www.heidi.news Open in urlscan Pro
185.54.7.127 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://heidi.news/
Effective URL:
https://www.heidi.news/
Submission Tags: tranco_l324
Submission: On March 19 via api (March 19th 2024, 9:02:54 am UTC) from DE — Scanned from CH

Summary HTTP 47 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 15 IPs in 4 countries across 11 domains to perform 47 HTTP transactions. The main IP is 185.54.7.127, located in Switzerland and belongs to SAFEHOSTNET Colocation center in Geneva, CH. The main domain is www.heidi.news.
TLS certificate: Issued by R3 on February 27th 2024. Valid for: 3 months.

This is the only time www.heidi.news was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 11	185.54.7.127 185.54.7.127	21217 (SAFEHOSTN...) (SAFEHOSTNET Colocation center in Geneva)
18	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
3	2600:9000:225... 2600:9000:225b:c000:5:b7cc:d3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	18.66.147.92 18.66.147.92	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	108.138.7.27 108.138.7.27	16509 (AMAZON-02) (AMAZON-02)
1	3.161.77.50 3.161.77.50	16509 (AMAZON-02) (AMAZON-02)
3	35.227.233.185 35.227.233.185	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	13.32.27.107 13.32.27.107	16509 (AMAZON-02) (AMAZON-02)
1	63.34.81.234 63.34.81.234	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	65.9.68.209 65.9.68.209	16509 (AMAZON-02) (AMAZON-02)
47	15

11 185.54.7.127 (Switzerland) 2 redirects

ASN21217 (SAFEHOSTNET Colocation center in Geneva, CH)

heidi.news	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.heidi.news	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

heidi-17455.kxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:225b:c000:5:b7cc:d3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

sdk.privacy-center.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.147.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-92.fra60.r.cloudfront.net

tag.aticdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.7.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-27.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.161.77.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-77-50.fra56.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.233.185 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 185.233.227.35.bc.googleusercontent.com

l.heidi.news	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-107.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.81.234 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-81-234.eu-west-1.compute.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.68.209 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-68-209.fra56.r.cloudfront.net

logs1412.xiti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	kxcdn.com heidi-17455.kxcdn.com	563 KB
14	heidi.news 2 redirects heidi.news www.heidi.news l.heidi.news	23 KB
3	privacy-center.org sdk.privacy-center.org — Cisco Umbrella Rank: 4553	161 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1784 syndication.twitter.com — Cisco Umbrella Rank: 2210	132 KB
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 4529 p1.parsely.com — Cisco Umbrella Rank: 3461	26 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 1239 script.hotjar.com — Cisco Umbrella Rank: 1662	59 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 251	70 KB
2	aticdn.net tag.aticdn.net — Cisco Umbrella Rank: 11758	50 KB
1	xiti.com logs1412.xiti.com — Cisco Umbrella Rank: 61253	326 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	274 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	100 KB
47	11

	Domain	Requested by
18	heidi-17455.kxcdn.com	www.heidi.news
9	www.heidi.news	www.heidi.news www.googletagmanager.com sdk.privacy-center.org
3	l.heidi.news	www.heidi.news l.heidi.news
3	sdk.privacy-center.org	www.heidi.news sdk.privacy-center.org
2	connect.facebook.net	www.heidi.news connect.facebook.net
2	tag.aticdn.net	www.googletagmanager.com
2	platform.twitter.com	www.heidi.news platform.twitter.com
2	heidi.news	2 redirects
1	logs1412.xiti.com	tag.aticdn.net
1	www.facebook.com	www.heidi.news
1	p1.parsely.com	www.heidi.news
1	script.hotjar.com	static.hotjar.com
1	syndication.twitter.com	platform.twitter.com
1	cdn.parsely.com	www.heidi.news
1	static.hotjar.com	www.googletagmanager.com
1	www.googletagmanager.com	www.heidi.news
47	16

This site contains links to these domains. Also see Links.

Domain
shop.heidi.news
www.facebook.com
twitter.com
www.linkedin.com
www.instagram.com
www.youtube.com
www.tiktok.com
www.heidisolutions.news
www.basesecrete.com

Subject Issuer	Validity	Valid
heidi.news R3	`2024-02-27` - `2024-05-27`	3 months	crt.sh
*.kxcdn.com Thawte TLS RSA CA G1	`2023-06-23` - `2024-07-23`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.privacy-center.org Amazon RSA 2048 M03	`2024-03-10` - `2025-04-07`	a year	crt.sh
tag.aticdn.net Thawte RSA CA 2018	`2024-01-15` - `2025-01-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M03	`2024-02-07` - `2025-03-08`	a year	crt.sh
*.parsely.com Amazon RSA 2048 M02	`2023-05-06` - `2024-06-03`	a year	crt.sh
l.ohmymag.de GTS CA 1D4	`2024-03-17` - `2024-06-15`	3 months	crt.sh
syndication.twitter.com R3	`2024-02-21` - `2024-05-21`	3 months	crt.sh
*.xiti.com Thawte RSA CA 2018	`2023-04-14` - `2024-05-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.heidi.news/
Frame ID: A97E662FD7BA9F651F00C8B51626B99E
Requests: 45 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.heidi.news
Frame ID: 37BDCC421328C04B5357B940E962289A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Heidi.news

Page URL History Show full URLs

http://heidi.news/ HTTP 301
https://heidi.news/ HTTP 301
https://www.heidi.news/ Page URL

Detected technologies

Didomi (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

sdk\.privacy-center\.org/.*/loader\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

Page Statistics

47
Requests

100 %
HTTPS

40 %
IPv6

11
Domains

16
Subdomains

15
IPs

4
Countries

1183 kB
Transfer

2980 kB
Size

14
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://shop.heidi.news/product/razzia-sur-nos-data
Title: Nouvelle revue disponible Razzia sur nos data

Search URL Search Domain Scan URL

URL: https://shop.heidi.news/category/les-revues-des-explorations
Title: Les Revues

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Heidi.news

Search URL Search Domain Scan URL

URL: https://twitter.com/@heidi_news

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/heidinews

Search URL Search Domain Scan URL

URL: https://www.instagram.com/heidi.news

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCfYpN94AT2g4_gyJb0G_AmA

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@heidi.news

Search URL Search Domain Scan URL

URL: https://shop.heidi.news/
Title: Les revues

Search URL Search Domain Scan URL

URL: https://shop.heidi.news/product/animal-toi-meme

Search URL Search Domain Scan URL

URL: https://www.heidisolutions.news/
Title: Heidi Solutions

Search URL Search Domain Scan URL

URL: https://shop.heidi.news/category/bon-cadeau
Title: Bons cadeaux

Search URL Search Domain Scan URL

URL: https://www.basesecrete.com/
Title: Base Secrète

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://heidi.news/ HTTP 301
https://heidi.news/ HTTP 301
https://www.heidi.news/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

47 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.heidi.news/
Redirect Chain

http://heidi.news/
https://heidi.news/
https://www.heidi.news/

76 KB
19 KB

168ms
115ms

Document
text/html

185.54.7.127
SAFEHOSTNET Coloc...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.54.7.127 , Switzerland, ASN21217 (SAFEHOSTNET Colocation center in Geneva, CH),

Reverse DNS

Software

nginx / Phusion Passenger(R) 6.0.17

Resource Hash

abe9d1810398721b42c3b37e54b07a3fb3c3ff36ecbfe06b88cba79961d210e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-security-policy-report-only: default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='; style-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='; report-uri /csp-violation-report
content-type: text/html; charset=utf-8
date: Tue, 19 Mar 2024 09:02:49 GMT
etag: W/"abe9d1810398721b42c3b37e54b07a3f"
link: <https://heidi-17455.kxcdn.com/assets/heidi/SangBleuKingdom-Bold-subset-ccaceed995201c4b4e3b22d11f149fe5fe571e030630141d5749c482e18128ce.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,<https://heidi-17455.kxcdn.com/assets/heidi/SangBleuKingdom-BoldItalic-subset-5bc46909600606f9d35f9f8b3985fa74d64fd51a86a8fd1372bfdc9bb4b09ae3.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,<https://heidi-17455.kxcdn.com/assets/heidi/SangBleuKingdom-Regular-subset-7c4f35803765d2321ec0b1650d0276830cb3deae57131fb38a3dd801e9a2b236.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,<https://heidi-17455.kxcdn.com/assets/heidi/SangBleuKingdom-RegularItalic-subset-99c909ac190a23325fbfd0bda1fa4d8f543ec2e761f1ba5c072ee6817951904e.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,<https://heidi-17455.kxcdn.com/assets/heidi/roboto-v18-latin_latin-ext-700-c355c13b791d7a946d43d14e75eb6a0df2c5cce8a04d349753873084f0e05832.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous,<https://heidi-17455.kxcdn.com/assets/heidi/roboto-v18-latin_latin-ext-regular-7479691d9b5cd710ce6c84624100943ad10b4d083605f455be922acb1ac79698.woff2>; rel=preload; as=font; type=font/woff2; crossorigin=anonymous
server: nginx
status: 200 OK
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: Phusion Passenger(R) 6.0.17
x-request-id: 45019605-6a9f-4bad-90f1-0d41b75296ad
x-runtime: 0.090526

