc=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://secure.winred.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 19:17:42 GMT
content-type
text/plain
server
Golfe2
trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js
js.stripe.com/v3/fingerprinted/js/ 		176 B
692 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-110.jfk50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

etag
"96f5b26d366f47393b3ff36fe7471474"
age
2615
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
-bF5Q_e0GxDrGbujyKDc3dMbrdBus2lQWylWEu9hJSsodeRjAcS_ow==
date
Wed, 20 Nov 2024 18:34:09 GMT
content-type
text/javascript; charset=utf-8
last-modified
Fri, 15 Nov 2024 21:14:24 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 f391dfb0806f29cccc5f1df3e1ae836e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
176
x-amz-cf-pop
JFK50-P2
server
Cloudfront
collect
gtm.winred.com/g/ 		65 B
390 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gtm.winred.com/g/collect?v=2&tid=G-X6H0114PDF&gtm=45je4bj0v867905447z872410129za200zb72410129&_p=1732130255748&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1875082056.1732130256&ecid=997826232&ul=en-us&sr=1600x1200&ur=US-NY&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sst.tft=1732130255748&sst.ude=0&_s=3&sid=1732130257&sct=1&seg=0&dl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit%2F%3Futm_term%3Ddb-nrcc-cr147smsb-003%26source_code%3Ddb-nrcc-cr147smsb-003%26amtposition%3D3%26recurring%3Dtrue%26ex_tid%3D20241120_DB110NR.116776_t1580528-573&dt=America%20First!&en=page_load_time_event&ep.pagepath=%2Fnrcc%2Famer-first-agenda-audit%2F&ep.pagehostname=secure.winred.com&ep.parsedurl=https%3A%2F%2Fsecure.winred.com%2Fnrcc%2Famer-first-agenda-audit&epn.load_time_sec=3.3&epn.event_fire_time=1732130258167&ep.event_uuid=5477f3fa-bcbc-43d5-bdf0-af50b920e5f1&ep.isVideoPage=f&ep.referrer=&ep.category=donation%20landing%20page&ep.action=user%20session%20start&ep.label=landing%20page%20settings&ep.customCSS=f&ep.usercategory=anonymous&epn.loading_time_sec_on_window_load=3.31&_et=1041&tfd=8328&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6H0114PDF&l=dataLayer&cx=c&gtm=45He4bj0v72410129za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:e534 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://secure.winred.com/

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
cache-control
no-cache
content-encoding
gzip
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
x-content-type-options
nosniff
via
1.1 google
cf-ray
8e5ac820d9cf1778-EWR
access-control-allow-origin
https://secure.winred.com
alt-svc
h3=":443"; ma=86400
date
Wed, 20 Nov 2024 19:17:43 GMT
content-type
text/plain
vary
Accept-Encoding
server
cloudflare