Redirect headers

access-control-allow-origin: *
cache-control: no-cache
content-security-policy-report-only: default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'nonce-B58KO2kBc3NmXVul0U/X1A=='; style-src 'self' https: 'nonce-B58KO2kBc3NmXVul0U/X1A=='; report-uri /csp-violation-report
content-type: text/html; charset=utf-8
date: Tue, 19 Mar 2024 09:02:49 GMT
location: https://www.heidi.news/
server: nginx
status: 301 Moved Permanently
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: Phusion Passenger(R) 6.0.17
x-request-id: 632c214b-c033-40be-b5c9-f3c3058e9609
x-runtime: 0.011685

GET
H2 200 SangBleuKingdom-Bold-subset-ccaceed995201c4b4e3b22d11f149fe5fe571e030630141d5749c482e18128ce.woff2
heidi-17455.kxcdn.com/assets/heidi/ 11 KB
11 KB 180ms
85ms Font
application/octet-stream 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://heidi-17455.kxcdn.com/assets/heidi/SangBleuKingdom-Bold-subset-ccaceed995201c4b4e3b22d11f149fe5fe571e030630141d5749c482e18128ce.woff2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: db154999955478eb3c2ba66fde7e5b44dc0813683a2ca0d4a05a1d7709178872

Request headers

Referer: https://www.heidi.news/
Origin: https://www.heidi.news
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
last-modified: Wed, 11 Oct 2023 13:54:37 GMT
server: keycdn
x-edge-location: defr
etag: "6526a91d-2b6c"
x-cache: HIT
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/assets/heidi/SangBleuKingdom-Bold-subset-ccaceed995201c4b4e3b22d11f149fe5fe571e030630141d5749c482e18128ce.woff2>; rel="canonical"
content-length: 11116
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 SangBleuKingdom-BoldItalic-subset-5bc46909600606f9d35f9f8b3985fa74d64fd51a86a8fd1372bfdc9bb4b09ae3.woff2
heidi-17455.kxcdn.com/assets/heidi/ 11 KB
12 KB 181ms
86ms Font
application/octet-stream 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://heidi-17455.kxcdn.com/assets/heidi/SangBleuKingdom-BoldItalic-subset-5bc46909600606f9d35f9f8b3985fa74d64fd51a86a8fd1372bfdc9bb4b09ae3.woff2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: d3a86ddbad660c28e45b2952f639757ec9014f82adbf6844eebb459396be5726

Request headers

Referer: https://www.heidi.news/
Origin: https://www.heidi.news
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
last-modified: Wed, 11 Oct 2023 13:54:37 GMT
server: keycdn
x-edge-location: defr
etag: "6526a91d-2de4"
x-cache: HIT
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/assets/heidi/SangBleuKingdom-BoldItalic-subset-5bc46909600606f9d35f9f8b3985fa74d64fd51a86a8fd1372bfdc9bb4b09ae3.woff2>; rel="canonical"
content-length: 11748
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 SangBleuKingdom-Regular-subset-7c4f35803765d2321ec0b1650d0276830cb3deae57131fb38a3dd801e9a2b236.woff2
heidi-17455.kxcdn.com/assets/heidi/ 14 KB
14 KB 119ms
25ms Font
application/octet-stream 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://heidi-17455.kxcdn.com/assets/heidi/SangBleuKingdom-Regular-subset-7c4f35803765d2321ec0b1650d0276830cb3deae57131fb38a3dd801e9a2b236.woff2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 60827ed277197a683bace869b702a242eb317923bfc3fccc8d9df32679f07a87

Request headers

Referer: https://www.heidi.news/
Origin: https://www.heidi.news
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
last-modified: Wed, 11 Oct 2023 13:54:37 GMT
server: keycdn
x-edge-location: defr
etag: "6526a91d-37b4"
x-cache: HIT
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/assets/heidi/SangBleuKingdom-Regular-subset-7c4f35803765d2321ec0b1650d0276830cb3deae57131fb38a3dd801e9a2b236.woff2>; rel="canonical"
content-length: 14260
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 SangBleuKingdom-RegularItalic-subset-99c909ac190a23325fbfd0bda1fa4d8f543ec2e761f1ba5c072ee6817951904e.woff2
heidi-17455.kxcdn.com/assets/heidi/ 12 KB
12 KB 192ms
98ms Font
application/octet-stream 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://heidi-17455.kxcdn.com/assets/heidi/SangBleuKingdom-RegularItalic-subset-99c909ac190a23325fbfd0bda1fa4d8f543ec2e761f1ba5c072ee6817951904e.woff2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 3043c2aada437268bbab22de9757b017941c28cdd99c9fd06c2e5490079dca69

Request headers

Referer: https://www.heidi.news/
Origin: https://www.heidi.news
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
last-modified: Wed, 11 Oct 2023 13:54:37 GMT
server: keycdn
x-edge-location: defr
etag: "6526a91d-2e90"
x-cache: HIT
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/assets/heidi/SangBleuKingdom-RegularItalic-subset-99c909ac190a23325fbfd0bda1fa4d8f543ec2e761f1ba5c072ee6817951904e.woff2>; rel="canonical"
content-length: 11920
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 roboto-v18-latin_latin-ext-700-c355c13b791d7a946d43d14e75eb6a0df2c5cce8a04d349753873084f0e05832.woff2
heidi-17455.kxcdn.com/assets/heidi/ 22 KB
22 KB 143ms
49ms Font
application/octet-stream 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://heidi-17455.kxcdn.com/assets/heidi/roboto-v18-latin_latin-ext-700-c355c13b791d7a946d43d14e75eb6a0df2c5cce8a04d349753873084f0e05832.woff2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 1f03b3082883c94de09ea4c0b38092a45f2f7ca60c14889818a3e19057da34b8

Request headers

Referer: https://www.heidi.news/
Origin: https://www.heidi.news
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
last-modified: Wed, 11 Oct 2023 13:54:37 GMT
server: keycdn
x-edge-location: defr
etag: "6526a91d-5664"
x-cache: HIT
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/assets/heidi/roboto-v18-latin_latin-ext-700-c355c13b791d7a946d43d14e75eb6a0df2c5cce8a04d349753873084f0e05832.woff2>; rel="canonical"
content-length: 22116
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 roboto-v18-latin_latin-ext-regular-7479691d9b5cd710ce6c84624100943ad10b4d083605f455be922acb1ac79698.woff2
heidi-17455.kxcdn.com/assets/heidi/ 21 KB
22 KB 165ms
71ms Font
application/octet-stream 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://heidi-17455.kxcdn.com/assets/heidi/roboto-v18-latin_latin-ext-regular-7479691d9b5cd710ce6c84624100943ad10b4d083605f455be922acb1ac79698.woff2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: f9bc132980c62433dfd76631f5a602fd1bf318141d67ebb6b70b4d3cc92555b0

Request headers

Referer: https://www.heidi.news/
Origin: https://www.heidi.news
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
last-modified: Wed, 11 Oct 2023 13:54:37 GMT
server: keycdn
x-edge-location: defr
etag: "6526a91d-55a0"
x-cache: HIT
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/assets/heidi/roboto-v18-latin_latin-ext-regular-7479691d9b5cd710ce6c84624100943ad10b4d083605f455be922acb1ac79698.woff2>; rel="canonical"
content-length: 21920
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 heidi-cae5f115591537755ae67e436869841449332066eed731bd50f4a74fbc14d782.css
heidi-17455.kxcdn.com/assets/ 235 KB
49 KB 142ms
48ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://heidi-17455.kxcdn.com/assets/heidi-cae5f115591537755ae67e436869841449332066eed731bd50f4a74fbc14d782.css
Requested by: Host: www.heidi.news
URL: https://www.heidi.news/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 48cad3a861be733d41d488f63b22c22e4d94c16fe550db0fe4e977fadf532a1a

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
content-encoding: gzip
last-modified: Mon, 18 Mar 2024 13:11:18 GMT
server: keycdn
x-edge-location: defr
etag: W/"65f83d76-3aac6"
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
link: <https://www.heidi.news/assets/heidi-cae5f115591537755ae67e436869841449332066eed731bd50f4a74fbc14d782.css>; rel="canonical"
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 logo-topbar-9ed0e388ab6ba7e90703ed859e636def6e8d6129c2f8b726b0a75d615f216f41.svg
heidi-17455.kxcdn.com/assets/heidi/ 4 KB
2 KB 53ms
52ms Image
image/svg+xml 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heidi-17455.kxcdn.com/assets/heidi/logo-topbar-9ed0e388ab6ba7e90703ed859e636def6e8d6129c2f8b726b0a75d615f216f41.svg
Requested by: Host: www.heidi.news
URL: https://www.heidi.news/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 37fed1e9c81e2383b6dd56ac3f15ec06d3d1a0e92ebf09ce1748c29f15e5b567

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
content-encoding: gzip
last-modified: Wed, 11 Oct 2023 13:54:37 GMT
server: keycdn
x-edge-location: defr
etag: W/"6526a91d-10e6"
x-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
link: <https://www.heidi.news/assets/heidi/logo-topbar-9ed0e388ab6ba7e90703ed859e636def6e8d6129c2f8b726b0a75d615f216f41.svg>; rel="canonical"
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 logo-5194351558b8b4898281025317d8ffb281061fa3ea3405428ed5723469de63e8.svg
heidi-17455.kxcdn.com/assets/heidi/icons/ 753 B
1 KB 54ms
53ms Image
image/svg+xml 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heidi-17455.kxcdn.com/assets/heidi/icons/logo-5194351558b8b4898281025317d8ffb281061fa3ea3405428ed5723469de63e8.svg
Requested by: Host: www.heidi.news
URL: https://www.heidi.news/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 3c0530efbe342f9f964d2c5b2f4030f559d695d07102bde1e6b020133f848c29

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
last-modified: Wed, 11 Oct 2023 13:54:37 GMT
server: keycdn
x-edge-location: defr
etag: "6526a91d-2f1"
x-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/assets/heidi/icons/logo-5194351558b8b4898281025317d8ffb281061fa3ea3405428ed5723469de63e8.svg>; rel="canonical"
content-length: 753
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 302 KB
100 KB 129ms
74ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e2e024c3f56f84d3f84ec7e1d966b2806639ce0bd189ef2da0c0052924316428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 101918
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 19 Mar 2024 09:02:49 GMT

POST
H2 429 csp-violation-report
www.heidi.news/ 12 B
247 B 48ms
47ms Other
text/plain 185.54.7.127
SAFEHOSTNET Coloc...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heidi.news/csp-violation-report

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.54.7.127 , Switzerland, ASN21217 (SAFEHOSTNET Colocation center in Geneva, CH),

Reverse DNS

Software

nginx / Phusion Passenger(R) 6.0.17

Resource Hash

b8d6a6c2b22b2fc3df71f858c75b65a19914fdc6d0ca37e78a6017f1c5c62689

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.heidi.news/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/csp-report

Response headers

x-runtime: 0.014549
date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
server: nginx
x-powered-by: Phusion Passenger(R) 6.0.17
content-type: text/plain
status: 429 Too Many Requests
cache-control: no-cache
x-request-id: fe037b39-9063-42b1-8a91-7d2c4eeb0024

POST
H2 429 csp-violation-report
www.heidi.news/ 12 B
247 B 47ms
47ms Other
text/plain 185.54.7.127
SAFEHOSTNET Coloc...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heidi.news/csp-violation-report

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.54.7.127 , Switzerland, ASN21217 (SAFEHOSTNET Colocation center in Geneva, CH),

Reverse DNS

Software

nginx / Phusion Passenger(R) 6.0.17

Resource Hash

b8d6a6c2b22b2fc3df71f858c75b65a19914fdc6d0ca37e78a6017f1c5c62689

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.heidi.news/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/csp-report

Response headers

x-runtime: 0.014899
date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
server: nginx
x-powered-by: Phusion Passenger(R) 6.0.17
content-type: text/plain
status: 429 Too Many Requests
cache-control: no-cache
x-request-id: bae17084-d6f6-45ab-b995-faed10cf8704

POST
H2 429 csp-violation-report
www.heidi.news/ 12 B
247 B 48ms
48ms Other
text/plain 185.54.7.127
SAFEHOSTNET Coloc...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heidi.news/csp-violation-report

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.54.7.127 , Switzerland, ASN21217 (SAFEHOSTNET Colocation center in Geneva, CH),

Reverse DNS

Software

nginx / Phusion Passenger(R) 6.0.17

Resource Hash

b8d6a6c2b22b2fc3df71f858c75b65a19914fdc6d0ca37e78a6017f1c5c62689

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.heidi.news/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/csp-report

Response headers

x-runtime: 0.015222
date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
server: nginx
x-powered-by: Phusion Passenger(R) 6.0.17
content-type: text/plain
status: 429 Too Many Requests
cache-control: no-cache
x-request-id: eb3c068b-ea99-4bf1-9d97-1fac233ac145

POST
H2 429 csp-violation-report
www.heidi.news/ 12 B
247 B 49ms
48ms Other
text/plain 185.54.7.127
SAFEHOSTNET Coloc...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heidi.news/csp-violation-report

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.54.7.127 , Switzerland, ASN21217 (SAFEHOSTNET Colocation center in Geneva, CH),

Reverse DNS

Software

nginx / Phusion Passenger(R) 6.0.17

Resource Hash

b8d6a6c2b22b2fc3df71f858c75b65a19914fdc6d0ca37e78a6017f1c5c62689

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.heidi.news/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/csp-report

Response headers

x-runtime: 0.009783
date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
server: nginx
x-powered-by: Phusion Passenger(R) 6.0.17
content-type: text/plain
status: 429 Too Many Requests
cache-control: no-cache
x-request-id: e7c2ad62-0177-4710-84d8-65e2ebf6b164

GET
H2 200 application-3c71ba1de6e9f3290fad52eac690e37fb665b13e22d557fc552c58fc9afbe255.js Show response
heidi-17455.kxcdn.com/assets/ 115 KB
38 KB 156ms
84ms Script
application/x-javascript 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://heidi-17455.kxcdn.com/assets/application-3c71ba1de6e9f3290fad52eac690e37fb665b13e22d557fc552c58fc9afbe255.js
Requested by: Host: www.heidi.news
URL: https://www.heidi.news/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 770f069d3bf7166c57a6de8cbc03f076e12c315b844acd3119acc581518de1a5

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
content-encoding: gzip
last-modified: Thu, 14 Mar 2024 09:07:38 GMT
server: keycdn
x-edge-location: defr
etag: W/"65f2be5a-1ccd5"
x-cache: HIT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=604800
link: <https://www.heidi.news/assets/application-3c71ba1de6e9f3290fad52eac690e37fb665b13e22d557fc552c58fc9afbe255.js>; rel="canonical"
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 121ms
23ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.heidi.news
URL: https://www.heidi.news/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6795) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date: Tue, 19 Mar 2024 09:02:49 GMT
Content-Encoding: gzip
Age: 1203
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/6795)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 pdj-3522283d7df78cb30d0cfad05e67df7b9b55c65e3c089f3632cd2cd6b500f9fd.jpg
heidi-17455.kxcdn.com/assets/home/ 37 KB
37 KB 25ms
25ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heidi-17455.kxcdn.com/assets/home/pdj-3522283d7df78cb30d0cfad05e67df7b9b55c65e3c089f3632cd2cd6b500f9fd.jpg
Requested by: Host: www.heidi.news
URL: https://www.heidi.news/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 3f6021719ee34417752eccfc09ae0f08b5ae5cbf9e1f4be8223f70a2b49e6977