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| dataLayer function| fbq function| _fbq boolean| isWinRed string| app_platform object| webpackChunkStripeJSouter function| noop function| Stripe function| $ function| jQuery object| jQuery112405531591021491724 function| Tether function| NestedFormEvents object| nestedFormEvents function| JQClass object| bioEp function| Cookies object| App object| picturefillCFG function| picturefill object| party function| UAParser function| gm_authFailure string| GoogleAnalyticsObject function| ga object| antiClickjack object| google object| litHtmlVersions object| module$exports$mapsapi$geometry$spherical object| litElementVersions object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView object| __cfBeacon function| landingPageFormSubmitRecaptchaSuccess function| landingPageFormSubmitRecaptchaError object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| postscribe object| google_tag_manager_external object| dotq function| saq function| _saq function| twq function| onYouTubeIframeAPIReady object| YAHOO object| regeneratorRuntime object| twttr function| gtag object| GooglebQhCsO object| res object| saCookies string| current_window_url_param

43 Cookies

Domain/Path Name / Value
app.revv.co/api/v3/users Name: rvid
Value: 8dc03f54-0919-4440-8e55-c156ccc0d2db
secure.winred.com/ Name: __production_revv_csrftoken
Value: 1732130255%7CO%2BdoL%2BVfKOgx5H1wV48bViCgmjFXkxTvKSzXVmVF4Zw%3D%7CGkKCdsKXkFlMs2as3bYNnz7D%2FmvxQLADXQMC%2FNmKaoE%3D
.winred.com/ Name: _revv_v3_session
Value: aTVKckhnc0EyRzRMc1ZoOGcyQlQ0c0pjNldHbVhXUitzdjIzUlJrQVRCS2lEeXBYWTUxR2xzL1g4cTNhTEovTHFTR0VEYmhYUXltSUYrLzJIRUl4QjdTTnRGL1dBYXBIV3FndnA1dXN3aUxJOUluc0Z3Y2VKdG1CakpYQzVkWGF6RVZIUkNrVE14dTU1RnJaSlhGMk9CSmY0Y2U1dnh4bHpDMkNnV0VvQWNTZ1FpWjVCejZQSy8wZ3dMTE1BSkUwSkRnS3dUZTVSTmQzYzFlZXhVTUdRRE1CcERGK2lPdGNDK2RiaUZoZkJzUEFLQVJNOXJrZGRmckNzU0NHSXFKZHBUOGxNTU5wS2I4VFVEcjdoZkFrNkhFQXBaekpMU1lUVkRvNExSdmJoM3c9LS1nWUtDZmlnM3R3TmxJZksrREpCWGdnPT0%3D--22ff8c0c2cc00951b21bb93f2aafdfa1d39d53f3
.secure.winred.com/ Name: __cf_bm
Value: ecOxXEClLD8NVDxZDxiHbDoNhHY69Qj1YckMYLnDTDo-1732130255-1.0.1.1-pEzs9E3nAMurgSuf91ZyjHxDS4tWuM4aRlLDPLaoyItc2xcjTA3Gw6YXpQcga6U2dq6ff9w.6JYQFTl79Jsp4w
secure.winred.com/ Name: origin_url
Value: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
.winred.com/ Name: _gid
Value: GA1.2.1841063964.1732130256
.winred.com/ Name: _gat
Value: 1
.winred.com/ Name: _fbp
Value: fb.1.1732130256528.718631369135991615
.revv.co/ Name: _revv_v3_session
Value: SkJoZ1kyNkxYdVNwalVHL0VWb1E4cjVZRHpyZWpxbENZWGxyTG5SMTBZZ3FscUJUT0FUYlhDenRWNWViVDQ3TzdrdFkvSEZ5U3JwVTBNRWlxOThibnc9PS0tdjR1MGxkWTRrOTdYblZGaXRTQkFUdz09--7aa04cee16f49fec385886b3c73fc4b5c2506989
.revv.co/ Name: __cf_bm
Value: GQu_OZr7xWFIClfz8hnWTQXXcBMcti6n80qd8PN2zFc-1732130256-1.0.1.1-1mv96jXvs19ZE.U2mlKKcXfKFGP_fLTsm4ty6PQjwxGd8sXEGdCZ.kgOcHP.ctB2ziFcnExeCe5De7ufjOToAw
.winred.com/ Name: _gcl_au
Value: 1.1.1848102487.1732130257
.winred.com/ Name: _dc_gtm_UA-73658561-7
Value: 1
.winred.com/ Name: _dc_gtm_UA-15267911-1
Value: 1
secure.winred.com/ Name: sso_tries
Value: 1
secure.winred.com/ Name: rvid
Value: 8dc03f54-0919-4440-8e55-c156ccc0d2db