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
last-modified: Wed, 11 Oct 2023 13:54:37 GMT
server: keycdn
x-edge-location: defr
etag: "6526a91d-9409"
x-cache: HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/assets/home/pdj-3522283d7df78cb30d0cfad05e67df7b9b55c65e3c089f3632cd2cd6b500f9fd.jpg>; rel="canonical"
content-length: 37897
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html Show response
platform.twitter.com/widgets/ Frame 37BD 319 KB
104 KB 25ms
25ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.heidi.news
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C0) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://www.heidi.news/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 4289267
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Mar 2024 09:02:49 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67C0)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

POST
H2 429 csp-violation-report
www.heidi.news/ 12 B
256 B 36ms
36ms Other
text/plain 185.54.7.127
SAFEHOSTNET Coloc...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heidi.news/csp-violation-report

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.54.7.127 , Switzerland, ASN21217 (SAFEHOSTNET Colocation center in Geneva, CH),

Reverse DNS

Software

nginx / Phusion Passenger(R) 6.0.17

Resource Hash

b8d6a6c2b22b2fc3df71f858c75b65a19914fdc6d0ca37e78a6017f1c5c62689

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.heidi.news/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/csp-report

Response headers

x-runtime: 0.011822
date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
server: nginx
x-powered-by: Phusion Passenger(R) 6.0.17
content-type: text/plain
status: 429 Too Many Requests
cache-control: no-cache
x-request-id: e749707d-e34e-4d7d-bc93-10f495553806

GET
H2 200 loader.js Show response
sdk.privacy-center.org/9899fcc5-cb95-4338-bf4d-b1ff05675c7a/ 23 KB
9 KB 108ms
31ms Script
application/javascript 2600:9000:225b:c000:5:b7cc:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.privacy-center.org/9899fcc5-cb95-4338-bf4d-b1ff05675c7a/loader.js?target_type=notice&target=9QHe9zgB
Requested by: Host: www.heidi.news
URL: https://www.heidi.news/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:c000:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: efa48accb3f2208f5e911b74559cfe2c5a698329431b28e0b7871c3f59286a21

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 08:57:34 GMT
content-encoding: br
x-didomi-remote-config-metadata: multiReg:true;legacyGlobalGdpr:true
via: 1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 316
x-amzn-requestid: e42cfcaa-dac7-4d22-a2cd-195ea9b54299
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-didomi-configs-version: 95
x-amzn-trace-id: root=1-65f8b6c5-136ec63f373f33597ac0a15d;parent=5fb3e8ed718cae10;sampled=0;lineage=eaae1266:0
etag: W/"1892778542643dfa72e6a798ac1ecd6c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=7200, public
x-amz-cf-id: jiViYGR3tkLcATDlcCAYrf_dZUEefMrnXTEo1z8pSu8P7K2b-r_2FA==

GET
H2 200 piano-analytics.js Show response
tag.aticdn.net/ 80 KB
25 KB 81ms
25ms Script
application/javascript 18.66.147.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.aticdn.net/piano-analytics.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-92.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 90c09737de57f875d3cfd230a22cba09a1bc91c79207338cd38fc87ba228347c

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id: deC5Ww..GyNyxvlPPTywFLYBKM8MjZCm
content-encoding: gzip
via: 1.1 544049d1dc4d534822b40b9f9c7529da.cloudfront.net (CloudFront)
date: Tue, 19 Mar 2024 08:58:31 GMT
x-amz-cf-pop: FRA60-P4
age: 261
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Tue, 12 Mar 2024 08:37:42 GMT
server: AmazonS3
etag: W/"ba7882ea24dbaee42adce610b8eed25b"
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
x-amz-cf-id: 1QVyD_7eB7Dyq-fehfdYmOG9aXKuto5xiiHk04N9jmVnK5tVImE-Og==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 216 KB
58 KB 68ms
23ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4e049bbdc40b8d2e87194216781b7ad54cdb528be6686225e510468c056facb0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 19 Mar 2024 09:02:50 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57659
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=12, mss=1320, tbw=2774, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: Rgq6rcdtdY3x63zIYtVR3h1Yu4HdGAWueg4QnOrSoWu17QsSk+BXy4w3HI/hCMW2J30GuMr/74ccm1xhgkkQ5g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hotjar-2396958.js Show response
static.hotjar.com/c/ 9 KB
4 KB 75ms
22ms Script
application/javascript 108.138.7.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2396958.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-27.fra56.r.cloudfront.net

Software

Resource Hash

090a9775587df25a98f33aee84f763b4dd13fb6d26f6b0c2450f79c99472e5cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Tue, 19 Mar 2024 09:02:08 GMT
via: 1.1 6278ee254a7d35c23aae5e936b5a56ee.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 42
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/7698c079d38843d18984faac80c83156
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: gmvDqdcItaqs4BFGygy53f4aECLci3n9TPGoEIB1zStAAUd2WkwA6A==

GET
H2 200 p.js Show response
cdn.parsely.com/keys/heidi.news/ 71 KB
25 KB 87ms
23ms Script
application/javascript 3.161.77.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/heidi.news/p.js
Requested by: Host: www.heidi.news
URL: https://www.heidi.news/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.77.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-77-50.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 691a5064b609248671ba348e35ba0b9c868e2be039e6d90ffdecdab0a9ca2605

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: public
date: Tue, 19 Mar 2024 02:12:11 GMT
content-encoding: gzip
via: 1.1 92db4c522f37fa3dd780f6fa204d8256.cloudfront.net (CloudFront)
last-modified: Tue, 19 Oct 2021 21:48:54 GMT
server: nginx
x-amz-cf-pop: FRA56-P10
age: 25748
etag: W/"616f3d46-11d9b"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400, public
x-amz-cf-id: TcazYquoy3vQNUU3I3C_wggCMXPffNrlGF5QvFHN1iv8Db8en9tY3w==
expires: Wed, 20 Mar 2024 01:53:42 GMT

GET
H2 200 sdk.js Show response
l.heidi.news/ 2 KB
1 KB 161ms
64ms Script
application/javascript 35.227.233.185
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.heidi.news/sdk.js
Requested by: Host: www.heidi.news
URL: https://www.heidi.news/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.233.185 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 185.233.227.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6f5a5dd90138b63e962f7ee57a875bb02cb1a8d2d38512dcabf24a5238a1f2f3

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:50 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 small.avif
heidi-17455.kxcdn.com/photos/7e1af98b-98b6-49e0-bd07-e67c74d77c39/ 28 KB
29 KB 29ms
28ms Image
image/avif 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heidi-17455.kxcdn.com/photos/7e1af98b-98b6-49e0-bd07-e67c74d77c39/small.avif

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn / Phusion Passenger(R) 6.0.17

Resource Hash

ac9fa38dbc51ab81dd3b3f6689c9f5d5eac113bd04f817be45c9f417e0d5f6e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-edge-location: defr
x-powered-by: Phusion Passenger(R) 6.0.17
x-cache: HIT
content-transfer-encoding: binary
content-disposition: inline; filename="Images-spiry-data2.avif"; filename*=UTF-8''Images-spiry-data2.avif
content-length: 28668
x-request-id: 1096e5a7-e97d-46d0-9aa4-1a576e809151
x-runtime: 0.071907
server: keycdn
etag: W/"ac9fa38dbc51ab81dd3b3f6689c9f5d5"
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/photos/7e1af98b-98b6-49e0-bd07-e67c74d77c39/small.avif>; rel="canonical"
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 medium.avif
heidi-17455.kxcdn.com/photos/df5e89b7-48b0-42ec-8286-a493cfa29c36/ 25 KB
25 KB 30ms
30ms Image
image/avif 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heidi-17455.kxcdn.com/photos/df5e89b7-48b0-42ec-8286-a493cfa29c36/medium.avif

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn / Phusion Passenger(R) 6.0.17