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-ba3703a4-7d3e-54e2-5ce4-4b4c13ecf31c.gf2Wp9k%2FaoOgGUwOJs44Flcmi0jMyn5BPpcoIi%2BpKtc
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-ba3703a4-7d3e-54e2-5ce4-4b4c13ecf31c.gf2Wp9k%2FaoOgGUwOJs44Flcmi0jMyn5BPpcoIi%2BpKtc
tags.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AujcDpH0-VOJc5EtME-zzHAW16oQ.W8lYU%2FILDOP5O1h7knAoZzm4kKrVdxUnxIrhnbGwOg4
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AujcDpH0-VOJc5EtME-zzHAW16oQ.W8lYU%2FILDOP5O1h7knAoZzm4kKrVdxUnxIrhnbGwOg4
tags.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKILSiotaG3ZUsNbieaTSkS6VQ7x-Z9q5FOkocBcJ1Y3L1ENYBGAQg0Ov4uQYwAToEQiu0oEIEmQRLDA.3ycZt%2ByBg17LTb16u0LHviX8oJJ9YD4oSP0iJILeK3Q
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKILSiotaG3ZUsNbieaTSkS6VQ7x-Z9q5FOkocBcJ1Y3L1ENYBGAQg0Ov4uQYwAToEQiu0oEIEmQRLDA.3ycZt%2ByBg17LTb16u0LHviX8oJJ9YD4oSP0iJILeK3Q
.secure.winred.com/ Name: cf_clearance
Value: vLL9XBZQGrdRmAniQjBFeOaqFXS_9T7cS0zt.n0byQU-1732130257-1.2.1.1-tUeW8s8rl3sLJrF1d0h.OtKwRdmJd1wCfoGk.aT53Eec7dJ1jYgE8_boeDlWd_lNIeYP_89POjrcCqK5bVny2CIVxeK8Uw4p3S44SUSQ1nPbJQ8jDfkgropRvRURyolkvygk34KmOGd57cthdXk0XE7GTDb_HQaTue2wab3k9rMQxrjNiRppq5E6XkhiHiueSfWEktOwn08.Rf3IYBNSHvG7o7eF4t.N_Cyf97ul4rWbahv3OHb1W2OYuAIsjadvrv2CgD1yy.UwCrhOgbJ11RyUOp4PNjjyMrISHTRva6p1e3oHhgcljUFfXzJckJIgOkncVGQccYvIEws9y.bP4FXCh3kGLUCxhoVkH4WVKg4EFgu92hpDKIGgmZ1GA1xo
.winred.com/ Name: _ga
Value: GA1.1.1875082056.1732130256
.winred.com/ Name: _ga_B57E59LMFB
Value: GS1.1.1732130257.1.0.1732130257.0.0.0
secure.winred.com/ Name: sa-user-id
Value: s%253A0-ba3703a4-7d3e-54e2-5ce4-4b4c13ecf31c.gf2Wp9k%252FaoOgGUwOJs44Flcmi0jMyn5BPpcoIi%252BpKtc
secure.winred.com/ Name: sa-user-id-v2
Value: s%253AujcDpH0-VOJc5EtME-zzHAW16oQ.W8lYU%252FILDOP5O1h7knAoZzm4kKrVdxUnxIrhnbGwOg4
secure.winred.com/ Name: sa-user-id-v3
Value: s%253AAQAKILSiotaG3ZUsNbieaTSkS6VQ7x-Z9q5FOkocBcJ1Y3L1ENYBGAQg0Ov4uQYwAToEQiu0oEIEmQRLDA.3ycZt%252ByBg17LTb16u0LHviX8oJJ9YD4oSP0iJILeK3Q
.winred.com/ Name: FPID
Value: FPID2.2.%2FL7tNbs2nqZSKf%2B2%2FzSgSk6Gc5fnmn8sU6GZCYS%2BJX0%3D.1732130256
.winred.com/ Name: FPGSID
Value: 1.1732130257.1732130257.G-X6H0114PDF.tQBP5s0EkmsApXqg2fV04A
.winred.com/ Name: __cf_bm
Value: abXQIPmIiXPJrzg925dSOGzIsH88R4vm50DGR8_ciQI-1732130257-1.0.1.1-MoUKRFu63aL8RE0ZOmuf2zjTttDUUj0C5GnVroOCJB_znKlb6HLyLNuA3ObTvvppGR5uj8oukp2iGu.QrMp2rg
.twitter.com/ Name: guest_id_marketing
Value: v1%3A173213025728462506
.twitter.com/ Name: guest_id_ads
Value: v1%3A173213025728462506
.twitter.com/ Name: personalization_id
Value: "v1_ta2Boa8EOF14fLzmo5uzRQ=="
.twitter.com/ Name: guest_id
Value: v1%3A173213025728462506
.winred.com/ Name: _ga_CM6HT6HPTV
Value: GS1.1.1732130257.1.0.1732130257.0.0.0
.yahoo.com/ Name: A3
Value: d=AQABBNE1PmcCEHAm4AqTiVSZJMLHwQr687kFEgEBAQGHP2dIZ9w90iMA_eMAAA&S=AQAAAiVdydrq58xb4dSQfYekfIU
.t.co/ Name: muc_ads
Value: dc143057-f7b4-4d35-8803-8206d0ed5043
.t.co/ Name: __cf_bm
Value: Bqr6BM_RScaEMNEQj5UjsoR_Cwi6FjARjQYbGlZrghE-1732130257-1.0.1.1-CayZmJDoI2xFp1wudP7LCON5FgYMnWFaeYPBV16a1sH7I3iQ0wJYFu5qTIFjD13HNFF9nY0gOxFLaZ8Sc6r0Ng