Resource Hash

89b6e9db9d3ccde0fea8e38e07f767d6bb1b820972aecd4a3c0217fdc6a4dadb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-edge-location: defr
x-powered-by: Phusion Passenger(R) 6.0.17
x-cache: HIT
content-transfer-encoding: binary
content-disposition: inline; filename="Photo 5.avif"; filename*=UTF-8''Photo%205.avif
content-length: 25238
x-request-id: eb570769-fae2-4480-9f20-237d9e7161c6
x-runtime: 0.153839
server: keycdn
etag: W/"89b6e9db9d3ccde0fea8e38e07f767d6"
x-frame-options: SAMEORIGIN
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/photos/df5e89b7-48b0-42ec-8286-a493cfa29c36/medium.avif>; rel="canonical"
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 medium.avif
heidi-17455.kxcdn.com/photos/5902894a-788d-4559-9907-f5ecd76a4ea3/ 46 KB
46 KB 32ms
31ms Image
image/avif 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heidi-17455.kxcdn.com/photos/5902894a-788d-4559-9907-f5ecd76a4ea3/medium.avif

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn / Phusion Passenger(R) 6.0.17

Resource Hash

c53a5dc09328b0f75a94f5a15223fc40f4f2612c5abc9d35a4f23df36432b3ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-edge-location: defr
x-powered-by: Phusion Passenger(R) 6.0.17
x-cache: HIT
content-transfer-encoding: binary
content-disposition: inline; filename="Liban ecole du chaos.avif"; filename*=UTF-8''Liban%20%C3%A9cole%20du%20chaos.avif
content-length: 46791
x-request-id: 6025718e-a69b-4743-bf96-43edb4e8ab63
x-runtime: 0.146469
server: keycdn
etag: W/"c53a5dc09328b0f75a94f5a15223fc40"
x-frame-options: SAMEORIGIN
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/photos/5902894a-788d-4559-9907-f5ecd76a4ea3/medium.avif>; rel="canonical"
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 medium.avif
heidi-17455.kxcdn.com/photos/29d662a0-4829-4cf5-a6b5-a88eb52a688b/ 31 KB
31 KB 53ms
52ms Image
image/avif 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heidi-17455.kxcdn.com/photos/29d662a0-4829-4cf5-a6b5-a88eb52a688b/medium.avif

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn / Phusion Passenger(R) 6.0.17

Resource Hash

fe19f0994452357341325573a10a7eab07030f1b417dfdcdd5dba316cfa9f3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-edge-location: defr
x-powered-by: Phusion Passenger(R) 6.0.17
x-cache: HIT
content-transfer-encoding: binary
content-disposition: inline; filename="605472835_highres.avif"; filename*=UTF-8''605472835_highres.avif
content-length: 31475
x-request-id: b88e0c20-f609-4197-91ca-e4c1296578de
x-runtime: 0.143376
server: keycdn
etag: W/"fe19f0994452357341325573a10a7eab"
x-frame-options: SAMEORIGIN
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/photos/29d662a0-4829-4cf5-a6b5-a88eb52a688b/medium.avif>; rel="canonical"
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 medium.avif
heidi-17455.kxcdn.com/photos/ce25cba1-5fdc-4fe9-88fd-46d2da5e64a8/ 95 KB
95 KB 55ms
54ms Image
image/avif 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heidi-17455.kxcdn.com/photos/ce25cba1-5fdc-4fe9-88fd-46d2da5e64a8/medium.avif

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn / Phusion Passenger(R) 6.0.17

Resource Hash

2227a1dfd9db9f9c28e2c2cb133a09faa3fc6ee0d92466342fb99763ad40c850

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-edge-location: defr
x-powered-by: Phusion Passenger(R) 6.0.17
x-cache: HIT
content-transfer-encoding: binary
content-disposition: inline; filename="sisyphe-gouzer-presles-hight copy.avif"; filename*=UTF-8''sisyphe-gouzer-presles-hight%20copy.avif
content-length: 97048
x-request-id: c7da2d68-bcbe-4060-94c5-89df1f4bb11a
x-runtime: 0.091919
server: keycdn
etag: W/"2227a1dfd9db9f9c28e2c2cb133a09fa"
x-frame-options: SAMEORIGIN
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/photos/ce25cba1-5fdc-4fe9-88fd-46d2da5e64a8/medium.avif>; rel="canonical"
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 medium.avif
heidi-17455.kxcdn.com/photos/a1dbea49-38e2-441c-a312-3bcc9f9c6b20/ 63 KB
64 KB 55ms
55ms Image
image/avif 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heidi-17455.kxcdn.com/photos/a1dbea49-38e2-441c-a312-3bcc9f9c6b20/medium.avif

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn / Phusion Passenger(R) 6.0.17

Resource Hash

a44b122d948f24b678e4ca1034f7c24e75b17cb30ce509fedf1760ad4cc3cc21

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-edge-location: defr
x-powered-by: Phusion Passenger(R) 6.0.17
x-cache: HIT
content-transfer-encoding: binary
content-disposition: inline; filename="Tests lingettes cocaine %28episode 6%29.avif"; filename*=UTF-8''Tests%20lingettes%20coca%C3%AFne%20%28%C3%A9pisode%206%29.avif
content-length: 64512
x-request-id: 70fb855e-bf22-4bcb-a1d2-38067038fe8c
x-runtime: 0.155256
server: keycdn
etag: W/"a44b122d948f24b678e4ca1034f7c24e"
x-frame-options: SAMEORIGIN
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/photos/a1dbea49-38e2-441c-a312-3bcc9f9c6b20/medium.avif>; rel="canonical"
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 medium.avif
heidi-17455.kxcdn.com/photos/953cf30e-a255-473b-974a-085bb606e0d7/ 52 KB
52 KB 55ms
55ms Image
image/avif 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://heidi-17455.kxcdn.com/photos/953cf30e-a255-473b-974a-085bb606e0d7/medium.avif

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),

Reverse DNS

Software

keycdn / Phusion Passenger(R) 6.0.17

Resource Hash

440ba81adf837c71a035090b12834fb92af7b8e9a89f4c947c5d7d2f5f370c68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-edge-location: defr
x-powered-by: Phusion Passenger(R) 6.0.17
x-cache: HIT
content-transfer-encoding: binary
content-disposition: inline; filename="Liban ecole du chaos_vert_mod.avif"; filename*=UTF-8''Liban%20%C3%A9cole%20du%20chaos_vert_mod.avif
content-length: 53034
x-request-id: 5ea423a4-cc80-4e78-a4dd-b6949f6a2a39
x-runtime: 0.224537
server: keycdn
etag: W/"440ba81adf837c71a035090b12834fb9"
x-frame-options: SAMEORIGIN
content-type: image/avif
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <https://www.heidi.news/photos/953cf30e-a255-473b-974a-085bb606e0d7/medium.avif>; rel="canonical"
expires: Tue, 26 Mar 2024 09:02:49 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 37BD 869 B
658 B 173ms
125ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=3874cfad8c378b0e39b8b87f654b59d96f501b06

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.heidi.news

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-response-time: 104
date: Tue, 19 Mar 2024 09:02:49 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Tue, 19 Mar 2024 09:02:50 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 84c9be1faa6a7347
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7469935968
x-connection-hash: 972dec5e6995b19f2ef0006157f6c3ceeaedf8000225bb86296c57e4fc8be4da
content-length: 337

GET
H2 200 modules.a832f5d8f24964da1f4a.js Show response
script.hotjar.com/ 220 KB
55 KB 92ms
25ms Script
application/javascript 13.32.27.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.a832f5d8f24964da1f4a.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2396958.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-107.fra56.r.cloudfront.net

Software

Resource Hash

a25146c544ae821d97ac637e817dae3f4985b7e991d7354cf1d21561a8dfc630

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 17:22:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 a4af9b42c2ec29f616825af32712c204.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 315644
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55518
last-modified: Fri, 15 Mar 2024 17:21:16 GMT
etag: "8bd905e445d19a6e7c5adc15919ba59b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: aJ7dEjUqIaoqWbwZKAlccM8VsijlAf_4XKT9CDVxZU5QvLk9e37DFg==