.winred.com/ Name: _ga_9J5139D7ZF
Value: GS1.2.1732130257.1.1.1732130257.60.0.0
.doubleclick.net/ Name: IDE
Value: AHWqTUmR_TrGORzJbdO4nKecRZdHZnonSRUsuSoSeWmjb6TF6NJFfC4U4A6qMIa_
.winred.com/ Name: FPLC
Value: IHNejULFseKZAdyV6D37SHQUiuG0oS6Oiqm7trCiOceXoTZdCmN0MzKACcS6NSqjTgJYpm2aWImqFgWyTlmWdorvaZfKUaRzo6jN3UdfcaCxan8U5jKO4LIDeuhyMw%3D%3D
.winred.com/ Name: _ga_X6H0114PDF
Value: GS1.1.1732130257.1.0.1732130258.0.0.997826232
api2.hcaptcha.com/ Name: __cflb
Value: 0H28vk2VKwPbLoawFincekpozDKK5F2cnVkZbm9WuCy

10 Console Messages

Source Level URL
Text
recommendation warning URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Message:
[DOM] Found 2 elements with non-unique id #conduit_employer_name: (More info: https://goo.gl/9p2vKq) %o %o
recommendation warning URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Message:
[DOM] Found 2 elements with non-unique id #conduit_mobile_number: (More info: https://goo.gl/9p2vKq) %o %o
recommendation warning URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Message:
[DOM] Found 2 elements with non-unique id #conduit_not_employed: (More info: https://goo.gl/9p2vKq) %o %o
recommendation warning URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Message:
[DOM] Found 2 elements with non-unique id #conduit_occupation: (More info: https://goo.gl/9p2vKq) %o %o
recommendation verbose URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation verbose URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
other warning URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".
other warning URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other warning URL: https://secure.winred.com/nrcc/amer-first-agenda-audit/?utm_term=db-nrcc-cr147smsb-003&source_code=db-nrcc-cr147smsb-003&amtposition=3&recurring=true&ex_tid=20241120_DB110NR.116776_t1580528-573
Message:
Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
analytics.twitter.com
app.revv.co
connect.facebook.net
d35ligi1n5bgzc.cloudfront.net
googleads.g.doubleclick.net
gop-way.com
gtm.winred.com
js.stripe.com
maps.googleapis.com
s.yimg.com
secure.winred.com
sp.analytics.yahoo.com
static.ads-twitter.com
static.cloudflareinsights.com
stats.g.doubleclick.net
t.co
tags.srv.stackadapt.com
td.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
104.244.42.131
108.139.29.110
108.139.29.88
151.101.44.157
172.66.0.227
2001:4860:4802:38::178
2001:4860:4802:38::181
2001:4998:1c:800::1001
2600:9000:26fa:de00:0:7d26:ee00:93a1
2606:4700::6810:5049
2606:4700::6810:e534
2606:4700::6813:d359
2606:4700::6813:d459
2607:f8b0:4004:c17::9c
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80f::2008
2607:f8b0:4006:80f::200a
2607:f8b0:4006:81e::2002
2607:f8b0:4006:820::2004
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f10e:83:face:b00c:0:25de
3.33.253.57
34.198.76.171
52.72.192.139
078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4
07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e19ab777d416ab8585e83bb348451e0a4717b92e7cbb1f74900af55876f2ad9
20ca285463ffd5707cdac3c170c374bbb0ee3e7504d6f79c09126c80aca93661
21d3b79c944f3b6376cfcfcad107d107a87786c43855ece01d6ddc06f47aecbc
2462394973d6f2a0f913f26ea1e6c8b863f7fba2c6ba4e23990e36078f08cbab
36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284
43a683165a27224ef2d2717bd57c8c203aa570ce39140504d086562eefbb0f1f
475992f81e7b842772e185df256538f135de8a63656953f55f65fb53d8e7eb29
505b517318f5ba1c04205d8daa065b5fe48bfff9f753a471bf7421b0164aa73e
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
6039c7fb49af57af18c66c1f088ebc528623b4d6ac05ce2e3229ba0b335bc92b
606badb105a624cc110fcc6e3794690b251245841268d2cd40bb0ebd02a58ea6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7736922e7900e4685b36fe51f916801f3881a1e994339225f89f6fc45bbe6081
7802514279d805a825923d8ff3b2746e3fa7d4c719d791292b6f860bc2acf20d
7a7c01d3c9f2fff7465e670e329df792cfcd630d90abb23f748a06114552677c
7c25cc80e2c1b479825a9afbdb4c17f10a8673629b4162879c22edb9ab29aeca
7c695c704c8750689470c96ffda8632eb44568383a0833caf6be9007763c8726
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84d4dfbc160116b77e2a2f70431c399d1091d20f17e234b90f64f429234630b9
87969313ec0e62ca6dd87f362f5d80be5d5850df5cc92e40aea16d405a80b9b0
88cc19b0e56e19b0644e6db53fe30b10737f4a771f111e5dbea407eb70e8421e
88d77a631e19dae10d5fc39e7b52d79fdd73aa3961ea6fe8c0804062556572a9
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8df68609568bd8d042a57fa461b5384308856ea78de356ec2acf6149ce4b1e1a
95203168fbff94f627760dbcf208302b18fd372fbdbb915c119c5eb825fe07e2
96b04ef160f8b50520a48707a452fecdd6e6771c643706d5949020a2dea15962
9d1867e84d6cad1f64079a868d497db92b88e4371fc36306f3353cb5afacdd11
a0cedea475a3b6ce922dba663091cfb437680951c88fa84068e44800c8b15eb4
a41c11413d83e5d1ac723f70c87916ac03d388617a5d9dc149ae78d189dcd87d
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac6814e2952fa312bc5411abf844498db3b39008b1c514984476707fd9f528e2
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad278fe8eae121836378c0f601a92379a53ee8658f93ae53567e8b0a6476eeb0
aebe8df81ee2ba5bc51e3abc322910ee5122a0ac06edfbcf7a04e1659d17dc9c
b45afbb6577345d5866e8ff0e3720e4048e28335e480bd4b01f82632927cdb5a
bfd7735ba4bbccdafb1fd3c00d9182d5ed058e194a1c33a15c096091b5a2a630
c701dd9795d6d5dc024c3bb95aca8d56d5a66a99efc77b3dfbba7d5f97b3085b
ca2eff3df4b16bbefa673bdca1d2eca698d08af9088a006f09c7f5eb277ee360
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60
d974342d079c80c412efb82a7492bbbe45e3694ce4bfabf820e39937ce20d1a5
da18f719423cf48f2b886317b78ff4c105214691666cff7a542c4d107e707c8b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de40225dd57bbe81245f6191285db93d60e60c1c418fef85ce7586e4207fc9db
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e667fc2b45fdde06b5c0b9dae262a71137a69b261cf78e271ef1618dbdf4f375
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc1c77849ba3a6020b87884599c1aefa09a9e1d7bfed95ad3deec6a5d4c08902