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
258 B 190ms
45ms Image
image/gif 63.34.81.234
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1710838970084&plid=61516868&idsite=heidi.news&url=https%3A%2F%2Fwww.heidi.news%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22plan%22%3A%22anonyme%22%7D&sid=1&surl=https%3A%2F%2Fwww.heidi.news%2F&sref=&sts=1710838970081&slts=0&title=Heidi.news&date=Tue+Mar+19+2024+10%3A02%3A50+GMT%2B0100+(Central+European+Standard+Time)&action=pageview&pvid=60674790&u=pid%3D0d93cc49e52a8a2cbfcace4c5e135859
Requested by: Host: www.heidi.news
URL: https://www.heidi.news/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.81.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-81-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date: Tue, 19 Mar 2024 09:02:50 GMT
Cache-Control: no-cache
Last-Modified: Tuesday, 19-Mar-2024 09:02:50 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 sdk.63d827159775fd219ae26e3aa4c6198b71dcc50d.js Show response
sdk.privacy-center.org/sdk/63d827159775fd219ae26e3aa4c6198b71dcc50d/modern/ 339 KB
95 KB 35ms
34ms Script
application/javascript 2600:9000:225b:c000:5:b7cc:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.privacy-center.org/sdk/63d827159775fd219ae26e3aa4c6198b71dcc50d/modern/sdk.63d827159775fd219ae26e3aa4c6198b71dcc50d.js
Requested by: Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/9899fcc5-cb95-4338-bf4d-b1ff05675c7a/loader.js?target_type=notice&target=9QHe9zgB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:c000:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 22f32f3d1a8da0e01cb4a366ea2fab89f0c6558923c2920b645528b7ddc2550f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 15:42:25 GMT
content-encoding: gzip
via: 1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
last-modified: Fri, 15 Mar 2024 15:41:37 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P1
age: 321626
etag: W/"ebc66c73dd757e69c2435d5cd850a416-1"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: HfIBdLsjDwY_wHAjZqi4g_ZQsGAuRwf82-FPiS_ItwkA7LBMzDOl5g==

GET
H2 200 650545972298267 Show response
connect.facebook.net/signals/config/ 54 KB
11 KB 82ms
82ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/650545972298267?v=2.9.150&r=stable&domain=www.heidi.news&hme=8b8eb2472f555e54a8b57f2b720f9bd3b1bc6aed031525376dd772ba51107995&ex_m=63%2C107%2C95%2C99%2C54%2C3%2C89%2C62%2C14%2C87%2C80%2C45%2C47%2C153%2C156%2C167%2C163%2C164%2C166%2C26%2C90%2C46%2C69%2C165%2C148%2C151%2C160%2C161%2C168%2C116%2C13%2C44%2C172%2C171%2C118%2C16%2C30%2C33%2C1%2C37%2C58%2C59%2C60%2C64%2C84%2C15%2C12%2C86%2C83%2C82%2C96%2C98%2C32%2C97%2C27%2C23%2C149%2C152%2C125%2C25%2C9%2C10%2C11%2C5%2C6%2C22%2C19%2C20%2C50%2C55%2C57%2C67%2C91%2C24%2C68%2C8%2C7%2C72%2C42%2C18%2C93%2C92%2C17%2C74%2C79%2C41%2C40%2C78%2C34%2C36%2C77%2C49%2C75%2C29%2C38%2C66%2C0%2C85%2C4%2C81%2C73%2C76%2C2%2C31%2C56%2C35%2C94%2C39%2C71%2C61%2C100%2C53%2C52%2C28%2C88%2C51%2C48%2C43%2C70%2C65%2C21%2C101

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9bf221455d28ddbefe2f56aee88bd23cf00e67d4e6f4ad9ea17695798a83a42a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 19 Mar 2024 09:02:50 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=62, mss=1320, tbw=62789, tp=-1, tpl=-1, uplat=60, ullat=0
pragma: public
x-fb-debug: WkQfX4w3vFII08iS5tEOBrx7VGFK9zjHjigQu3yOPuNLrZfCQdf3lD7+bDvaDPr937vb6m+cWKqFmvvnGolZAA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 t.js Show response
l.heidi.news/ 0
182 B 37ms
36ms Script
application/javascript 35.227.233.185
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.heidi.news/t.js
Requested by: Host: l.heidi.news
URL: https://l.heidi.news/sdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.233.185 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 185.233.227.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:50 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Accept-Encoding
content-type: application/javascript

GET
H3 200 ui-gdpr-fr-web.63d827159775fd219ae26e3aa4c6198b71dcc50d.js Show response
sdk.privacy-center.org/sdk/63d827159775fd219ae26e3aa4c6198b71dcc50d/modern/ 275 KB
56 KB 29ms
29ms Script
application/javascript 2600:9000:225b:c000:5:b7cc:d3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.privacy-center.org/sdk/63d827159775fd219ae26e3aa4c6198b71dcc50d/modern/ui-gdpr-fr-web.63d827159775fd219ae26e3aa4c6198b71dcc50d.js
Requested by: Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/sdk/63d827159775fd219ae26e3aa4c6198b71dcc50d/modern/sdk.63d827159775fd219ae26e3aa4c6198b71dcc50d.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:225b:c000:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0bc415b37245ad2fe5b9a2b19655dd8b7415abded71c0a613566180689893f1f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 15:43:15 GMT
content-encoding: br
via: 1.1 3ddbbcaacc1ba68ddfab04ef45c3ca98.cloudfront.net (CloudFront)
last-modified: Fri, 15 Mar 2024 15:41:40 GMT
server: AmazonS3
age: 321576
x-amz-cf-pop: MUC50-P1
etag: W/"82d0781243e628b8bfd20fbffbf46e97-1"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: g_KwB611cCbpHvslO0LZrj0Iw9mfVEiY3wrmN56PYk4meUoNGzzkAA==

GET
H3 200 pv.js Show response
l.heidi.news/ 0
35 B 39ms
39ms Script
application/javascript 35.227.233.185
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.heidi.news/pv.js?s=1&b=BNLI-1419&u=https%3A%2F%2Fwww.heidi.news%2F
Requested by: Host: l.heidi.news
URL: https://l.heidi.news/sdk.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.233.185 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 185.233.227.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 09:02:50 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 73ms
21ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=650545972298267&ev=PageView&dl=https%3A%2F%2Fwww.heidi.news%2F&rl=&if=false&ts=1710838970252&sw=1600&sh=1200&v=2.9.150&r=stable&ec=0&o=4126&fbp=fb.1.1710838970251.1479756467&ler=empty&cdl=API_unavailable&it=1710838970102&coo=false&rqm=GET

Requested by

Host: www.heidi.news
URL: https://www.heidi.news/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=10, mss=1320, tbw=2766, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 19 Mar 2024 09:02:50 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 429 csp-violation-report
www.heidi.news/ 12 B
247 B 31ms
31ms Other
text/plain 185.54.7.127
SAFEHOSTNET Coloc...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heidi.news/csp-violation-report

Requested by

Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/sdk/63d827159775fd219ae26e3aa4c6198b71dcc50d/modern/ui-gdpr-fr-web.63d827159775fd219ae26e3aa4c6198b71dcc50d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.54.7.127 , Switzerland, ASN21217 (SAFEHOSTNET Colocation center in Geneva, CH),

Reverse DNS

Software

nginx / Phusion Passenger(R) 6.0.17

Resource Hash

b8d6a6c2b22b2fc3df71f858c75b65a19914fdc6d0ca37e78a6017f1c5c62689

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.heidi.news/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/csp-report

Response headers

x-runtime: 0.009201
date: Tue, 19 Mar 2024 09:02:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains
server: nginx
x-powered-by: Phusion Passenger(R) 6.0.17
content-type: text/plain
status: 429 Too Many Requests
cache-control: no-cache
x-request-id: da60603d-64dd-4ce4-a1c5-75f5fb2a1fd5

POST
H2 429 csp-violation-report
www.heidi.news/ 12 B
256 B 41ms
41ms Other
text/plain 185.54.7.127
SAFEHOSTNET Coloc...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heidi.news/csp-violation-report

Requested by

Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/sdk/63d827159775fd219ae26e3aa4c6198b71dcc50d/modern/ui-gdpr-fr-web.63d827159775fd219ae26e3aa4c6198b71dcc50d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.54.7.127 , Switzerland, ASN21217 (SAFEHOSTNET Colocation center in Geneva, CH),

Reverse DNS

Software

nginx / Phusion Passenger(R) 6.0.17

Resource Hash

b8d6a6c2b22b2fc3df71f858c75b65a19914fdc6d0ca37e78a6017f1c5c62689

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.heidi.news/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/csp-report

Response headers

x-runtime: 0.019154
date: Tue, 19 Mar 2024 09:02:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains
server: nginx
x-powered-by: Phusion Passenger(R) 6.0.17
content-type: text/plain
status: 429 Too Many Requests
cache-control: no-cache
x-request-id: cbf9e102-d51b-44c6-ad0f-931aaf73cdd8

GET
H2 200 piano-analytics.js Show response
tag.aticdn.net/ 80 KB
25 KB 24ms
24ms Script
application/javascript 18.66.147.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.aticdn.net/piano-analytics.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-92.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 90c09737de57f875d3cfd230a22cba09a1bc91c79207338cd38fc87ba228347c

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.heidi.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id: deC5Ww..GyNyxvlPPTywFLYBKM8MjZCm
content-encoding: gzip
via: 1.1 544049d1dc4d534822b40b9f9c7529da.cloudfront.net (CloudFront)
date: Tue, 19 Mar 2024 08:58:31 GMT
x-amz-cf-pop: FRA60-P4
age: 261
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Tue, 12 Mar 2024 08:37:42 GMT
server: AmazonS3
etag: W/"ba7882ea24dbaee42adce610b8eed25b"
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
x-amz-cf-id: dLs9DOewhKhDnexFjoGxwaj0nZjJTZpp8wrpC-huHMu-vrI67pZ6LA==

POST
H2 429 csp-violation-report
www.heidi.news/ 12 B
256 B 53ms
53ms Other
text/plain 185.54.7.127
SAFEHOSTNET Coloc...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.heidi.news/csp-violation-report

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.54.7.127 , Switzerland, ASN21217 (SAFEHOSTNET Colocation center in Geneva, CH),

Reverse DNS

Software

nginx / Phusion Passenger(R) 6.0.17

Resource Hash

b8d6a6c2b22b2fc3df71f858c75b65a19914fdc6d0ca37e78a6017f1c5c62689

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.heidi.news/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/csp-report

Response headers

x-runtime: 0.009495
date: Tue, 19 Mar 2024 09:02:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains
server: nginx
x-powered-by: Phusion Passenger(R) 6.0.17
content-type: text/plain
status: 429 Too Many Requests
cache-control: no-cache
x-request-id: 2395ff65-7c23-4030-8b14-3cdec4d309c0

POST
H2 204 event
logs1412.xiti.com/ 0
326 B 90ms
22ms Ping
text/plain 65.9.68.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://logs1412.xiti.com/event?s=628827&idclient=lty5clw5b6qjgevn

Requested by

Host: tag.aticdn.net
URL: https://tag.aticdn.net/piano-analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.68.209 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-68-209.fra56.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.heidi.news/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 19 Mar 2024 09:02:50 GMT
strict-transport-security: max-age=15768000
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
access-control-max-age: 600
x-cache: Miss from cloudfront
access-control-allow-origin: https://www.heidi.news
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-id: GEhpa9pMR8eaal7up6sStQ2-HL80RzY5LrRHV4ty5Ra9a-AIR972sw==

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
heidi.news/	1969-12-31 23:59:59	Name: SRVGROUP Value: common
www.heidi.news/	1969-12-31 23:59:59	Name: SRVGROUP Value: common
.heidi.news/	1970-01-20 21:23:34	Name: _gcl_au Value: 1.1.264150452.1710838970
www.heidi.news/	1970-01-21 04:42:46	Name: pa_privacy Value: %22optin%22
.heidi.news/	1970-01-20 19:14:00	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://www.heidi.news/%22%2C%22sref%22:%22%22%2C%22sts%22:1710838970081%2C%22slts%22:0}
.heidi.news/	1970-01-21 04:43:22	Name: _parsely_visitor Value: {%22id%22:%22pid=0d93cc49e52a8a2cbfcace4c5e135859%22%2C%22session_count%22:1%2C%22last_session_ts%22:1710838970081}
.heidi.news/	1970-01-21 04:42:46	Name: nli Value: 0445b321-627d-d2ee-a484-b590c7b9b148
.heidi.news/	1970-01-20 23:37:26	Name: didomi_token Value: eyJ1c2VyX2lkIjoiMThlNTVmMmYtNzRkMS02YjFhLTlhOGMtYjRjMjAyODk4N2UwIiwiY3JlYXRlZCI6IjIwMjQtMDMtMTlUMDk6MDI6NTAuMTg5WiIsInVwZGF0ZWQiOiIyMDI0LTAzLTE5VDA5OjAyOjUwLjE4OVoiLCJ2ZXJzaW9uIjpudWxsfQ==
.heidi.news/	1970-01-21 03:59:34	Name: _hjSessionUser_2396958 Value: eyJpZCI6IjFiN2NjMjhjLTE5ZTItNTBjMS1hOThmLTFjZDM3NjFiYzg2MyIsImNyZWF0ZWQiOjE3MTA4Mzg5NzAyMTcsImV4aXN0aW5nIjpmYWxzZX0=
.heidi.news/	1970-01-20 19:14:00	Name: _hjSession_2396958 Value: eyJpZCI6IjQyMmQyNTY1LTVhMTgtNDNjYS1hNTg2LTk2ZmVkYTU1MzVmZSIsImMiOjE3MTA4Mzg5NzAyMTgsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.heidi.news/	1970-01-20 21:23:34	Name: _fbp Value: fb.1.1710838970251.1479756467
www.heidi.news/	1970-01-21 04:42:43	Name: _pcid Value: %7B%22browserId%22%3A%22lty5clw5b6qjgevn%22%2C%22_t%22%3A%22m9mi4xo8%7Clty5cm48%22%7D
www.heidi.news/	1970-01-21 04:42:43	Name: _pctx Value: %7Bu%7DN4IgrgzgpgThIC4B2YA2qA05owMoBcBDfSREQpAeyRCwgEt8oBJAE0RXSwH18yBbAJz96AFgAelQQB9U%2BAJ4BWAMb9RgkAF8gA
www.heidi.news/	1969-12-31 23:59:59	Name: _heidi_session Value: %2BtuuFMCnZ1V7SDfHimVtHCgAjUIYO0H7fWYCQduskqaaBIxyirSQscVuZsooGtqIOCFAdwIKk9JxchY5S%2FihSkGLhINvJwrXMXEUqgPQnXKlxVbBJ1QBL9b65mM%2F6vW%2Fb4pu95O8R63gZ%2FFYJSudzQ0jHl97gn7IEhROQfydZl4Y9qQsFCmpebsrrjteU6Gwjt%2B4y9vMndjOcYnhV%2BxRmU5pZo%2FNHdxEhiBBcOSl0WoyI6VJBmvOc7oKGYhVW3lCqZdSs1IO0p8JRFrkvZYPPkInK6cdfIhBxGTAUepKr4FyEdZ%2Bs%2B0n--wozkJYECmKnl%2B9di--28EgMKOzYp6xgZOBEq7q1w%3D%3D

25 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.heidi.news/(Line 345) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-l0lKiHNZHlmC507SMYmawdYz9nNIxR/0FN+OnfpqLpU='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.heidi.news/(Line 861) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-DVv1Jy4J/wjxauWbRL6bAT4fgqUJrDRBv1RBhq37LVI='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
security	error	URL: https://www.heidi.news/(Line 867) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-tByVzLsegPpVpWnviyT18NFKNdQSZVO3j8LnmUFt/kM='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.heidi.news/(Line 1080) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-l0lKiHNZHlmC507SMYmawdYz9nNIxR/0FN+OnfpqLpU='), or a nonce ('nonce-...') is required to enable inline execution.
network	error	URL: https://www.heidi.news/csp-violation-report Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://www.heidi.news/csp-violation-report Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://www.heidi.news/csp-violation-report Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://www.heidi.news/csp-violation-report Message: Failed to load resource: the server responded with a status of 429 ()
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86(Line 642) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-CNghE3QGS/fKfKcxRqeW2/W/NmC1SbF4PGnGwggu5bE='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86(Line 642) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-VayC2T/2gZdPQ61QWj8pwtluq6Po+jV9P+ynfjLpTuI='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86(Line 642) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-jucgqRWyX8W8IRYJ3PRLW/v8RV5ObvkqTi9XUraMOYU='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86(Line 642) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-ZdDTEfl8xrGn7iZ/2mMDizDIe6JRmep2vz9STHJi4Zs='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86(Line 642) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-FGP/erHosxu3lLAqYOBvPoiBJ1xlXbMQuVAvsle7I50='), or a nonce ('nonce-...') is required to enable inline execution.
network	error	URL: https://www.heidi.news/csp-violation-report Message: Failed to load resource: the server responded with a status of 429 ()
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86(Line 642) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-XKkCSOSicX6JgupdHsiLH/9+ZbyeBNSVGU4Zpg6At9c='), or a nonce ('nonce-...') is required to enable inline execution.
other	warning	URL: https://connect.facebook.net/signals/config/650545972298267?v=2.9.150&r=stable&domain=www.heidi.news&hme=8b8eb2472f555e54a8b57f2b720f9bd3b1bc6aed031525376dd772ba51107995&ex_m=63%2C107%2C95%2C99%2C54%2C3%2C89%2C62%2C14%2C87%2C80%2C45%2C47%2C153%2C156%2C167%2C163%2C164%2C166%2C26%2C90%2C46%2C69%2C165%2C148%2C151%2C160%2C161%2C168%2C116%2C13%2C44%2C172%2C171%2C118%2C16%2C30%2C33%2C1%2C37%2C58%2C59%2C60%2C64%2C84%2C15%2C12%2C86%2C83%2C82%2C96%2C98%2C32%2C97%2C27%2C23%2C149%2C152%2C125%2C25%2C9%2C10%2C11%2C5%2C6%2C22%2C19%2C20%2C50%2C55%2C57%2C67%2C91%2C24%2C68%2C8%2C7%2C72%2C42%2C18%2C93%2C92%2C17%2C74%2C79%2C41%2C40%2C78%2C34%2C36%2C77%2C49%2C75%2C29%2C38%2C66%2C0%2C85%2C4%2C81%2C73%2C76%2C2%2C31%2C56%2C35%2C94%2C39%2C71%2C61%2C100%2C53%2C52%2C28%2C88%2C51%2C48%2C43%2C70%2C65%2C21%2C101(Line 97) Message: Unrecognized feature: 'attribution-reporting'.
security	error	URL: https://sdk.privacy-center.org/sdk/63d827159775fd219ae26e3aa4c6198b71dcc50d/modern/ui-gdpr-fr-web.63d827159775fd219ae26e3aa4c6198b71dcc50d.js(Line 1) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-w2BCkdLPfmI4dfdZL1sRUkYXX32x7XrA+ZMd7MmEZJY='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://sdk.privacy-center.org/sdk/63d827159775fd219ae26e3aa4c6198b71dcc50d/modern/ui-gdpr-fr-web.63d827159775fd219ae26e3aa4c6198b71dcc50d.js(Line 1) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-9LDX5kzHhbuEEI0kVl+8A8drDuMj3Lj9fMS7oyQmzc4='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://sdk.privacy-center.org/sdk/63d827159775fd219ae26e3aa4c6198b71dcc50d/modern/ui-gdpr-fr-web.63d827159775fd219ae26e3aa4c6198b71dcc50d.js(Line 1) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-GVgwAYYV9TBe4Hsgf+Toyt5MCk3+efWJmxcIJkX8dMg='), or a nonce ('nonce-...') is required to enable inline execution.
network	error	URL: https://www.heidi.news/csp-violation-report Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://www.heidi.news/csp-violation-report Message: Failed to load resource: the server responded with a status of 429 ()
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86(Line 642) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-XKkCSOSicX6JgupdHsiLH/9+ZbyeBNSVGU4Zpg6At9c='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86(Line 4) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='".
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-KFWJM86(Line 642) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https: 'nonce-XIDAlpCacIcEO/nNUJ61ZA=='". Either the 'unsafe-inline' keyword, a hash ('sha256-nJf2fbts3wGvm9hY5opqEgIi9Tqf5E93MHFwqddbpuQ='), or a nonce ('nonce-...') is required to enable inline execution.
network	error	URL: https://www.heidi.news/csp-violation-report Message: Failed to load resource: the server responded with a status of 429 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.parsely.com
connect.facebook.net
heidi-17455.kxcdn.com
heidi.news
l.heidi.news
logs1412.xiti.com
p1.parsely.com
platform.twitter.com
script.hotjar.com
sdk.privacy-center.org
static.hotjar.com
syndication.twitter.com
tag.aticdn.net
www.facebook.com
www.googletagmanager.com
www.heidi.news
104.244.42.200
108.138.7.27
13.32.27.107
18.66.147.92
185.54.7.127
2600:9000:225b:c000:5:b7cc:d3c0:93a1
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:812::2008
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a0b:4d07:102::1
3.161.77.50
35.227.233.185
63.34.81.234
65.9.68.209
090a9775587df25a98f33aee84f763b4dd13fb6d26f6b0c2450f79c99472e5cb
0bc415b37245ad2fe5b9a2b19655dd8b7415abded71c0a613566180689893f1f
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1f03b3082883c94de09ea4c0b38092a45f2f7ca60c14889818a3e19057da34b8
2227a1dfd9db9f9c28e2c2cb133a09faa3fc6ee0d92466342fb99763ad40c850
22f32f3d1a8da0e01cb4a366ea2fab89f0c6558923c2920b645528b7ddc2550f
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
3043c2aada437268bbab22de9757b017941c28cdd99c9fd06c2e5490079dca69
37fed1e9c81e2383b6dd56ac3f15ec06d3d1a0e92ebf09ce1748c29f15e5b567
3c0530efbe342f9f964d2c5b2f4030f559d695d07102bde1e6b020133f848c29
3f6021719ee34417752eccfc09ae0f08b5ae5cbf9e1f4be8223f70a2b49e6977
440ba81adf837c71a035090b12834fb92af7b8e9a89f4c947c5d7d2f5f370c68
48cad3a861be733d41d488f63b22c22e4d94c16fe550db0fe4e977fadf532a1a
4e049bbdc40b8d2e87194216781b7ad54cdb528be6686225e510468c056facb0
60827ed277197a683bace869b702a242eb317923bfc3fccc8d9df32679f07a87
691a5064b609248671ba348e35ba0b9c868e2be039e6d90ffdecdab0a9ca2605
6f5a5dd90138b63e962f7ee57a875bb02cb1a8d2d38512dcabf24a5238a1f2f3
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
770f069d3bf7166c57a6de8cbc03f076e12c315b844acd3119acc581518de1a5
89b6e9db9d3ccde0fea8e38e07f767d6bb1b820972aecd4a3c0217fdc6a4dadb
90c09737de57f875d3cfd230a22cba09a1bc91c79207338cd38fc87ba228347c
9bf221455d28ddbefe2f56aee88bd23cf00e67d4e6f4ad9ea17695798a83a42a
a25146c544ae821d97ac637e817dae3f4985b7e991d7354cf1d21561a8dfc630
a44b122d948f24b678e4ca1034f7c24e75b17cb30ce509fedf1760ad4cc3cc21
abe9d1810398721b42c3b37e54b07a3fb3c3ff36ecbfe06b88cba79961d210e4
ac9fa38dbc51ab81dd3b3f6689c9f5d5eac113bd04f817be45c9f417e0d5f6e1
b8d6a6c2b22b2fc3df71f858c75b65a19914fdc6d0ca37e78a6017f1c5c62689
c53a5dc09328b0f75a94f5a15223fc40f4f2612c5abc9d35a4f23df36432b3ec
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3a86ddbad660c28e45b2952f639757ec9014f82adbf6844eebb459396be5726
db154999955478eb3c2ba66fde7e5b44dc0813683a2ca0d4a05a1d7709178872
e2e024c3f56f84d3f84ec7e1d966b2806639ce0bd189ef2da0c0052924316428
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
efa48accb3f2208f5e911b74559cfe2c5a698329431b28e0b7871c3f59286a21
f9bc132980c62433dfd76631f5a602fd1bf318141d67ebb6b70b4d3cc92555b0
fe19f0994452357341325573a10a7eab07030f1b417dfdcdd5dba316cfa9f3e0

www.heidi.news Open in urlscan Pro 185.54.7.127 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

47 Requests

100 %HTTPS

40 %IPv6

11 Domains

16 Subdomains

15 IPs

4 Countries

1183 kBTransfer

2980 kBSize

14 Cookies

13 Outgoing links

Page URL History

Redirected requests

47 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.heidi.news Open in urlscan Pro
185.54.7.127 Public Scan

Screenshot
Live screenshot

Full Image

47
Requests

100 %
HTTPS

40 %
IPv6

11
Domains

16
Subdomains

15
IPs

4
Countries

1183 kB
Transfer

2980 kB
Size

14
Cookies

47 HTTP transactions
0 data transactions